Adding a user to ActiveMQ Artemis fails

Question

I need some assistance on adding a new user and role to ActiveMQ Artemis. Version is 2.16.

After updating ActiveMQ Artemis from 2.9.0 and 2.10.1 to 2.16 we fail to add new users. Perhaps there has been an updated security protocol or usage thereof?

We use the PropertiesLoginModule.

activemq {
   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule requisite
       debug=false
       reload=true
       org.apache.activemq.jaas.properties.user="artemis-users.properties"
       org.apache.activemq.jaas.properties.role="artemis-roles.properties";
};

Usually we do this for adding a new user

./artemis user add --user newUser --password newPassword --role Apps,newUser

But after upgrading to 2.16 we get follow up questions in CLI:
--user-command-user
--user-command-password

I have tried with adding admin username/password on those. But still same Exception.

I get the following Security Exception:

Connection failed::AMQ229031: Unable to validate user from /<IPAddress>:48000. Username: newUser; SSL certificate subject DN: unavailable
Exception in thread "main" ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user from /<IPAddress>:48002. Username: newUser; SSL certificate subject DN: unavailable]
        at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:540)
        at org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:434)
        at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager.createSessionContext(ActiveMQClientProtocolManager.java:300)
        at org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager.createSessionContext(ActiveMQClientProtocolManager.java:249)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSessionChannel(ClientSessionFactoryImpl.java:1401)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSessionInternal(ClientSessionFactoryImpl.java:705)
        at org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSession(ClientSessionFactoryImpl.java:316)
        at org.apache.activemq.artemis.cli.commands.AbstractAction.performCoreManagement(AbstractAction.java:36)
        at org.apache.activemq.artemis.cli.commands.user.AddUser.add(AddUser.java:52)
        at org.apache.activemq.artemis.cli.commands.user.AddUser.execute(AddUser.java:42)
        at org.apache.activemq.artemis.cli.Artemis.internalExecute(Artemis.java:153)
        at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:101)
        at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:128)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.activemq.artemis.boot.Artemis.execute(Artemis.java:134)
        at org.apache.activemq.artemis.boot.Artemis.main(Artemis.java:50)

Any ideas on how to fix this?

In the Security section of the manual I cannot find any hints.

Answer 1

Since ActiveMQ Artemis 2.16 is no longer possible using the artemis user commands when the broker is offline and the parameters of the artemis user commands changed, ie: ./artemis user add --user-command-user guest --user-command-password guest --role admin --user admin --password admin

The --user and --password parameters are used to connect to the broker and the --user-command-user and --user-command-password parameters are used to add a new user.

You can find further details at Upgrading from older versions