Description of problem: From Katello we'd like to connect to embedded Artemis with security enabled. Turning security-enabled mode on in broker.xml right now prevents Candlepin's internal listeners from connecting to Artemis. There is also no way for us to configure the security manager configuration due to the way the embedded broker is initialized. Basically what needs to change is in ArtemisContextListener.java to pass a configured SecurityManager to the broker: ActiveMQJAASSecurityManager ourSecurityManager = new ActiveMQJAASSecurityManager("PropertiesLogin", "CertLogin"); this.activeMQServer.setSecurityManager(ourSecurityManager); With this, we can specify the login.config ie -Djava.security.auth.login.config=login.config with the configurations for PropertiesLogin and CertLogin Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This is what shows up in candlepin.log when security-enables is set to true: 2020-03-02 18:47:07,259 [thread=Thread-1 (ActiveMQ-remoting-threads-ActiveMQServerImpl::serverUUID=cd004ce9-3bc0-11ea-8e7d-525400390078-1826811976)] [=, org=, csid=] WARN org.apache.activemq.artemis.core.server - AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate user from invm:0. Username: null; SSL certificate subject DN: unavailable 2020-03-02 18:47:07,262 [thread=localhost-startStop-1] [=, org=, csid=] ERROR org.candlepin.async.JobManager - Unexpected exception occurred during initialization org.candlepin.async.JobException: org.candlepin.messaging.CPMException: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user from invm:0. Username: null; SSL certificate subject DN: unavailable] at org.candlepin.async.JobMessageReceiver.initialize(JobMessageReceiver.java:269) at org.candlepin.async.JobManager.initialize(JobManager.java:422) at org.candlepin.guice.CandlepinContextListener.initializeSubsystems(CandlepinContextListener.java:213) at org.candlepin.guice.CandlepinContextListener.withInjector(CandlepinContextListener.java:151) at org.jboss.resteasy.plugins.guice.GuiceResteasyBootstrapServletContextListener.contextInitialized(GuiceResteasyBootstrapServletContextListener.java:59) at org.candlepin.guice.CandlepinContextListener.contextInitialized(CandlepinContextListener.java:144) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5118) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5634) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1260) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:2002) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.candlepin.messaging.CPMException: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user from invm:0. Username: null; SSL certificate subject DN: unavailable] at org.candlepin.messaging.impl.artemis.ArtemisSessionFactory.createSession(ArtemisSessionFactory.java:230) at org.candlepin.messaging.impl.artemis.ArtemisSessionFactory.createSession(ArtemisSessionFactory.java:41) at org.candlepin.async.JobMessageReceiver.createSession(JobMessageReceiver.java:171) at org.candlepin.async.JobMessageReceiver.initialize(JobMessageReceiver.java:258) ... 18 common frames omitted Caused by: org.apache.activemq.artemis.api.core.ActiveMQSecurityException: AMQ229031: Unable to validate user from invm:0. Username: null; SSL certificate subject DN: unavailable at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:464) at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:358) at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager.createSessionContext(ActiveMQClientProtocolManager.java:300) at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager.createSessionContext(ActiveMQClientProtocolManager.java:249) at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSessionChannel(ClientSessionFactoryImpl.java:1348) at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSessionInternal(ClientSessionFactoryImpl.java:673) at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createTransactedSession(ClientSessionFactoryImpl.java:315) at org.candlepin.messaging.impl.artemis.ArtemisSessionFactory$SessionManager.createClientSession(ArtemisSessionFactory.java:110) at org.candlepin.messaging.impl.artemis.ArtemisSessionFactory.createSession(ArtemisSessionFactory.java:225) ... 21 common frames omitted