Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-9335

When using new feature for management operations (mops), the broker shows some security exceptions, but only when starting

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • AMQ 7.12.1.OPR.1.GA
    • operator
    • None
    • False
    • None
    • False
    • User Experience
    • Workaround Exists
    • Hide

      The following workaround has been suggested:

      "Allowing the access to the attribute BrokerVersion  of the bean org.apache.activemq:type=Broker,*  should fix the error related to the ActiveMQDetector"

      But I have tried to set it up on the ActiveMQArtemis security roles, without success.

      None of the following security roles options worked

      #securityRoles."mops.broker.getVersion".$BROKER_ADMIN_ROLE.view=true
      #securityRoles."mops.broker.getVersion".$BROKER_READER_ROLE.view=true
      #securityRoles."mops.org.apache.activemq:type=Broker,*".view=true
       

      Show
      The following workaround has been suggested: "Allowing the access to the attribute  BrokerVersion   of the bean  org.apache.activemq:type=Broker,*   should fix the error related to the ActiveMQDetector" But I have tried to set it up on the ActiveMQArtemis security roles, without success. None of the following security roles options worked #securityRoles."mops.broker.getVersion".$BROKER_ADMIN_ROLE.view=true #securityRoles."mops.broker.getVersion".$BROKER_READER_ROLE.view=true #securityRoles."mops.org.apache.activemq:type=Broker,*".view=true  
    • Hide

      Check attached files

      Show
      Check attached files
    • Important

      When using the new feature for management operations, described in the documentation, I see the following exceptions when starting the broker

      2024-08-06 16:39:59,659 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
2024-08-06 16:39:59,659 WARN  [org.eclipse.jetty.server.handler.ContextHandler.console] jolokia-agent: Error while using detector GeronimoDetector: java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
....
2024-08-06 16:39:59,664 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
2024-08-06 16:39:59,664 WARN  [org.eclipse.jetty.server.handler.ContextHandler.console] jolokia-agent: Error while using detector JBossDetector: java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
...
2024-08-06 16:39:59,665 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
2024-08-06 16:39:59,665 WARN  [org.eclipse.jetty.server.handler.ContextHandler.console] jolokia-agent: Error while using detector ActiveMQDetector: java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
...
2024-08-06 16:39:59,666 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
2024-08-06 16:39:59,666 WARN  [org.eclipse.jetty.server.handler.ContextHandler.console] jolokia-agent: Error while using detector TomcatDetector: java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
    at org.apache.activemq.artemis.core.server.management.ArtemisRbacInvocationHandler.securityCheck(ArtemisRbacInvocationHandler.java:207) ~[artemis-server-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
    at org.apache.activemq.artemis.core.server.management.ArtemisRbacInvocationHandler.invoke(ArtemisRbacInvocationHandler.java:71) ~[artemis-server-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
    at jdk.proxy2/jdk.proxy2.$Proxy31.queryNames(Unknown Source) ~[?:?]
...

       

      However, these exceptions are only seen during broker startup. The broker seems to be working as expected

        1. JIRA-artemis-cr.yaml
          3 kB
        2. securityRoles.properties
          1 kB

              dbruscin Domenico Francesco Bruscino
              rhn-support-anarvaez Alfredo Narvaez
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: