Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-9259

AMQ Broker secured with JAAS deny internal jolokia

XMLWordPrintable

      AMQ Broker secured with 
      java ... -Dhawtio.role=* -Djavax.management.builder.initial=org.apache.activemq.artemis.core.server.management.ArtemisRbacMBeanServerBuilder
       
      See

       

      JAAS deny internal jolokia calls do not have  an authenticated subject and error out with these ugly logs:

      AMQ601716: User anonymous@internal failed authentication on connection management, reason: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
      jolokia-agent: Error while using detector GeronimoDetector: java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
      java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
      at org.apache.activemq.artemis.core.server.management.ArtemisRbacInvocationHandler.securityCheck(ArtemisRbacInvocationHandler.java:207) ~[artemis-server-2.33.0.redhat-00010.jar:2.33.0.redhat-00010]
      at org.apache.activemq.artemis.core.server.management.ArtemisRbacInvocationHandler.invoke(ArtemisRbacInvocationHandler.java:71) ~[artemis-server-2.33.0.redhat-00010.jar:2.33.0.redhat-00010]
      at jdk.proxy2/jdk.proxy2.$Proxy29.queryNames(Unknown Source) ~[?:?]
      at org.jolokia.backend.executor.AbstractMBeanServerExecutor.queryNames(AbstractMBeanServerExecutor.java:113) ~[jolokia-core-1.7.1.redhat-00001.jar:?]
      at org.jolokia.detector.AbstractServerDetector.searchMBeans(AbstractServerDetector.java:46) ~[jolokia-core-1.7.1.redhat-00001.jar:?]
      at org.jolokia.detector.AbstractServerDetector.getSingleStringAttribute(AbstractServerDetector.java:124) ~[jolokia-core-1.7.1.redhat-00001.jar:?]
      at org.jolokia.detector.GeronimoDetector.detect(GeronimoDetector.java:32) ~[jolokia-core-1.7.1.redhat-00001.jar:?]
      at org.jolokia.backend.MBeanServerHandler.detectServers(MBeanServerHandler.java:291) [jolokia-core-1.7.1.redhat-00001.jar:?]
      

            gtully@redhat.com Gary Tully
            rhn-support-aboucham Abel Bouchama
            Mikhail Krutov Mikhail Krutov
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: