Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Major
Fix Version/s: None
Affects Version/s: AMQ 7.12.1.OPR.1.GA
Component/s: operator
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Affects:

User Experience
GSS Priority:
Workaround:

Workaround Exists
Workaround Description:

Hide

The following workaround has been suggested:

"Allowing the access to the attribute BrokerVersion of the bean org.apache.activemq:type=Broker,* should fix the error related to the ActiveMQDetector"

But I have tried to set it up on the ActiveMQArtemis security roles, without success.

None of the following security roles options worked

#securityRoles."mops.broker.getVersion".$BROKER_ADMIN_ROLE.view=true
#securityRoles."mops.broker.getVersion".$BROKER_READER_ROLE.view=true
#securityRoles."mops.org.apache.activemq:type=Broker,*".view=true

Show
The following workaround has been suggested: "Allowing the access to the attribute BrokerVersion of the bean org.apache.activemq:type=Broker,* should fix the error related to the ActiveMQDetector" But I have tried to set it up on the ActiveMQArtemis security roles, without success. None of the following security roles options worked #securityRoles."mops.broker.getVersion".$BROKER_ADMIN_ROLE.view=true #securityRoles."mops.broker.getVersion".$BROKER_READER_ROLE.view=true #securityRoles."mops.org.apache.activemq:type=Broker,*".view=true
Steps to Reproduce:

Hide

Check attached files

Show
Check attached files
Intelligence Requested:
Market:

Severity:
Important

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When using the new feature for management operations, described in the documentation, I see the following exceptions when starting the broker

2024-08-06 16:39:59,659 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
2024-08-06 16:39:59,659 WARN  [org.eclipse.jetty.server.handler.ContextHandler.console] jolokia-agent: Error while using detector GeronimoDetector: java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
....
2024-08-06 16:39:59,664 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
2024-08-06 16:39:59,664 WARN  [org.eclipse.jetty.server.handler.ContextHandler.console] jolokia-agent: Error while using detector JBossDetector: java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
...
2024-08-06 16:39:59,665 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
2024-08-06 16:39:59,665 WARN  [org.eclipse.jetty.server.handler.ContextHandler.console] jolokia-agent: Error while using detector ActiveMQDetector: java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
...
2024-08-06 16:39:59,666 WARN  [org.apache.activemq.artemis.core.server] AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
2024-08-06 16:39:59,666 WARN  [org.eclipse.jetty.server.handler.ContextHandler.console] jolokia-agent: Error while using detector TomcatDetector: java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
java.lang.SecurityException: AMQ229031: Unable to validate user from management. Username: null; SSL certificate subject DN: unavailable
    at org.apache.activemq.artemis.core.server.management.ArtemisRbacInvocationHandler.securityCheck(ArtemisRbacInvocationHandler.java:207) ~[artemis-server-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
    at org.apache.activemq.artemis.core.server.management.ArtemisRbacInvocationHandler.invoke(ArtemisRbacInvocationHandler.java:71) ~[artemis-server-2.33.0.redhat-00013.jar:2.33.0.redhat-00013]
    at jdk.proxy2/jdk.proxy2.$Proxy31.queryNames(Unknown Source) ~[?:?]
...

However, these exceptions are only seen during broker startup. The broker seems to be working as expected

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

JIRA-artemis-cr.yaml
3 kB
2024/08/06 5:51 PM
securityRoles.properties
1 kB
2024/08/06 5:51 PM

is duplicated by

ENTMQBR-9259 AMQ Broker secured with JAAS deny internal jolokia

Verified

links to

jolokia/jolokia#753 – Perform Jolokia initialization in priviledged action

Assignee:: Domenico Francesco Bruscino

Reporter:: Alfredo Narvaez

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/08/06 5:28 PM

Updated:: 2024/10/16 4:46 PM

Resolved:: 2024/09/02 12:26 PM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates