ActiveMQ stomp transport allows publishing messages even if credentials are wrong

Multi tool use
Multi tool use












0















I've been trying ActiveMQ 5.15.8 using the Stomp transport from Python. I have a producer and a consumer. So far the consumer is receiving the messages as expected, the problem is that even if I send wrong credentials with the CONNECT command it will always accept the connection without sending an ERROR frame (based on ActiveMQ docs).



I tried with stomp.py library but also tried by sending the data directly via a TCP socket connection and got the same behavior.



Is it possible that I am missing some configuration? I am using default settings on ActiveMQ, I can access to the web console via admin/admin.



This the activemq.xml file that I have:



<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">

<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.conf}/credentials.properties</value>
</property>
</bean>
<bean id="logQuery" class="io.fabric8.insight.log.log4j.Log4jLogQuery"
lazy-init="false" scope="singleton"
init-method="start" destroy-method="stop">
</bean>
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.data}" schedulerSupport="true">
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" >
<pendingMessageLimitStrategy>
<constantPendingMessageLimitStrategy limit="1000"/>
</pendingMessageLimitStrategy>
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>
<managementContext>
<managementContext createConnector="false"/>
</managementContext>

<persistenceAdapter>
<kahaDB directory="${activemq.data}/kahadb"/>
</persistenceAdapter>
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage percentOfJvmHeap="70" />
</memoryUsage>
<storeUsage>
<storeUsage limit="100 gb"/>
</storeUsage>
<tempUsage>
<tempUsage limit="50 gb"/>
</tempUsage>
</systemUsage>
</systemUsage>

<transportConnectors>
<!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="stomp" uri="stomp://0.0.0.0:61613?needClientAuth=true&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
</transportConnectors>
<shutdownHooks>
<bean xmlns="http://www.springframework.org/schema/beans" class="org.apache.activemq.hooks.SpringContextHook" />
</shutdownHooks>
</broker>
<import resource="jetty.xml"/>
</beans>


I really appreciate if you can give some help. Thanks.










share|improve this question

























  • Please provide the broker configuration.

    – Justin Bertram
    Jan 3 at 0:22











  • @JustinBertram thanks, I added the activemq.xml settings file

    – Sergio Guillen Mantilla
    Jan 3 at 2:11






  • 1





    You need to configure authorization as well in the broker config. See example: svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/…

    – Petter Nordlander
    Jan 3 at 8:06











  • Thank you @PetterNordlander, I started using the JAAS plugin. Although all authentication validations are failing it is a good starting point to continue investigating.

    – Sergio Guillen Mantilla
    Jan 3 at 14:12
















0















I've been trying ActiveMQ 5.15.8 using the Stomp transport from Python. I have a producer and a consumer. So far the consumer is receiving the messages as expected, the problem is that even if I send wrong credentials with the CONNECT command it will always accept the connection without sending an ERROR frame (based on ActiveMQ docs).



I tried with stomp.py library but also tried by sending the data directly via a TCP socket connection and got the same behavior.



Is it possible that I am missing some configuration? I am using default settings on ActiveMQ, I can access to the web console via admin/admin.



This the activemq.xml file that I have:



<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">

<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.conf}/credentials.properties</value>
</property>
</bean>
<bean id="logQuery" class="io.fabric8.insight.log.log4j.Log4jLogQuery"
lazy-init="false" scope="singleton"
init-method="start" destroy-method="stop">
</bean>
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.data}" schedulerSupport="true">
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" >
<pendingMessageLimitStrategy>
<constantPendingMessageLimitStrategy limit="1000"/>
</pendingMessageLimitStrategy>
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>
<managementContext>
<managementContext createConnector="false"/>
</managementContext>

<persistenceAdapter>
<kahaDB directory="${activemq.data}/kahadb"/>
</persistenceAdapter>
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage percentOfJvmHeap="70" />
</memoryUsage>
<storeUsage>
<storeUsage limit="100 gb"/>
</storeUsage>
<tempUsage>
<tempUsage limit="50 gb"/>
</tempUsage>
</systemUsage>
</systemUsage>

<transportConnectors>
<!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="stomp" uri="stomp://0.0.0.0:61613?needClientAuth=true&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
</transportConnectors>
<shutdownHooks>
<bean xmlns="http://www.springframework.org/schema/beans" class="org.apache.activemq.hooks.SpringContextHook" />
</shutdownHooks>
</broker>
<import resource="jetty.xml"/>
</beans>


I really appreciate if you can give some help. Thanks.










share|improve this question

























  • Please provide the broker configuration.

    – Justin Bertram
    Jan 3 at 0:22











  • @JustinBertram thanks, I added the activemq.xml settings file

    – Sergio Guillen Mantilla
    Jan 3 at 2:11






  • 1





    You need to configure authorization as well in the broker config. See example: svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/…

    – Petter Nordlander
    Jan 3 at 8:06











  • Thank you @PetterNordlander, I started using the JAAS plugin. Although all authentication validations are failing it is a good starting point to continue investigating.

    – Sergio Guillen Mantilla
    Jan 3 at 14:12














0












0








0








I've been trying ActiveMQ 5.15.8 using the Stomp transport from Python. I have a producer and a consumer. So far the consumer is receiving the messages as expected, the problem is that even if I send wrong credentials with the CONNECT command it will always accept the connection without sending an ERROR frame (based on ActiveMQ docs).



I tried with stomp.py library but also tried by sending the data directly via a TCP socket connection and got the same behavior.



Is it possible that I am missing some configuration? I am using default settings on ActiveMQ, I can access to the web console via admin/admin.



This the activemq.xml file that I have:



<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">

<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.conf}/credentials.properties</value>
</property>
</bean>
<bean id="logQuery" class="io.fabric8.insight.log.log4j.Log4jLogQuery"
lazy-init="false" scope="singleton"
init-method="start" destroy-method="stop">
</bean>
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.data}" schedulerSupport="true">
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" >
<pendingMessageLimitStrategy>
<constantPendingMessageLimitStrategy limit="1000"/>
</pendingMessageLimitStrategy>
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>
<managementContext>
<managementContext createConnector="false"/>
</managementContext>

<persistenceAdapter>
<kahaDB directory="${activemq.data}/kahadb"/>
</persistenceAdapter>
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage percentOfJvmHeap="70" />
</memoryUsage>
<storeUsage>
<storeUsage limit="100 gb"/>
</storeUsage>
<tempUsage>
<tempUsage limit="50 gb"/>
</tempUsage>
</systemUsage>
</systemUsage>

<transportConnectors>
<!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="stomp" uri="stomp://0.0.0.0:61613?needClientAuth=true&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
</transportConnectors>
<shutdownHooks>
<bean xmlns="http://www.springframework.org/schema/beans" class="org.apache.activemq.hooks.SpringContextHook" />
</shutdownHooks>
</broker>
<import resource="jetty.xml"/>
</beans>


I really appreciate if you can give some help. Thanks.










share|improve this question
















I've been trying ActiveMQ 5.15.8 using the Stomp transport from Python. I have a producer and a consumer. So far the consumer is receiving the messages as expected, the problem is that even if I send wrong credentials with the CONNECT command it will always accept the connection without sending an ERROR frame (based on ActiveMQ docs).



I tried with stomp.py library but also tried by sending the data directly via a TCP socket connection and got the same behavior.



Is it possible that I am missing some configuration? I am using default settings on ActiveMQ, I can access to the web console via admin/admin.



This the activemq.xml file that I have:



<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">

<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.conf}/credentials.properties</value>
</property>
</bean>
<bean id="logQuery" class="io.fabric8.insight.log.log4j.Log4jLogQuery"
lazy-init="false" scope="singleton"
init-method="start" destroy-method="stop">
</bean>
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.data}" schedulerSupport="true">
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" >
<pendingMessageLimitStrategy>
<constantPendingMessageLimitStrategy limit="1000"/>
</pendingMessageLimitStrategy>
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>
<managementContext>
<managementContext createConnector="false"/>
</managementContext>

<persistenceAdapter>
<kahaDB directory="${activemq.data}/kahadb"/>
</persistenceAdapter>
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage percentOfJvmHeap="70" />
</memoryUsage>
<storeUsage>
<storeUsage limit="100 gb"/>
</storeUsage>
<tempUsage>
<tempUsage limit="50 gb"/>
</tempUsage>
</systemUsage>
</systemUsage>

<transportConnectors>
<!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="stomp" uri="stomp://0.0.0.0:61613?needClientAuth=true&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
<transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
</transportConnectors>
<shutdownHooks>
<bean xmlns="http://www.springframework.org/schema/beans" class="org.apache.activemq.hooks.SpringContextHook" />
</shutdownHooks>
</broker>
<import resource="jetty.xml"/>
</beans>


I really appreciate if you can give some help. Thanks.







python activemq stomp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 3 at 2:09







Sergio Guillen Mantilla

















asked Jan 2 at 21:33









Sergio Guillen MantillaSergio Guillen Mantilla

897815




897815













  • Please provide the broker configuration.

    – Justin Bertram
    Jan 3 at 0:22











  • @JustinBertram thanks, I added the activemq.xml settings file

    – Sergio Guillen Mantilla
    Jan 3 at 2:11






  • 1





    You need to configure authorization as well in the broker config. See example: svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/…

    – Petter Nordlander
    Jan 3 at 8:06











  • Thank you @PetterNordlander, I started using the JAAS plugin. Although all authentication validations are failing it is a good starting point to continue investigating.

    – Sergio Guillen Mantilla
    Jan 3 at 14:12



















  • Please provide the broker configuration.

    – Justin Bertram
    Jan 3 at 0:22











  • @JustinBertram thanks, I added the activemq.xml settings file

    – Sergio Guillen Mantilla
    Jan 3 at 2:11






  • 1





    You need to configure authorization as well in the broker config. See example: svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/…

    – Petter Nordlander
    Jan 3 at 8:06











  • Thank you @PetterNordlander, I started using the JAAS plugin. Although all authentication validations are failing it is a good starting point to continue investigating.

    – Sergio Guillen Mantilla
    Jan 3 at 14:12

















Please provide the broker configuration.

– Justin Bertram
Jan 3 at 0:22





Please provide the broker configuration.

– Justin Bertram
Jan 3 at 0:22













@JustinBertram thanks, I added the activemq.xml settings file

– Sergio Guillen Mantilla
Jan 3 at 2:11





@JustinBertram thanks, I added the activemq.xml settings file

– Sergio Guillen Mantilla
Jan 3 at 2:11




1




1





You need to configure authorization as well in the broker config. See example: svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/…

– Petter Nordlander
Jan 3 at 8:06





You need to configure authorization as well in the broker config. See example: svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/…

– Petter Nordlander
Jan 3 at 8:06













Thank you @PetterNordlander, I started using the JAAS plugin. Although all authentication validations are failing it is a good starting point to continue investigating.

– Sergio Guillen Mantilla
Jan 3 at 14:12





Thank you @PetterNordlander, I started using the JAAS plugin. Although all authentication validations are failing it is a good starting point to continue investigating.

– Sergio Guillen Mantilla
Jan 3 at 14:12












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54013441%2factivemq-stomp-transport-allows-publishing-messages-even-if-credentials-are-wron%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54013441%2factivemq-stomp-transport-allows-publishing-messages-even-if-credentials-are-wron%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







x4Yz6 nQhYSgvmmZZswfLQEWbrlI,NRoJkJORlYcAZpYh24 su3DTwj9PXi,nS5dqmH0MMEn4K0r
h2DPGKgt,70sex7C

Popular posts from this blog

Monofisismo

Angular Downloading a file using contenturl with Basic Authentication

Olmecas