Search code examples
jmsjaasactivemq-artemis

User does not have permission=SEND with custom JAAS module in Artemis 2.10.1

I am using custom JAAS module with required configuration changes in login.config, artemis.profile and broker.xml.

login.config:

activemq { test.JaasLoginModule required debug=false; };

JaasLoginModule.java:

    public boolean commit() throws LoginException {
        if (succeeded) {
            principals.add(new UserPrincipal("test_user"));
            principals.add(new RolePrincipal("amq"));//setting the role
            subject.getPrincipals().addAll(principals);
        }
        return succeeded;
    }
    public boolean login() throws LoginException {
     //Here I am returning true with the hardcoded user details
    }
}

artemis.profile:

JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=test.RolePrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"

broker.xml:

<security-settings>
   <security-setting match="#">
      <permission roles="amq" type="createAddress"/>
      <permission roles="amq" type="send"/>
   </security-setting>
</security-settings>

Here is the client code:

Properties p = new Properties();
p.put("java.naming.factory.initial", "org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory");
p.put("connectionFactory.ConnectionFactory", "tcp://localhost:61616");
p.put("queue.queue/testQueue", "testQueue");
initialContext = new InitialContext(p);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
connection = cf.createConnection("test_user", "Test#123");
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer producer = session.createProducer(queue);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
TextMessage message = session.createTextMessage("This is a text message");
producer.send(message);

I am getting below error :

Exception in thread "main" javax.jms.JMSSecurityException: AMQ229032: User:**** does not have permission='SEND' on address testQueue
Solution

  • Issue resolved. My custom JAAS module loaded into artemis and able to authenticate and authorize client for messaging. The reason my module was not working is because I was using my custom RolePrincipal class in the JAAS module:

    -Dhawtio.rolePrincipalClasses=test.UserPrincipal

    If I use the one from Artemis API, it works fine.

    -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal

    artemis.profile:

    JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"