[#MB-824] When two loging modules configured, one succeeds, one fails but both are adding their principals

FUSE Message Broker

When two loging modules configured, one succeeds, one fails but both are adding their principals

Created: 16/Feb/11 06:13 PM Updated: 18/Feb/11 04:42 PM

Component/s:

None

Affects Version/s:

5.4.2-fuse-01-00

Fix Version/s:

5.4.2-fuse-02-00

File Attachments:

jaas-broker-guest.xml (3 kB)
2.

loginWithGuest.config (2 kB)
3.

XBeanSecurityWithGuestTest.java (5 kB)

External Issue URL:

https://issues.apache.org/jira/browse/AMQ-3182

Description

« Hide

When using the jaasDualAuthentication plug-in there are problems with the userid's. The properties files contain:

one "system" account in the "admins" group
one "user" account in the "consumers" group

What we would like to define as ACLs:

"admins" can do anything
only "consumers" can consume
anybody can send messages to any destination

The main problem with the login.config file above is that, if you supply "system" as login and anything as password (even an invalid password), the broker lets you in and treat you as the "system" user.

All

Comments

Change History

Sort Order:

[ Permlink | « Hide ]

Gary Tully added a comment - 16/Feb/11 06:53 PM

corresponding issues at apache:
https://issues.apache.org/jira/browse/AMQ-3182 - JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt
https://issues.apache.org/jira/browse/AMQ-3183 - Set JMSXUserID value based on authenticated principal

[ Permlink | « Hide ]

Gary Tully added a comment - 18/Feb/11 04:17 PM

fix committed to 5.4-fusesource branch. Will be in tonight's snapshot.