You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Kevan Miller (JIRA)" <ji...@apache.org> on 2010/04/08 04:46:36 UTC

[jira] Created: (GERONIMO-5243) /activemq-console does not require admin authentication

/activemq-console does not require admin authentication
-------------------------------------------------------

                 Key: GERONIMO-5243
                 URL: https://issues.apache.org/jira/browse/GERONIMO-5243
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
            Reporter: Kevan Miller
            Priority: Blocker
             Fix For: 2.2.1, 3.0


On branches/2.2 I'm able to access http://localhost:8080/activemq-console without authentication. Since I'm able to inspect Destinations, delete Destinations, etc. , this is not a good thing. We need to secure with geronimo-admin realm, just like the admin console.

I haven't tested on trunk, but am guessing this is a problem, there also. activemq-console was not shipped in 2.1.0. So, it's not a problem there.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-5243) /activemq-console does not require admin authentication

Posted by "Kevan Miller (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-5243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12854915#action_12854915 ] 

Kevan Miller commented on GERONIMO-5243:
----------------------------------------

Hmm. It's in a build that I ran last night. I certainly didn't add a dependency for it...

> /activemq-console does not require admin authentication
> -------------------------------------------------------
>
>                 Key: GERONIMO-5243
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5243
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Kevan Miller
>            Priority: Blocker
>             Fix For: 2.2.1, 3.0
>
>
> On branches/2.2 I'm able to access http://localhost:8080/activemq-console without authentication. Since I'm able to inspect Destinations, delete Destinations, etc. , this is not a good thing. We need to secure with geronimo-admin realm, just like the admin console.
> I haven't tested on trunk, but am guessing this is a problem, there also. activemq-console was not shipped in 2.1.0. So, it's not a problem there.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-5243) /activemq-console does not require admin authentication

Posted by "Ivan (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-5243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12854824#action_12854824 ] 

Ivan commented on GERONIMO-5243:
--------------------------------

By default, activemq-console is not installed, you might need to install it manually.

> /activemq-console does not require admin authentication
> -------------------------------------------------------
>
>                 Key: GERONIMO-5243
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5243
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Kevan Miller
>            Priority: Blocker
>             Fix For: 2.2.1, 3.0
>
>
> On branches/2.2 I'm able to access http://localhost:8080/activemq-console without authentication. Since I'm able to inspect Destinations, delete Destinations, etc. , this is not a good thing. We need to secure with geronimo-admin realm, just like the admin console.
> I haven't tested on trunk, but am guessing this is a problem, there also. activemq-console was not shipped in 2.1.0. So, it's not a problem there.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-5243) /activemq-console does not require admin authentication

Posted by "Kevan Miller (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/GERONIMO-5243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevan Miller closed GERONIMO-5243.
----------------------------------

    Resolution: Not A Problem

I must have been looking at the activemq-server test assembly (which does contain the webconsole), not one of the javaee assemblies... Apologies for the noise...

> /activemq-console does not require admin authentication
> -------------------------------------------------------
>
>                 Key: GERONIMO-5243
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5243
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Kevan Miller
>            Priority: Blocker
>             Fix For: 2.2.1, 3.0
>
>
> On branches/2.2 I'm able to access http://localhost:8080/activemq-console without authentication. Since I'm able to inspect Destinations, delete Destinations, etc. , this is not a good thing. We need to secure with geronimo-admin realm, just like the admin console.
> I haven't tested on trunk, but am guessing this is a problem, there also. activemq-console was not shipped in 2.1.0. So, it's not a problem there.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-5243) /activemq-console does not require admin authentication

Posted by "Jack Cai (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/GERONIMO-5243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12854820#action_12854820 ] 

Jack Cai commented on GERONIMO-5243:
------------------------------------

I cannot reproduce this problem with the 2.2.1 snapshot build of Apr. 7th. There is no application bounded to http://localhost:8080/activemq-console. What did I miss?

> /activemq-console does not require admin authentication
> -------------------------------------------------------
>
>                 Key: GERONIMO-5243
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5243
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Kevan Miller
>            Priority: Blocker
>             Fix For: 2.2.1, 3.0
>
>
> On branches/2.2 I'm able to access http://localhost:8080/activemq-console without authentication. Since I'm able to inspect Destinations, delete Destinations, etc. , this is not a good thing. We need to secure with geronimo-admin realm, just like the admin console.
> I haven't tested on trunk, but am guessing this is a problem, there also. activemq-console was not shipped in 2.1.0. So, it's not a problem there.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.