ActiveMQ security seems to be changed after installing hawtio

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ActiveMQ security seems to be changed after installing hawtio

catshout
I've installed a route called wmqbridge.xml to bridge between ActiveMQ and IBM WebSphere MQ. This works and I was able to deploy an additional route on to to send and receive files to/from a WMQ server. See below the routes ..

wmqbridge.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:osgix="http://www.springframework.org/schema/osgi-compendium"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:util="http://www.springframework.org/schema/util"
	xmlns:camel="http://camel.apache.org/schema/spring"
	xmlns:p="http://www.springframework.org/schema/p"
	xsi:schemaLocation="http://camel.apache.org/schema/spring 
						http://camel.apache.org/schema/spring/camel-spring.xsd
						http://www.springframework.org/schema/beans
						http://www.springframework.org/schema/beans/spring-beans.xsd
						http://www.springframework.org/schema/util 
						http://www.springframework.org/schema/util/spring-util-2.5.xsd
						http://www.springframework.org/schema/context
						http://www.springframework.org/schema/context/spring-context.xsd
						http://www.springframework.org/schema/osgi
						http://www.springframework.org/schema/osgi/spring-osgi.xsd
						http://www.springframework.org/schema/osgi-compendium
						http://www.springframework.org/schema/osgi-compendium/spring-osgi-compendium.xsd">

	<osgix:cm-properties id="cmProps" persistent-id="wmqbridge">
		<prop key="host">localhost</prop>
		<prop key="port">1414</prop>
		<prop key="queuemanager">QM</prop>
		<prop key="channel">SYSTEM.ADMIN.SVRCONN</prop>
	</osgix:cm-properties>

	<context:property-placeholder properties-ref="cmProps" />

	<bean id="redeliveryPolicyConfig" class="org.apache.camel.processor.RedeliveryPolicy">
		<property name="maximumRedeliveries" value="6" />
		<property name="redeliveryDelay" value="10000" />
	</bean>

	<bean id="deadLetterErrorHandler" class="org.apache.camel.builder.DeadLetterChannelBuilder">
		<property name="deadLetterUri" value="activemq:queue:AMQ.DLQ" />
		<property name="redeliveryPolicy" ref="redeliveryPolicyConfig" />
	</bean>

	<camel:camelContext id="wmqbridge">

		<camel:route id="AMQ2WMQ" errorHandlerRef="deadLetterErrorHandler">
			<camel:from uri="activemq:WMQ.OUT" />
			<camel:transacted />
			<camel:to uri="wmq:AMQ.IN" />
			<camel:log message="Route from ActiveMQ to WMQ executed" />
		</camel:route>

		<camel:route id="WMQ2AMQ" errorHandlerRef="deadLetterErrorHandler">
			<camel:from uri="wmq:AMQ.OUT" />
			<camel:transacted />
			<camel:to uri="activemq:WMQ.IN" />
			<camel:log message="Route from WMQ to ActiveMQ executed" />
		</camel:route>

	</camel:camelContext>

	<bean
		class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"
		p:staticMethod="com.ibm.mq.MQEnvironment.addConnectionPoolToken" />

	<bean id="wmq" class="org.apache.camel.component.jms.JmsComponent">
		<property name="connectionFactory">
			<bean class="com.ibm.mq.jms.MQQueueConnectionFactory">
				<osgix:managed-properties persistent-id="wmqbridge" update-strategy="container-managed" />
				<property name="transportType">
					<util:constant static-field="com.ibm.mq.jms.JMSC.MQJMS_TP_CLIENT_MQ_TCPIP" />
				</property>
				<property name="hostName" value="${hostname}" />
				<property name="port" value="${port}" />
				<property name="queueManager" value="${queuemanager}" />
				<property name="channel" value="${channel}" />
				<property name="useConnectionPooling" value="true" />
			</bean>
		</property>
	</bean>

</beans>

routes.xml

<?xml version="1.0" encoding="UTF-8"?>

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
						http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">

	<camelContext id="routes" xmlns="http://camel.apache.org/schema/blueprint">
		<route id="File2Store">
			<from uri="activemq:WMQ.IN" />
			<transacted />
			<to uri="file:/home/wbimb/camel/IN" />
			<log message="Route from ActiveMQ to store file system executed" />
		</route>

		<route id="File2Central">
			<from uri="file:/home/wbimb/camel/OUT" />
			<transacted />
			<to uri="activemq:WMQ.OUT" />
			<log message="Route from store file system to ActiveMQ executed" />
		</route>
	</camelContext>

</blueprint>

I've tested the execution an it works well.

Afterwards I've installed hawtio with the commands

feature:repo-add mvn:io.hawt/hawtio-karaf/1.4.51/xml/features
feature:install hawtio

After installed this the ActiveMQ security seems to be modified as the wmqbridge.xml does no longer work. I'm getting these messages ..

2015-07-16 11:38:06,209 | ERROR | onsumer[WMQ.OUT] | faultJmsMessageListenerContainer | 185 - org.apache.servicemix.bundles.spring-jms - 3.2.11.RELEASE_1 | Could not refresh JMS Connection for destination 'WMQ.OUT' - retrying in 5000 ms. Cause: User name [null] or password is invalid.
2015-07-16 11:38:06,212 | INFO  | /localhost:61616 | PooledConnectionFactory          | 156 - org.apache.activemq.activemq-osgi - 5.11.1 | Expiring connection ActiveMQConnection {id=ID:j90647.servers.jiffybox.net-58301-1437038718527-5:152,clientId=ID:j90647.servers.jiffybox.net-58301-1437038718527-4:152,started=false} on IOException: Force close due to SecurityException on connect
2015-07-16 11:38:08,209 | INFO  | q-broker] Task-1 | TransportConnection              | 156 - org.apache.activemq.activemq-osgi - 5.11.1 | Stopping tcp://127.0.0.1:35419 because Failed with SecurityException: User name [null] or password is invalid.
2015-07-16 11:38:11,213 | INFO  | ActiveMQ Task-1  | FailoverTransport                | 156 - org.apache.activemq.activemq-osgi - 5.11.1 | Successfully connected to tcp://localhost:61616
2015-07-16 11:38:11,218 | WARN  | .0.1:35420@61616 | TransportConnection              | 156 - org.apache.activemq.activemq-osgi - 5.11.1 | Failed to add Connection ID:j90647.servers.jiffybox.net-58301-1437038718527-5:153
java.lang.SecurityException: User name [null] or password is invalid.
        at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:80)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:102)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:809)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:79)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:334)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:188)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:270)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:214)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:196)[156:org.apache.activemq.activemq-osgi:5.11.1]
        at java.lang.Thread.run(Thread.java:724)[:1.7.0_40]
Caused by: javax.security.auth.login.LoginException: Username can not be null
        at org.apache.karaf.jaas.modules.properties.PropertiesLoginModule.login(PropertiesLoginModule.java:92)
        at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
        at sun.reflect.GeneratedMethodAccessor31.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.7.0_40]
        at java.lang.reflect.Method.invoke(Method.java:606)[:1.7.0_40]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)[:1.7.0_40]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)[:1.7.0_40]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)[:1.7.0_40]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)[:1.7.0_40]
        at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_40]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)[:1.7.0_40]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:594)[:1.7.0_40]
        at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:73)[156:org.apache.activemq.activemq-osgi:5.11.1]
        ... 13 more
2015-07-16 11:38:11,221 | WARN  | .0.1:35420@61616 | Service                          | 156 - org.apache.activemq.activemq-osgi - 5.11.1 | Security Error occurred: User name [null] or password is invalid.

Does anyone have a hint how to

1. reset the ActiveMQ security as prior the hawtio installation - or -
2. leverage the changes within the route?

P.S. After uninstalling the hawtio feature the ActiveMQ security works as before and the routes can be executed.

Best
- Gerald
Reply | Threaded
Open this post in threaded view
|

Re: ActiveMQ security seems to be changed after installing hawtio

Morgan Hautman
Hi,

This seems to be an hawt.io related problem.
hawt.io is a product of Redhat and questions/issues about it should be
asked here: https://github.com/hawtio/hawtio/issues?q=is%3Aopen

PS: Take a look at Apache Karaf Decanter (version 1 coming soon)

Regards,
Morgan

On 16/07/2015 11:52, catshout wrote:

> I've installed a route called wmqbridge.xml to bridge between ActiveMQ and
> IBM WebSphere MQ. This works and I was able to deploy an additional route on
> to to send and receive files to/from a WMQ server. See below the routes ..
>
> *wmqbridge.xml*
>
>
>
> *routes.xml*
>
>
>
> I've tested the execution an it works well.
>
> Afterwards I've installed hawtio with the commands
>
>
>
> After installed this the ActiveMQ security seems to be modified as the
> wmqbridge.xml does no longer work. I'm getting these messages ..
>
>
>
> Does anyone have a hint how to
>
> 1. reset the ActiveMQ security as prior the hawtio installation - or -
> 2. leverage the changes within the route?
>
> P.S. After uninstalling the hawtio feature the ActiveMQ security works as
> before and the routes can be executed.
>
> Best
> - Gerald
>
>
>
> --
> View this message in context: http://servicemix.396122.n5.nabble.com/ActiveMQ-security-seems-to-be-changed-after-installing-hawtio-tp5722823.html
> Sent from the ServiceMix - User mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: ActiveMQ security seems to be changed after installing hawtio

catshout
Thanks for the reply.

Was trying again with hawtio 4.5.2. With that version the issue no longer occurs.

PS: Take a look at Apache Karaf Decanter (version 1 coming soon)
I've given that a try, but after installing even the kibana console, how to reach the URL? The documentation doesn't provide a lot at the moment ..

And .. following this http://karaf.apache.org/index/subprojects/decanter.html

the installation of

http://karaf.apache.org/index/subprojects/decanter.html
feature:install decanter-appender-jdbc

failed as these features couldn't be found.

Best
- Gerald