You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Jo De Troy <jo...@gmail.com> on 2022/05/12 11:02:39 UTC
multiple propertiesLoginModules - different users/rights for console and brokers
Hello,
is it possible to create multiple propertiesLoginModules, e.g. 1 for broker
access and 1 for console access? Or how should/can you separate users
between broker and console?
I've tried it but it seems like I only see 1 of the propertiesLoginModules
user/roles back in the artemis-{users/roles}.properties
Best Regards,
Jo
Re: multiple propertiesLoginModules - different users/rights for console and brokers
Posted by Domenico Francesco Bruscino <br...@gmail.com>.
Hi Jo,
that isn't expected, can you raise an issue attaching your CR:
https://github.com/artemiscloud/activemq-artemis-operator/issues
Thanks,
Domenico
On Tue, 17 May 2022 at 16:03, Jo De Troy <jo...@gmail.com> wrote:
> Hello again,
>
> I've tried creating 2 propertiesLoginModules using an
> ActiveMQArtemisSecurity CR and I do see both of them created in the
> login.conf but both reference the same properties files
> (artemis-users.properties and artemis-roles.properties) Is that as expected
> or am I doing something wrong?
> I also tried adding the hawtioRoles.
>
> Best Regards,
> Jo
>
> Op vr 13 mei 2022 om 10:12 schreef Domenico Francesco Bruscino <
> bruscinodf@gmail.com>:
>
> > Hi Jo,
> >
> > yes, the ArtemisCloud.io [1] operator will take care of the needed
> changes
> > in etc/login.config and in etc/artemis.profile but you need to define
> > hawtio roles too, i.e.
> >
> > apiVersion: broker.amq.io/v1beta1
> > kind: ActiveMQArtemisSecurity
> > metadata:
> > name: ex-prop
> > spec:
> > loginModules:
> > propertiesLoginModules:
> > - name: 'activemq'
> > users:
> > - name: admin
> > roles:
> > - amq
> > - name: 'console'
> > users:
> > - name: bob
> > roles:
> > - amq-console
> >
> > * hawtioRoles:*
> > * - console*
> >
> > [1] https://artemiscloud.io/
> > [2]
> >
> >
> https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml
> >
> > Regards,
> > Domenico
> >
> > On Fri, 13 May 2022 at 09:44, Jo De Troy <jo...@gmail.com> wrote:
> >
> > > Domenico,
> > >
> > > my excuses for the stupid questions but would the operator also take
> care
> > > of the needed changes in etc/login.config and in etc/artemis.profile
> as
> > > mentioned in your first reply?
> > >
> > > Best Regards,
> > > Jo
> > >
> > > Op vr 13 mei 2022 om 09:20 schreef Domenico Francesco Bruscino <
> > > bruscinodf@gmail.com>:
> > >
> > > > Hi Jo,
> > > >
> > > > the ArtemisCloud.io <https://artemiscloud.io/> [1] operator provides
> > the
> > > > ActiveMQArtemisSecurity CRD [2] to define multiple login modules,
> i.e.
> > > >
> > > > apiVersion: broker.amq.io/v1beta1
> > > > kind: ActiveMQArtemisSecurity
> > > > metadata:
> > > > name: ex-prop
> > > > spec:
> > > > loginModules:
> > > > propertiesLoginModules:
> > > > - name: 'activemq'
> > > > users:
> > > > - name: admin
> > > > roles:
> > > > - amq
> > > > - name: 'console'
> > > > users:
> > > > - name: bob
> > > > roles:
> > > > - amq-console
> > > >
> > > >
> > > > [1] https://artemiscloud.io/
> > > > [2]
> > > >
> > > >
> > >
> >
> https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml
> > > >
> > > > Regards,
> > > > Domenico
> > > >
> > > >
> > > > On Thu, 12 May 2022 at 17:09, Jo De Troy <jo...@gmail.com>
> wrote:
> > > >
> > > > > Thanks for the explanation Justin
> > > > > I wonder if the artemis cloud operator allows me to do that
> > > > >
> > > > > Best Regards,
> > > > > Jo
> > > > >
> > > > > Op do 12 mei 2022 om 16:40 schreef Justin Bertram <
> > jbertram@apache.org
> > > >:
> > > > >
> > > > > > Yes, it is possible to configure multiple PropertiesLoginModules
> to
> > > > > > separate console users from broker users. You'd need to create
> > > multiple
> > > > > > entries in your etc/login.config, e.g.:
> > > > > >
> > > > > > activemq {
> > > > > >
> > > > > >
> > > >
> > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > > > > > required
> > > > > > debug=false
> > > > > > reload=true
> > > > > >
> > > > > >
> > org.apache.activemq.jaas.properties.user="artemis-users.properties"
> > > > > >
> > > > > >
> > org.apache.activemq.jaas.properties.role="artemis-roles.properties";
> > > > > > };
> > > > > >
> > > > > > console {
> > > > > >
> > > > > >
> > > >
> > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > > > > > required
> > > > > > debug=false
> > > > > > reload=true
> > > > > >
> > > > > >
> > org.apache.activemq.jaas.properties.user="console-users.properties"
> > > > > >
> > > > > >
> > org.apache.activemq.jaas.properties.role="console-roles.properties";
> > > > > > };
> > > > > >
> > > > > > Then in your etc/artemis.profile you'd need to change the value
> of
> > > the
> > > > > > "hawtio.realm" system property to use the new entry, e.g.:
> > > > > >
> > > > > > -Dhawtio.realm=console
> > > > > >
> > > > > > Keep in mind that all the user management commands will only work
> > on
> > > > the
> > > > > > broker-specific entry. You'll have to manage console users
> > manually.
> > > > > >
> > > > > >
> > > > > > Justin
> > > > > >
> > > > > > On Thu, May 12, 2022 at 6:03 AM Jo De Troy <jo.de.troy@gmail.com
> >
> > > > wrote:
> > > > > >
> > > > > > > Hello,
> > > > > > >
> > > > > > > is it possible to create multiple propertiesLoginModules, e.g.
> 1
> > > for
> > > > > > broker
> > > > > > > access and 1 for console access? Or how should/can you separate
> > > users
> > > > > > > between broker and console?
> > > > > > > I've tried it but it seems like I only see 1 of the
> > > > > > propertiesLoginModules
> > > > > > > user/roles back in the artemis-{users/roles}.properties
> > > > > > >
> > > > > > > Best Regards,
> > > > > > > Jo
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: multiple propertiesLoginModules - different users/rights for console and brokers
Posted by Jo De Troy <jo...@gmail.com>.
Hello again,
I've tried creating 2 propertiesLoginModules using an
ActiveMQArtemisSecurity CR and I do see both of them created in the
login.conf but both reference the same properties files
(artemis-users.properties and artemis-roles.properties) Is that as expected
or am I doing something wrong?
I also tried adding the hawtioRoles.
Best Regards,
Jo
Op vr 13 mei 2022 om 10:12 schreef Domenico Francesco Bruscino <
bruscinodf@gmail.com>:
> Hi Jo,
>
> yes, the ArtemisCloud.io [1] operator will take care of the needed changes
> in etc/login.config and in etc/artemis.profile but you need to define
> hawtio roles too, i.e.
>
> apiVersion: broker.amq.io/v1beta1
> kind: ActiveMQArtemisSecurity
> metadata:
> name: ex-prop
> spec:
> loginModules:
> propertiesLoginModules:
> - name: 'activemq'
> users:
> - name: admin
> roles:
> - amq
> - name: 'console'
> users:
> - name: bob
> roles:
> - amq-console
>
> * hawtioRoles:*
> * - console*
>
> [1] https://artemiscloud.io/
> [2]
>
> https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml
>
> Regards,
> Domenico
>
> On Fri, 13 May 2022 at 09:44, Jo De Troy <jo...@gmail.com> wrote:
>
> > Domenico,
> >
> > my excuses for the stupid questions but would the operator also take care
> > of the needed changes in etc/login.config and in etc/artemis.profile as
> > mentioned in your first reply?
> >
> > Best Regards,
> > Jo
> >
> > Op vr 13 mei 2022 om 09:20 schreef Domenico Francesco Bruscino <
> > bruscinodf@gmail.com>:
> >
> > > Hi Jo,
> > >
> > > the ArtemisCloud.io <https://artemiscloud.io/> [1] operator provides
> the
> > > ActiveMQArtemisSecurity CRD [2] to define multiple login modules, i.e.
> > >
> > > apiVersion: broker.amq.io/v1beta1
> > > kind: ActiveMQArtemisSecurity
> > > metadata:
> > > name: ex-prop
> > > spec:
> > > loginModules:
> > > propertiesLoginModules:
> > > - name: 'activemq'
> > > users:
> > > - name: admin
> > > roles:
> > > - amq
> > > - name: 'console'
> > > users:
> > > - name: bob
> > > roles:
> > > - amq-console
> > >
> > >
> > > [1] https://artemiscloud.io/
> > > [2]
> > >
> > >
> >
> https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml
> > >
> > > Regards,
> > > Domenico
> > >
> > >
> > > On Thu, 12 May 2022 at 17:09, Jo De Troy <jo...@gmail.com> wrote:
> > >
> > > > Thanks for the explanation Justin
> > > > I wonder if the artemis cloud operator allows me to do that
> > > >
> > > > Best Regards,
> > > > Jo
> > > >
> > > > Op do 12 mei 2022 om 16:40 schreef Justin Bertram <
> jbertram@apache.org
> > >:
> > > >
> > > > > Yes, it is possible to configure multiple PropertiesLoginModules to
> > > > > separate console users from broker users. You'd need to create
> > multiple
> > > > > entries in your etc/login.config, e.g.:
> > > > >
> > > > > activemq {
> > > > >
> > > > >
> > >
> org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > > > > required
> > > > > debug=false
> > > > > reload=true
> > > > >
> > > > >
> org.apache.activemq.jaas.properties.user="artemis-users.properties"
> > > > >
> > > > >
> org.apache.activemq.jaas.properties.role="artemis-roles.properties";
> > > > > };
> > > > >
> > > > > console {
> > > > >
> > > > >
> > >
> org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > > > > required
> > > > > debug=false
> > > > > reload=true
> > > > >
> > > > >
> org.apache.activemq.jaas.properties.user="console-users.properties"
> > > > >
> > > > >
> org.apache.activemq.jaas.properties.role="console-roles.properties";
> > > > > };
> > > > >
> > > > > Then in your etc/artemis.profile you'd need to change the value of
> > the
> > > > > "hawtio.realm" system property to use the new entry, e.g.:
> > > > >
> > > > > -Dhawtio.realm=console
> > > > >
> > > > > Keep in mind that all the user management commands will only work
> on
> > > the
> > > > > broker-specific entry. You'll have to manage console users
> manually.
> > > > >
> > > > >
> > > > > Justin
> > > > >
> > > > > On Thu, May 12, 2022 at 6:03 AM Jo De Troy <jo...@gmail.com>
> > > wrote:
> > > > >
> > > > > > Hello,
> > > > > >
> > > > > > is it possible to create multiple propertiesLoginModules, e.g. 1
> > for
> > > > > broker
> > > > > > access and 1 for console access? Or how should/can you separate
> > users
> > > > > > between broker and console?
> > > > > > I've tried it but it seems like I only see 1 of the
> > > > > propertiesLoginModules
> > > > > > user/roles back in the artemis-{users/roles}.properties
> > > > > >
> > > > > > Best Regards,
> > > > > > Jo
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: multiple propertiesLoginModules - different users/rights for console and brokers
Posted by Domenico Francesco Bruscino <br...@gmail.com>.
Hi Jo,
yes, the ArtemisCloud.io [1] operator will take care of the needed changes
in etc/login.config and in etc/artemis.profile but you need to define
hawtio roles too, i.e.
apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemisSecurity
metadata:
name: ex-prop
spec:
loginModules:
propertiesLoginModules:
- name: 'activemq'
users:
- name: admin
roles:
- amq
- name: 'console'
users:
- name: bob
roles:
- amq-console
* hawtioRoles:*
* - console*
[1] https://artemiscloud.io/
[2]
https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml
Regards,
Domenico
On Fri, 13 May 2022 at 09:44, Jo De Troy <jo...@gmail.com> wrote:
> Domenico,
>
> my excuses for the stupid questions but would the operator also take care
> of the needed changes in etc/login.config and in etc/artemis.profile as
> mentioned in your first reply?
>
> Best Regards,
> Jo
>
> Op vr 13 mei 2022 om 09:20 schreef Domenico Francesco Bruscino <
> bruscinodf@gmail.com>:
>
> > Hi Jo,
> >
> > the ArtemisCloud.io <https://artemiscloud.io/> [1] operator provides the
> > ActiveMQArtemisSecurity CRD [2] to define multiple login modules, i.e.
> >
> > apiVersion: broker.amq.io/v1beta1
> > kind: ActiveMQArtemisSecurity
> > metadata:
> > name: ex-prop
> > spec:
> > loginModules:
> > propertiesLoginModules:
> > - name: 'activemq'
> > users:
> > - name: admin
> > roles:
> > - amq
> > - name: 'console'
> > users:
> > - name: bob
> > roles:
> > - amq-console
> >
> >
> > [1] https://artemiscloud.io/
> > [2]
> >
> >
> https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml
> >
> > Regards,
> > Domenico
> >
> >
> > On Thu, 12 May 2022 at 17:09, Jo De Troy <jo...@gmail.com> wrote:
> >
> > > Thanks for the explanation Justin
> > > I wonder if the artemis cloud operator allows me to do that
> > >
> > > Best Regards,
> > > Jo
> > >
> > > Op do 12 mei 2022 om 16:40 schreef Justin Bertram <jbertram@apache.org
> >:
> > >
> > > > Yes, it is possible to configure multiple PropertiesLoginModules to
> > > > separate console users from broker users. You'd need to create
> multiple
> > > > entries in your etc/login.config, e.g.:
> > > >
> > > > activemq {
> > > >
> > > >
> > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > > > required
> > > > debug=false
> > > > reload=true
> > > >
> > > > org.apache.activemq.jaas.properties.user="artemis-users.properties"
> > > >
> > > > org.apache.activemq.jaas.properties.role="artemis-roles.properties";
> > > > };
> > > >
> > > > console {
> > > >
> > > >
> > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > > > required
> > > > debug=false
> > > > reload=true
> > > >
> > > > org.apache.activemq.jaas.properties.user="console-users.properties"
> > > >
> > > > org.apache.activemq.jaas.properties.role="console-roles.properties";
> > > > };
> > > >
> > > > Then in your etc/artemis.profile you'd need to change the value of
> the
> > > > "hawtio.realm" system property to use the new entry, e.g.:
> > > >
> > > > -Dhawtio.realm=console
> > > >
> > > > Keep in mind that all the user management commands will only work on
> > the
> > > > broker-specific entry. You'll have to manage console users manually.
> > > >
> > > >
> > > > Justin
> > > >
> > > > On Thu, May 12, 2022 at 6:03 AM Jo De Troy <jo...@gmail.com>
> > wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > is it possible to create multiple propertiesLoginModules, e.g. 1
> for
> > > > broker
> > > > > access and 1 for console access? Or how should/can you separate
> users
> > > > > between broker and console?
> > > > > I've tried it but it seems like I only see 1 of the
> > > > propertiesLoginModules
> > > > > user/roles back in the artemis-{users/roles}.properties
> > > > >
> > > > > Best Regards,
> > > > > Jo
> > > > >
> > > >
> > >
> >
>
Re: multiple propertiesLoginModules - different users/rights for console and brokers
Posted by Jo De Troy <jo...@gmail.com>.
Domenico,
my excuses for the stupid questions but would the operator also take care
of the needed changes in etc/login.config and in etc/artemis.profile as
mentioned in your first reply?
Best Regards,
Jo
Op vr 13 mei 2022 om 09:20 schreef Domenico Francesco Bruscino <
bruscinodf@gmail.com>:
> Hi Jo,
>
> the ArtemisCloud.io <https://artemiscloud.io/> [1] operator provides the
> ActiveMQArtemisSecurity CRD [2] to define multiple login modules, i.e.
>
> apiVersion: broker.amq.io/v1beta1
> kind: ActiveMQArtemisSecurity
> metadata:
> name: ex-prop
> spec:
> loginModules:
> propertiesLoginModules:
> - name: 'activemq'
> users:
> - name: admin
> roles:
> - amq
> - name: 'console'
> users:
> - name: bob
> roles:
> - amq-console
>
>
> [1] https://artemiscloud.io/
> [2]
>
> https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml
>
> Regards,
> Domenico
>
>
> On Thu, 12 May 2022 at 17:09, Jo De Troy <jo...@gmail.com> wrote:
>
> > Thanks for the explanation Justin
> > I wonder if the artemis cloud operator allows me to do that
> >
> > Best Regards,
> > Jo
> >
> > Op do 12 mei 2022 om 16:40 schreef Justin Bertram <jb...@apache.org>:
> >
> > > Yes, it is possible to configure multiple PropertiesLoginModules to
> > > separate console users from broker users. You'd need to create multiple
> > > entries in your etc/login.config, e.g.:
> > >
> > > activemq {
> > >
> > >
> org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > > required
> > > debug=false
> > > reload=true
> > >
> > > org.apache.activemq.jaas.properties.user="artemis-users.properties"
> > >
> > > org.apache.activemq.jaas.properties.role="artemis-roles.properties";
> > > };
> > >
> > > console {
> > >
> > >
> org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > > required
> > > debug=false
> > > reload=true
> > >
> > > org.apache.activemq.jaas.properties.user="console-users.properties"
> > >
> > > org.apache.activemq.jaas.properties.role="console-roles.properties";
> > > };
> > >
> > > Then in your etc/artemis.profile you'd need to change the value of the
> > > "hawtio.realm" system property to use the new entry, e.g.:
> > >
> > > -Dhawtio.realm=console
> > >
> > > Keep in mind that all the user management commands will only work on
> the
> > > broker-specific entry. You'll have to manage console users manually.
> > >
> > >
> > > Justin
> > >
> > > On Thu, May 12, 2022 at 6:03 AM Jo De Troy <jo...@gmail.com>
> wrote:
> > >
> > > > Hello,
> > > >
> > > > is it possible to create multiple propertiesLoginModules, e.g. 1 for
> > > broker
> > > > access and 1 for console access? Or how should/can you separate users
> > > > between broker and console?
> > > > I've tried it but it seems like I only see 1 of the
> > > propertiesLoginModules
> > > > user/roles back in the artemis-{users/roles}.properties
> > > >
> > > > Best Regards,
> > > > Jo
> > > >
> > >
> >
>
Re: multiple propertiesLoginModules - different users/rights for console and brokers
Posted by Domenico Francesco Bruscino <br...@gmail.com>.
Hi Jo,
the ArtemisCloud.io <https://artemiscloud.io/> [1] operator provides the
ActiveMQArtemisSecurity CRD [2] to define multiple login modules, i.e.
apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemisSecurity
metadata:
name: ex-prop
spec:
loginModules:
propertiesLoginModules:
- name: 'activemq'
users:
- name: admin
roles:
- amq
- name: 'console'
users:
- name: bob
roles:
- amq-console
[1] https://artemiscloud.io/
[2]
https://github.com/artemiscloud/activemq-artemis-operator/blob/v1.0.2/config/crd/bases/broker.amq.io_activemqartemissecurities.yaml
Regards,
Domenico
On Thu, 12 May 2022 at 17:09, Jo De Troy <jo...@gmail.com> wrote:
> Thanks for the explanation Justin
> I wonder if the artemis cloud operator allows me to do that
>
> Best Regards,
> Jo
>
> Op do 12 mei 2022 om 16:40 schreef Justin Bertram <jb...@apache.org>:
>
> > Yes, it is possible to configure multiple PropertiesLoginModules to
> > separate console users from broker users. You'd need to create multiple
> > entries in your etc/login.config, e.g.:
> >
> > activemq {
> >
> > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > required
> > debug=false
> > reload=true
> >
> > org.apache.activemq.jaas.properties.user="artemis-users.properties"
> >
> > org.apache.activemq.jaas.properties.role="artemis-roles.properties";
> > };
> >
> > console {
> >
> > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > required
> > debug=false
> > reload=true
> >
> > org.apache.activemq.jaas.properties.user="console-users.properties"
> >
> > org.apache.activemq.jaas.properties.role="console-roles.properties";
> > };
> >
> > Then in your etc/artemis.profile you'd need to change the value of the
> > "hawtio.realm" system property to use the new entry, e.g.:
> >
> > -Dhawtio.realm=console
> >
> > Keep in mind that all the user management commands will only work on the
> > broker-specific entry. You'll have to manage console users manually.
> >
> >
> > Justin
> >
> > On Thu, May 12, 2022 at 6:03 AM Jo De Troy <jo...@gmail.com> wrote:
> >
> > > Hello,
> > >
> > > is it possible to create multiple propertiesLoginModules, e.g. 1 for
> > broker
> > > access and 1 for console access? Or how should/can you separate users
> > > between broker and console?
> > > I've tried it but it seems like I only see 1 of the
> > propertiesLoginModules
> > > user/roles back in the artemis-{users/roles}.properties
> > >
> > > Best Regards,
> > > Jo
> > >
> >
>
Re: multiple propertiesLoginModules - different users/rights for console and brokers
Posted by Jo De Troy <jo...@gmail.com>.
Thanks for the explanation Justin
I wonder if the artemis cloud operator allows me to do that
Best Regards,
Jo
Op do 12 mei 2022 om 16:40 schreef Justin Bertram <jb...@apache.org>:
> Yes, it is possible to configure multiple PropertiesLoginModules to
> separate console users from broker users. You'd need to create multiple
> entries in your etc/login.config, e.g.:
>
> activemq {
>
> org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> required
> debug=false
> reload=true
>
> org.apache.activemq.jaas.properties.user="artemis-users.properties"
>
> org.apache.activemq.jaas.properties.role="artemis-roles.properties";
> };
>
> console {
>
> org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> required
> debug=false
> reload=true
>
> org.apache.activemq.jaas.properties.user="console-users.properties"
>
> org.apache.activemq.jaas.properties.role="console-roles.properties";
> };
>
> Then in your etc/artemis.profile you'd need to change the value of the
> "hawtio.realm" system property to use the new entry, e.g.:
>
> -Dhawtio.realm=console
>
> Keep in mind that all the user management commands will only work on the
> broker-specific entry. You'll have to manage console users manually.
>
>
> Justin
>
> On Thu, May 12, 2022 at 6:03 AM Jo De Troy <jo...@gmail.com> wrote:
>
> > Hello,
> >
> > is it possible to create multiple propertiesLoginModules, e.g. 1 for
> broker
> > access and 1 for console access? Or how should/can you separate users
> > between broker and console?
> > I've tried it but it seems like I only see 1 of the
> propertiesLoginModules
> > user/roles back in the artemis-{users/roles}.properties
> >
> > Best Regards,
> > Jo
> >
>
Re: multiple propertiesLoginModules - different users/rights for console and brokers
Posted by Justin Bertram <jb...@apache.org>.
Yes, it is possible to configure multiple PropertiesLoginModules to
separate console users from broker users. You'd need to create multiple
entries in your etc/login.config, e.g.:
activemq {
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
required
debug=false
reload=true
org.apache.activemq.jaas.properties.user="artemis-users.properties"
org.apache.activemq.jaas.properties.role="artemis-roles.properties";
};
console {
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
required
debug=false
reload=true
org.apache.activemq.jaas.properties.user="console-users.properties"
org.apache.activemq.jaas.properties.role="console-roles.properties";
};
Then in your etc/artemis.profile you'd need to change the value of the
"hawtio.realm" system property to use the new entry, e.g.:
-Dhawtio.realm=console
Keep in mind that all the user management commands will only work on the
broker-specific entry. You'll have to manage console users manually.
Justin
On Thu, May 12, 2022 at 6:03 AM Jo De Troy <jo...@gmail.com> wrote:
> Hello,
>
> is it possible to create multiple propertiesLoginModules, e.g. 1 for broker
> access and 1 for console access? Or how should/can you separate users
> between broker and console?
> I've tried it but it seems like I only see 1 of the propertiesLoginModules
> user/roles back in the artemis-{users/roles}.properties
>
> Best Regards,
> Jo
>