0

I tried to make a production set up (WSO2 MB 3.1.0 and WSO2 ESB 4.9.0) on the same VM. in order to secure my production environment I changed the default admin psw for the admin user to more secure one. At the same time I created a new MB user (ESB) which I used as "a technical user" in ESB jndi.properties

when I restarted my server I started receiving the following exception in the ESB which tried to connect to the MB: [2016-10-07 16:47:31,427] ERROR - AMQStateManager Notifying Waiters([org.wso2.andes.client.state.StateWaiter@654a6148]) for error:not allowed [2016-10-07 16:47:31,427] INFO - AMQConnection Unable to connect to broker at tcp://localhost:5673 org.wso2.andes.client.AMQAuthenticationException: not allowed [error code 530: not allowed] at org.wso2.andes.client.handler.ConnectionCloseMethodHandler.methodReceived(ConnectionCloseMethodHandler.java:79) at org.wso2.andes.client.handler.ClientMethodDispatcherImpl.dispatchConnectionClose(ClientMethodDispatcherImpl.java:192) at org.wso2.andes.framing.amqp_0_91.ConnectionCloseBodyImpl.execute(ConnectionCloseBodyImpl.java:140) at org.wso2.andes.client.state.AMQStateManager.methodReceived(AMQStateManager.java:111) at org.wso2.andes.client.protocol.AMQProtocolHandler.methodBodyReceived(AMQProtocolHandler.java:517)

I back-traced the problem to the change of the ADMIN psw. When I set it back to the default ADMIN:ADMIN all is working again fine.

any idea why? apparently the psw is not changed on all the places I followed this article https://docs.wso2.com/display/MB220/Changing+User+Passwords
my configuration xmls does not contain the admin psw however.

thank you very much in advance.

Community
  • 1
  • 1
J.Krajcovic
  • 31
  • 1
  • 8

1 Answers1

0

AFAIU, Following are the steps you have followed.

  1. Changed MB default username/password.
  2. Created new user("a technical user") in MB and add these username/password in ESB "jndi.properties" file.
  3. Restarted servers and ESB start throwing auth exceptions.

Things would have gone wrong(at least what I can think of) is as follows :

  1. Somehow you have entered spaces in middle of the username "a technical user"(even it's validated in MB management console) Solution : Don't use spaces in of usernames.

  2. Even you have created a new user in MB(and added it correctly in jndi.properties file in ESB) you haven't assigned a role which have permission to subscribe to a topic/queue. (This is what most likely you have messed up :))

    If you haven't assigned a role which has subscribe permissions to queues/topics ESB won't be able to subscribe with given credentials during transport startup which leads to authentication exceptions.

    MB has a role based permission model and if you haven't assigned a user to a role with sufficient permissions user won't be able to authenticate to MB. To verify this theory you can assign "admin" role to newly created user from MB management console under(" Home > Configure > Accounts & Credentials > Users and Roles > Users") and restart ESB server. Please go through following documentations[1] carefully for more permission/users/user roles related information.

    [1] https://docs.wso2.com/display/MB310/Managing+Queues

    https://docs.wso2.com/display/MB310/Configuring+Users

    https://docs.wso2.com/display/MB310/Role-Based+Permissions

plr
  • 511
  • 3
  • 5
  • 15