AMQ-5.1.0 with security enabled: Use of environment variables in login.conf

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

AMQ-5.1.0 with security enabled: Use of environment variables in login.conf

angrywooper
Hi,
Im configuring jaasAuthenticationPlugin, but I have problem using an environment variable pointing to a dir outside the activemq installation where I've put users and groups.properties files.
I've followed the guide here.

The only modification I've done is in login.config where Im trying to use the env var:
activemq-domain {
    org.apache.activemq.jaas.PropertiesLoginModule required
        debug=true
        org.apache.activemq.jaas.properties.user="${SOME_ENV_VAR}/users.properties"
        org.apache.activemq.jaas.properties.group="${SOME_ENV_VAR}/groups.properties";
};

When I start AMQ I get the following exception:

WARN  TransportConnection            - Failed to add Connection
java.lang.SecurityException: User name or password is invalid.
        at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
        at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:81)
        at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88)
        at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662)
        at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
        at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
        at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292)
        at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180)
        at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
        at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143)
        at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206)
        at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
        at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196)
        at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183)
        at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.SecurityException: unable to expand property SOME_ENV_VAR
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
        at sun.reflect.GeneratedConstructorAccessor19.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:355)
        at java.lang.Class.newInstance(Class.java:308)
        at javax.security.auth.login.Configuration$3.run(Configuration.java:246)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:241)
        at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
        at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:75)
        ... 14 more
Caused by: java.io.IOException: unable to expand property SOME_ENV_VAR
        at com.sun.security.auth.login.ConfigFile.parseLoginEntry(ConfigFile.java:411)
        at com.sun.security.auth.login.ConfigFile.readConfig(ConfigFile.java:350)
        at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:262)
        at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:202)
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91)
        ... 27 more

Someone got a good tips why I get this exception?