Keywords: Spring AMQP | RabbitMQ | Authentication Error | ACCESS_REFUSED | User Permissions
Abstract: This article provides a comprehensive analysis of ACCESS_REFUSED authentication errors when integrating Spring AMQP with RabbitMQ 3.3.5, explains RabbitMQ 3.3.x security restrictions for guest users, offers solutions through management interface and command-line configuration, and includes complete code examples and configuration instructions.
Problem Background and Error Analysis
When integrating Spring AMQP with RabbitMQ 3.3.5, developers commonly encounter the following authentication error:
org.springframework.amqp.AmqpAuthenticationException:
com.rabbitmq.client.AuthenticationFailureException:
ACCESS_REFUSED - Login was refused using authentication mechanism PLAINThe root cause is clearly visible in the error logs:
{handshake_error,starting,0,
{amqp_error,access_refused,
"PLAIN login refused: user 'guest' can only connect via localhost",
'connection.start_ok'}}RabbitMQ 3.3.x Security Mechanism Analysis
Starting from version 3.3.x, RabbitMQ has enhanced its security policies. The default guest user can only connect via localhost. This measure prevents unauthorized remote access and strengthens system security. Even if developers set [{rabbit, [{loopback_users, []}]}]. in the configuration file, the localhost restriction for the guest user remains in effect.
Solution 1: Creating New Users via Management Interface
This is the most direct and effective solution, with the following specific steps:
- Access the RabbitMQ management interface:
http://localhost:15672/#/users - Log in using default credentials guest/guest
- Create a new user in the user management page
- Assign appropriate permissions and virtual host access for the new user
- Use the newly created user credentials in Spring configuration
Spring Configuration Update Example
Update the Spring configuration file to use the newly created user credentials:
<rabbit:connection-factory id="rabbitConnFactory"
virtual-host="/"
username="newUser"
password="newPassword"
port="5672"/>Solution 2: Command Line Configuration
For environments without web interface access, users can be created via RabbitMQ command-line tools:
rabbitmqctl add_user YOUR_USERNAME YOUR_PASSWORD
rabbitmqctl set_user_tags YOUR_USERNAME administrator
rabbitmqctl set_permissions -p / YOUR_USERNAME ".*" ".*" ".*"These three commands respectively accomplish: user creation, administrator role assignment, and virtual host permission configuration.
Code Implementation Details
In the message sender implementation, ensure proper injection and usage of AmqpTemplate:
@Component("messageSender")
public class RmqMessageSender {
@Autowired
AmqpTemplate rabbitTemplate;
public void submitToRMQ(String orderId) {
try {
rabbitTemplate.convertAndSend("Hello World");
} catch (Exception e) {
LOGGER.error(e.getMessage());
}
}
}Dependency Version Compatibility
Ensure the Spring AMQP version used is compatible with the RabbitMQ server version:
<dependency>
<groupId>org.springframework.amqp</groupId>
<artifactId>spring-rabbit</artifactId>
<version>1.3.6.RELEASE</version>
</dependency>Best Practice Recommendations
1. Avoid using guest users in production environments
2. Create separate users and permissions for different applications
3. Regularly update user passwords and permission settings
4. Monitor RabbitMQ log files for detailed error information
Conclusion
The security enhancements in RabbitMQ 3.3.x require developers to create new user accounts to replace the default guest user. By creating new users with appropriate permissions through the management interface or command-line tools and updating the corresponding connection factory configuration in Spring, the ACCESS_REFUSED authentication error can be effectively resolved.