You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by yogimogi <yo...@vyomlabs.com> on 2016/07/20 05:49:57 UTC

Secured Message Broker: Issue with ActiveMQ Admin Console App

Hello All,
I am using ActiveMQ 5.13.0. I secured access to broker by using
simpleAuthenticationPlugin. I have also used necessary setting to make sure
credentials-enc.properties file is getting used. I am using
ACTIVEMQ_ENCRYPTION_PASSWORD environment variable to keep the encryption
key. Let us say that I have secured broker with username "yogesh" and
password "yogesh123". Now any Java client I write which connects to broker
over tcp transport needs to use this username/password combination and all
is working well.

Admin Console is accessible at http://localhost:8161/admin.
/jetty-realm.properties/ file governs access to admin console and it has
below entry
admin: admin, admin
 So to access admin console in a browser, I need to provide admin/admin as
username and password.

Issue is when I try to send a message to a queue through admin console, when
I do so, I get error message

*jvm 1    |  INFO | Stopping vm://localhost#0 because Failed with
SecurityException: User name [admin] or password is invalid.*
/webconsole-embedded.xml/ has following entryTo me, looks like, admin
web-app is using same username/password pair (admin/admin) when it
authenticates itself with the broker though different username and password
is mentioned in /webconsole-embedded.xml/ file. For some reason, userName
and password property values in file /webconsole-embedded.xml/ are getting
ignored.

If I modify /jetty-realm.properties/ with below entry
yogesh: yogesh123, admin
and use these credentials to log-in to admin console, I can send message to
a queue through admin console without any errors.

Does anyone know how to fix this problem?

regards,Yogi



--
View this message in context: http://activemq.2283324.n4.nabble.com/Secured-Message-Broker-Issue-with-ActiveMQ-Admin-Console-App-tp4714141.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: Secured Message Broker: Issue with ActiveMQ Admin Console App

Posted by yogimogi <yo...@vyomlabs.com>.
Hello Crishel,
Thanks for your reply. This is how simpleAuthenticationPlugin block looks
like, I already have yogesh and yogesh123( activemq.password which is picked
up from credentials-enc.properties file).
admin/admin are credentials used by a user to connect to ActiveMQ Admin
web-app which are supposed to be specified in jetty-realm.properties. All is
working fine except for the fact, Admin web-app is using same credentials
pair (admin/admin) when trying to authenticate with broker and unless i add
yogesh/yogesh123 also in jetty-realm.properties it doesn't work. Ideally I
don't want to add these values in jetty-realm.properties file. Apart from
the fact, it's in plain text, this is duplication.

regards,
Yogi



--
View this message in context: http://activemq.2283324.n4.nabble.com/Secured-Message-Broker-Issue-with-ActiveMQ-Admin-Console-App-tp4714141p4714218.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: Secured Message Broker: Issue with ActiveMQ Admin Console App

Posted by "crishel.yumul" <cr...@toro.io>.
Hi,
First, your configuration for your java client is correct. Second, since
you're not using virtual host and just using your localhost, admin/admin
should be inside
<simpleAuthenticationPlugin>
            <users>
                <authenticationUser username="admin" password="admin"
groups="admins"/>
            </users>
</simpleAuthenticationPlugin>

Take note that all clients/connections credentials connecting your broker
should be inside <simpleAuthenticationPlugin> plugin.

So configure your xml file into this.
<simpleAuthenticationPlugin>
            <users>
                <authenticationUser username="admin" password="admin"
groups="admins"/>
                <authenticationUser username="yogesh" password="yogesh123"
groups="admins"/>
            </users>
</simpleAuthenticationPlugin>

Save and run your broker thru console to check logs.

Regards,
Crishel Yumul
DevOps
TORO Limited



--
View this message in context: http://activemq.2283324.n4.nabble.com/Secured-Message-Broker-Issue-with-ActiveMQ-Admin-Console-App-tp4714141p4714217.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.