{"id":6199,"date":"2014-04-13T22:39:02","date_gmt":"2014-04-13T22:39:02","guid":{"rendered":"https:\/\/unknownerror.org\/index.php\/2014\/04\/13\/activemq-access-secured-broker-from-webconsole-collection-of-common-programming-errors\/"},"modified":"2014-04-13T22:39:02","modified_gmt":"2014-04-13T22:39:02","slug":"activemq-access-secured-broker-from-webconsole-collection-of-common-programming-errors","status":"publish","type":"post","link":"https:\/\/unknownerror.org\/index.php\/2014\/04\/13\/activemq-access-secured-broker-from-webconsole-collection-of-common-programming-errors\/","title":{"rendered":"ActiveMQ: Access secured broker from webconsole-Collection of common programming errors"},"content":{"rendered":"

I have setup ActiveMQ such that it only accepts SSL connections from clients and all users are authenticated based on certificates.<\/p>\n

I have for example this connector:<\/p>\n

\n<\/code><\/pre>\n
and this is one user (in users.properties) userA=CN=User A, OU=Engineering, O=Organization, L=Zurich, ST=Zurich, C=CH<\/p>\n
Now this all works and the client can communicate as expected.<\/p>\n
The problem is that the web console (old console, although I am using 5.9, which would include hawtio) does apparently only have limited access to the broker. I can login as expected and I also see the queues, topics and everything, but once I click on a queue, I get the following error in the log and a simple error message on the web console.<\/p>\n
 INFO | Connector vm:\/\/localhost started  WARN | Failed to add Connection ID:desfutarch-51341-1394637963347-3:1 java.lang.SecurityException: Unable to authenticate transport without SSL certificate.\n        at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:74)\n        at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:97)\n        at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:733)\n        at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)\n        at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292)\n        at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:149)\n        at org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)\n        at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)\n        at org.apache.activemq.transport.vm.VMTransport.iterate(VMTransport.java:247)\n        at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:129)\n        at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:47)\n        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)\n        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)\n        at java.lang.Thread.run(Thread.java:744)  INFO | Connector vm:\/\/localhost stopped  WARN | org.apache.jasper.JasperException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'queueBrowser' defined in ServletContext resource [\/WEB-INF\/webconsole-query.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.apache.activemq.web.QueueBrowseQuery]: Constructor threw exception; nested exception is javax.jms.JMSSecurityException: Unable to authenticate transport without SSL certificate.\n        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:418)\n        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)\n        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)\n        at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)\n        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:652)\n        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1320)\n        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)\n        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)\n        at org.apache.activemq.web.SessionFilter.doFilter(SessionFilter.java:45)\n        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)\n        at org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:102)\n        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)\n        at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129)\n        at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77)\n        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1291)\n        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:443)\n        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)\n        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:521)\n        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)\n        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1044)\n        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:372)\n        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189)\n        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:978)\n        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)\n        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)\n        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:521)\n        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)\n        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)\n        at org.eclipse.jetty.server.Server.handle(Server.java:367)\n        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:486)\n        at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:926)\n        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:988)\n        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:640)\n        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)\n        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)\n        at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)\n        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)\n        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)\n        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)\n        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)\n        at java.lang.Thread.run(Thread.java:744) Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'queueBrowser' defined in ServletContext resource [\/WEB-INF\/webconsole-query.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.apache.activemq.web.QueueBrowseQuery]: Constructor threw exception; nested exception is javax.jms.JMSSecurityException: Unable to authenticate transport without SSL certificate.\n        at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:288)\n        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1045)\n        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:949)\n        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)\n        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)\n        at org.springframework.beans.factory.support.AbstractBeanFactory$2.getObject(AbstractBeanFactory.java:333)\n        at org.springframework.web.context.request.AbstractRequestAttributesScope.get(AbstractRequestAttributesScope.java:43)\n        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:329)\n        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)\n        at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1117)\n        at org.apache.activemq.web.filter.ApplicationContextFilter$2.get(ApplicationContextFilter.java:178)\n        at javax.el.MapELResolver.getValue(MapELResolver.java:196)\n        at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:175)\n        at com.sun.el.parser.AstValue.getValue(AstValue.java:138)\n        at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:206)\n        at org.apache.jasper.runtime.PageContextImpl.evaluateExpression(PageContextImpl.java:1001)\n        at org.apache.jsp.browse_jsp._jspx_meth_form_short_0(org.apache.jsp.browse_jsp:137)\n        at org.apache.jsp.browse_jsp._jspService(org.apache.jsp.browse_jsp:74)\n        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)\n        at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)\n        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389)\n        ... 41 moreCaused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.apache.activemq.web.QueueBrowseQuery]: Constructor threw exception; nested exception is javax.jms.JMSSecurityException: Unable to authenticate transport without SSL certificate.\n        at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:163)\n        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:121)\n        at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:280)\n        ... 61 moreCaused by: javax.jms.JMSSecurityException: Unable to authenticate transport without SSL certificate.\n        at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:52)\n        at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1405)\n        at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1510)\n        at org.apache.activemq.ActiveMQConnection.start(ActiveMQConnection.java:524)\n        at org.apache.activemq.web.SessionPool.getConnection(SessionPool.java:49)\n        at org.apache.activemq.web.SessionPool.createSession(SessionPool.java:114)\n        at org.apache.activemq.web.SessionPool.borrowSession(SessionPool.java:93)\n        at org.apache.activemq.web.QueueBrowseQuery.(QueueBrowseQuery.java:40)\n        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)\n        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)\n        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)\n        at java.lang.reflect.Constructor.newInstance(Constructor.java:526)\n        at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:148)\n        ... 63 moreCaused by: java.lang.SecurityException: Unable to authenticate transport without SSL certificate.\n        at org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:74)\n        at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:97)\n        at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:733)\n        at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)\n        at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292)\n        at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:149)\n        at org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)\n        at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)\n        at org.apache.activemq.transport.vm.VMTransport.iterate(VMTransport.java:247)\n        at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:129)\n        at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:47)\n        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)\n        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)\n        ... 1 more\n<\/code><\/pre>\n
Do I have to tell the webcosole to use a certificate as well? But then it seems weird how I an access other parts like the list of all queues etc.<\/p>\n","protected":false},"excerpt":{"rendered":"
I have setup ActiveMQ such that it only accepts SSL connections from clients and all users are authenticated based on certificates. I have for example this connector: and this is one user (in users.properties) userA=CN=User A, OU=Engineering, O=Organization, L=Zurich, ST=Zurich, C=CH Now this all works and the client can communicate as expected. The problem is […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6199","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/6199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=6199"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/6199\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=6199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=6199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=6199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}