securityjmsactivemq-artemis

How to disable ActiveMQ Artemis security for testing purposes?

I am trying to disable security on ActiveMQ Artemis for testing purposes.

I am using the official Docker image from which I am starting a container with a volume mounted from my host to /var/lib/artemis-instance/etc-override/broker.xml inside the container, containing the modified broker.xml (which then has <security-enabled>false</security-enabled>)

$ docker run --detach --name artemis -v /jms/docker/etc/broker.xml:/var/lib/artemis-instance/etc-override/broker.xml -p 61616:61616 -p 8161:8161 --rm apache/activemq-artemis:2.30.0

According to the documentation, any settings set within the etc-override/ should become the master (used for user customization). Somehow, I still have security enabled when I try to send a message to the broker:

Caused by: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user from /172.17.0.1:57464. Username: null; SSL certificate subject DN: unavailable]
    at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticationFailed(SecurityStoreImpl.java:378)
    at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:207)
    at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.validateUser(ActiveMQServerImpl.java:1783)
    at org.apache.activemq.artemis.core.protocol.openwire.OpenWireProtocolManager.validateUser(OpenWireProtocolManager.java:576)
    at org.apache.activemq.artemis.core.protocol.openwire.OpenWireProtocolManager.validateUser(OpenWireProtocolManager.java:408)

What am I doing wrong here?

Solution

  • The problem is that you're attempting to override a single file, but that's not how it works. The documentation states:

    You can use customized configuration for the ActiveMQ Artemis instance by replacing the files residing in the etc folder with the custom ones, e.g. broker.xml or artemis.profile. Put the replacement files inside a folder and map it as a volume to:

    /var/lib/artemis-instance/etc-override

    The contents of etc-override folder will be copied over to etc folder after the instance creation so that the broker will always start with user-supplied configuration.

    Note that you need to put your replacement broker.xml inside a folder and map it as a volume to /var/lib/artemis-instance/etc-override, e.g.:

    $ docker run --detach --name artemis -v /path/to/myconfig:/var/lib/artemis-instance/etc-override -p 61616:61616 -p 8161:8161 --rm apache/activemq-artemis:latest

    The folder /path/to/myconfig should contain your broker.xml.

    Also, I recommend you use the latest image rather than 2.30.0.