You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Sumit Bhardwaj <su...@gmail.com> on 2020/06/09 17:06:52 UTC
jaasAuthenticationPlugin
Hi,
We are trying to use JAAS Authentication plugin for ActiveMQ. We have been
able to use it with plain text passwords in the users.properties.
We are not able to figure out how to use the encrypted passwords in
users.properties with JAAS Authentication Plugin.
Are there any examples to achieve this?
Thanks in advance.
Best
Sumit
Re: jaasAuthenticationPlugin
Posted by Sumit Bhardwaj <su...@gmail.com>.
Hi Domenico,
I made a mistake with the role name.. It's working now correctly after I
rectified it.
Thanks a lot for your help!
Best
Sumit
On Thu, Jun 11, 2020 at 1:41 PM Domenico Francesco Bruscino <
bruscinodf@gmail.com> wrote:
> Hi Sumit,
>
> I can't see the image, can you upload it somewhere and share the link?
>
> Regards,
> Domenico
>
> Il giorno gio 11 giu 2020 alle ore 09:38 Sumit Bhardwaj <
> sumit.bhardwaj@gmail.com> ha scritto:
>
> > Yes I already added that jar, but maybe I am missing something. Its
> > showing me following when I login to http://localhost:8161/
> >
> > Any pointer for this?
> >
> > Best
> > Sumit
> >
> >
> > [image: image.png]
> >
> > On Thu, Jun 11, 2020 at 1:04 PM Domenico Francesco Bruscino <
> > bruscinodf@gmail.com> wrote:
> >
> >> Hi Sumit,
> >>
> >> it will work with encrypted password as well but you need to add the
> >> artifact org.eclipse.jetty:jetty-jaas:jar to the
> >> `apache-activemq/lib/web/"
> >> folder, ie
> >>
> >>
> https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jaas/9.4.27.v20200227/jetty-jaas-9.4.27.v20200227.jar
> >>
> >> Regards,
> >> Domenico
> >>
> >>
> >> Il giorno gio 11 giu 2020 alle ore 07:43 Sumit Bhardwaj <
> >> sumit.bhardwaj@gmail.com> ha scritto:
> >>
> >> > Thank Domenico, I will try this. This will work with encrypted
> >> passwords as
> >> > well right?
> >> >
> >> > Best
> >> > Sumit
> >> >
> >> > On Thu, Jun 11, 2020 at 1:58 AM Domenico Francesco Bruscino <
> >> > bruscinodf@gmail.com> wrote:
> >> >
> >> > > Hi Sumit,
> >> > >
> >> > > to use the same JAAS Authentication Plugin for the web console, you
> >> can
> >> > > execute the following additional steps:
> >> > >
> >> > > 1) Replace the `securityLoginService` in jetty.xml:
> >> > > <bean id="securityLoginService"
> >> > > class="org.eclipse.jetty.jaas.JAASLoginService">
> >> > > <property name="name" value="ActiveMQRealm" />
> >> > > <property name="loginModuleName" value="activemq" />
> >> > > <property name="roleClassNames">
> >> > > <list>
> >> > >
> <value>org.apache.activemq.jaas.GroupPrincipal</value>
> >> > > </list>
> >> > > </property>
> >> > > </bean>
> >> > >
> >> > > 2) Replace the roles of the `securityConstraint` and
> >> > > `adminSecurityConstraint` beans in jetty.xml to match the roles
> >> defined
> >> > > in groups.properties:
> >> > > <bean id="securityConstraint"
> >> > > class="org.eclipse.jetty.util.security.Constraint">
> >> > > <property name="name" value="BASIC" />
> >> > > <property name="roles" value="user,*admins*" />
> >> > > <!-- set authenticate=false to disable login -->
> >> > > <property name="authenticate" value="true" />
> >> > > </bean>
> >> > > <bean id="adminSecurityConstraint"
> >> > > class="org.eclipse.jetty.util.security.Constraint">
> >> > > <property name="name" value="BASIC" />
> >> > > <property name="roles" value="*admins*" />
> >> > > <!-- set authenticate=false to disable login -->
> >> > > <property name="authenticate" value="true" />
> >> > > </bean>
> >> > >
> >> > > 3) Set the IdentityService of the `securityHandler` bean jetty.xml:
> >> > > <property name="identityService">
> >> > > <bean
> >> class="org.eclipse.jetty.security.DefaultIdentityService"
> >> > />
> >> > > </property>
> >> > >
> >> > > Regards,
> >> > > Domenico
> >> > >
> >> > > Il giorno mer 10 giu 2020 alle ore 19:52 Sumit Bhardwaj <
> >> > > sumit.bhardwaj@gmail.com> ha scritto:
> >> > >
> >> > > > Thanks a lot Dominico!
> >> > > >
> >> > > > I have one more question, can we use JAASAuthenticationPlugin for
> >> web
> >> > > > console users as well?
> >> > > >
> >> > > > Best
> >> > > > Sumit
> >> > > >
> >> > > > On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino <
> >> > > > bruscinodf@gmail.com> wrote:
> >> > > >
> >> > > > > Hi Sumit,
> >> > > > >
> >> > > > > to get a working demo of JAAS Authentication Plugin with
> encrypted
> >> > > > > passwords, you can execute the following steps:
> >> > > > >
> >> > > > > 1) Create a new broker instance:
> >> > > > > $ ./bin/activemq create broker
> >> > > > >
> >> > > > > 2) Add the JAAS Authentication Plugin to activemq.xml:
> >> > > > > <plugins>
> >> > > > > <jaasAuthenticationPlugin configuration="activemq"/>
> >> > > > >
> >> > > > > 3) Replace the admin password with an encrypted password in
> >> > > > > users.properties, ie the the encrypted password `manager`:
> >> > > > > admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
> >> > > > >
> >> > > > > 4) Enable decrypt in login.config:
> >> > > > > activemq {
> >> > > > > org.apache.activemq.jaas.PropertiesLoginModule required
> >> > > > > decrypt=true
> >> > > > >
> >> org.apache.activemq.jaas.properties.user="users.properties"
> >> > > > >
> >> > org.apache.activemq.jaas.properties.group="groups.properties";
> >> > > > > };
> >> > > > >
> >> > > > > 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
> >> > > > > $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
> >> > > > >
> >> > > > > 6) Start the broker:
> >> > > > > $ ./broker/bin/broker start
> >> > > > >
> >> > > > > 7) Start the producer:
> >> > > > > $ ./bin/activemq producer --user admin --password manager
> >> > > --messageCount
> >> > > > 1
> >> > > > >
> >> > > > > Regards,
> >> > > > > Domenico
> >> > > > >
> >> > > > > Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
> >> > > > > sumit.bhardwaj@gmail.com> ha scritto:
> >> > > > >
> >> > > > > > Hi,
> >> > > > > >
> >> > > > > > We are trying to use JAAS Authentication plugin for ActiveMQ.
> We
> >> > have
> >> > > > > been
> >> > > > > > able to use it with plain text passwords in the
> >> users.properties.
> >> > > > > >
> >> > > > > > We are not able to figure out how to use the encrypted
> >> passwords in
> >> > > > > > users.properties with JAAS Authentication Plugin.
> >> > > > > >
> >> > > > > > Are there any examples to achieve this?
> >> > > > > >
> >> > > > > > Thanks in advance.
> >> > > > > >
> >> > > > > > Best
> >> > > > > > Sumit
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> >
>
Re: jaasAuthenticationPlugin
Posted by Domenico Francesco Bruscino <br...@gmail.com>.
Hi Sumit,
I can't see the image, can you upload it somewhere and share the link?
Regards,
Domenico
Il giorno gio 11 giu 2020 alle ore 09:38 Sumit Bhardwaj <
sumit.bhardwaj@gmail.com> ha scritto:
> Yes I already added that jar, but maybe I am missing something. Its
> showing me following when I login to http://localhost:8161/
>
> Any pointer for this?
>
> Best
> Sumit
>
>
> [image: image.png]
>
> On Thu, Jun 11, 2020 at 1:04 PM Domenico Francesco Bruscino <
> bruscinodf@gmail.com> wrote:
>
>> Hi Sumit,
>>
>> it will work with encrypted password as well but you need to add the
>> artifact org.eclipse.jetty:jetty-jaas:jar to the
>> `apache-activemq/lib/web/"
>> folder, ie
>>
>> https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jaas/9.4.27.v20200227/jetty-jaas-9.4.27.v20200227.jar
>>
>> Regards,
>> Domenico
>>
>>
>> Il giorno gio 11 giu 2020 alle ore 07:43 Sumit Bhardwaj <
>> sumit.bhardwaj@gmail.com> ha scritto:
>>
>> > Thank Domenico, I will try this. This will work with encrypted
>> passwords as
>> > well right?
>> >
>> > Best
>> > Sumit
>> >
>> > On Thu, Jun 11, 2020 at 1:58 AM Domenico Francesco Bruscino <
>> > bruscinodf@gmail.com> wrote:
>> >
>> > > Hi Sumit,
>> > >
>> > > to use the same JAAS Authentication Plugin for the web console, you
>> can
>> > > execute the following additional steps:
>> > >
>> > > 1) Replace the `securityLoginService` in jetty.xml:
>> > > <bean id="securityLoginService"
>> > > class="org.eclipse.jetty.jaas.JAASLoginService">
>> > > <property name="name" value="ActiveMQRealm" />
>> > > <property name="loginModuleName" value="activemq" />
>> > > <property name="roleClassNames">
>> > > <list>
>> > > <value>org.apache.activemq.jaas.GroupPrincipal</value>
>> > > </list>
>> > > </property>
>> > > </bean>
>> > >
>> > > 2) Replace the roles of the `securityConstraint` and
>> > > `adminSecurityConstraint` beans in jetty.xml to match the roles
>> defined
>> > > in groups.properties:
>> > > <bean id="securityConstraint"
>> > > class="org.eclipse.jetty.util.security.Constraint">
>> > > <property name="name" value="BASIC" />
>> > > <property name="roles" value="user,*admins*" />
>> > > <!-- set authenticate=false to disable login -->
>> > > <property name="authenticate" value="true" />
>> > > </bean>
>> > > <bean id="adminSecurityConstraint"
>> > > class="org.eclipse.jetty.util.security.Constraint">
>> > > <property name="name" value="BASIC" />
>> > > <property name="roles" value="*admins*" />
>> > > <!-- set authenticate=false to disable login -->
>> > > <property name="authenticate" value="true" />
>> > > </bean>
>> > >
>> > > 3) Set the IdentityService of the `securityHandler` bean jetty.xml:
>> > > <property name="identityService">
>> > > <bean
>> class="org.eclipse.jetty.security.DefaultIdentityService"
>> > />
>> > > </property>
>> > >
>> > > Regards,
>> > > Domenico
>> > >
>> > > Il giorno mer 10 giu 2020 alle ore 19:52 Sumit Bhardwaj <
>> > > sumit.bhardwaj@gmail.com> ha scritto:
>> > >
>> > > > Thanks a lot Dominico!
>> > > >
>> > > > I have one more question, can we use JAASAuthenticationPlugin for
>> web
>> > > > console users as well?
>> > > >
>> > > > Best
>> > > > Sumit
>> > > >
>> > > > On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino <
>> > > > bruscinodf@gmail.com> wrote:
>> > > >
>> > > > > Hi Sumit,
>> > > > >
>> > > > > to get a working demo of JAAS Authentication Plugin with encrypted
>> > > > > passwords, you can execute the following steps:
>> > > > >
>> > > > > 1) Create a new broker instance:
>> > > > > $ ./bin/activemq create broker
>> > > > >
>> > > > > 2) Add the JAAS Authentication Plugin to activemq.xml:
>> > > > > <plugins>
>> > > > > <jaasAuthenticationPlugin configuration="activemq"/>
>> > > > >
>> > > > > 3) Replace the admin password with an encrypted password in
>> > > > > users.properties, ie the the encrypted password `manager`:
>> > > > > admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
>> > > > >
>> > > > > 4) Enable decrypt in login.config:
>> > > > > activemq {
>> > > > > org.apache.activemq.jaas.PropertiesLoginModule required
>> > > > > decrypt=true
>> > > > >
>> org.apache.activemq.jaas.properties.user="users.properties"
>> > > > >
>> > org.apache.activemq.jaas.properties.group="groups.properties";
>> > > > > };
>> > > > >
>> > > > > 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
>> > > > > $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
>> > > > >
>> > > > > 6) Start the broker:
>> > > > > $ ./broker/bin/broker start
>> > > > >
>> > > > > 7) Start the producer:
>> > > > > $ ./bin/activemq producer --user admin --password manager
>> > > --messageCount
>> > > > 1
>> > > > >
>> > > > > Regards,
>> > > > > Domenico
>> > > > >
>> > > > > Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
>> > > > > sumit.bhardwaj@gmail.com> ha scritto:
>> > > > >
>> > > > > > Hi,
>> > > > > >
>> > > > > > We are trying to use JAAS Authentication plugin for ActiveMQ. We
>> > have
>> > > > > been
>> > > > > > able to use it with plain text passwords in the
>> users.properties.
>> > > > > >
>> > > > > > We are not able to figure out how to use the encrypted
>> passwords in
>> > > > > > users.properties with JAAS Authentication Plugin.
>> > > > > >
>> > > > > > Are there any examples to achieve this?
>> > > > > >
>> > > > > > Thanks in advance.
>> > > > > >
>> > > > > > Best
>> > > > > > Sumit
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>>
>
Re: jaasAuthenticationPlugin
Posted by Sumit Bhardwaj <su...@gmail.com>.
Yes I already added that jar, but maybe I am missing something. Its showing
me following when I login to http://localhost:8161/
Any pointer for this?
Best
Sumit
[image: image.png]
On Thu, Jun 11, 2020 at 1:04 PM Domenico Francesco Bruscino <
bruscinodf@gmail.com> wrote:
> Hi Sumit,
>
> it will work with encrypted password as well but you need to add the
> artifact org.eclipse.jetty:jetty-jaas:jar to the `apache-activemq/lib/web/"
> folder, ie
>
> https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jaas/9.4.27.v20200227/jetty-jaas-9.4.27.v20200227.jar
>
> Regards,
> Domenico
>
>
> Il giorno gio 11 giu 2020 alle ore 07:43 Sumit Bhardwaj <
> sumit.bhardwaj@gmail.com> ha scritto:
>
> > Thank Domenico, I will try this. This will work with encrypted passwords
> as
> > well right?
> >
> > Best
> > Sumit
> >
> > On Thu, Jun 11, 2020 at 1:58 AM Domenico Francesco Bruscino <
> > bruscinodf@gmail.com> wrote:
> >
> > > Hi Sumit,
> > >
> > > to use the same JAAS Authentication Plugin for the web console, you can
> > > execute the following additional steps:
> > >
> > > 1) Replace the `securityLoginService` in jetty.xml:
> > > <bean id="securityLoginService"
> > > class="org.eclipse.jetty.jaas.JAASLoginService">
> > > <property name="name" value="ActiveMQRealm" />
> > > <property name="loginModuleName" value="activemq" />
> > > <property name="roleClassNames">
> > > <list>
> > > <value>org.apache.activemq.jaas.GroupPrincipal</value>
> > > </list>
> > > </property>
> > > </bean>
> > >
> > > 2) Replace the roles of the `securityConstraint` and
> > > `adminSecurityConstraint` beans in jetty.xml to match the roles defined
> > > in groups.properties:
> > > <bean id="securityConstraint"
> > > class="org.eclipse.jetty.util.security.Constraint">
> > > <property name="name" value="BASIC" />
> > > <property name="roles" value="user,*admins*" />
> > > <!-- set authenticate=false to disable login -->
> > > <property name="authenticate" value="true" />
> > > </bean>
> > > <bean id="adminSecurityConstraint"
> > > class="org.eclipse.jetty.util.security.Constraint">
> > > <property name="name" value="BASIC" />
> > > <property name="roles" value="*admins*" />
> > > <!-- set authenticate=false to disable login -->
> > > <property name="authenticate" value="true" />
> > > </bean>
> > >
> > > 3) Set the IdentityService of the `securityHandler` bean jetty.xml:
> > > <property name="identityService">
> > > <bean class="org.eclipse.jetty.security.DefaultIdentityService"
> > />
> > > </property>
> > >
> > > Regards,
> > > Domenico
> > >
> > > Il giorno mer 10 giu 2020 alle ore 19:52 Sumit Bhardwaj <
> > > sumit.bhardwaj@gmail.com> ha scritto:
> > >
> > > > Thanks a lot Dominico!
> > > >
> > > > I have one more question, can we use JAASAuthenticationPlugin for web
> > > > console users as well?
> > > >
> > > > Best
> > > > Sumit
> > > >
> > > > On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino <
> > > > bruscinodf@gmail.com> wrote:
> > > >
> > > > > Hi Sumit,
> > > > >
> > > > > to get a working demo of JAAS Authentication Plugin with encrypted
> > > > > passwords, you can execute the following steps:
> > > > >
> > > > > 1) Create a new broker instance:
> > > > > $ ./bin/activemq create broker
> > > > >
> > > > > 2) Add the JAAS Authentication Plugin to activemq.xml:
> > > > > <plugins>
> > > > > <jaasAuthenticationPlugin configuration="activemq"/>
> > > > >
> > > > > 3) Replace the admin password with an encrypted password in
> > > > > users.properties, ie the the encrypted password `manager`:
> > > > > admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
> > > > >
> > > > > 4) Enable decrypt in login.config:
> > > > > activemq {
> > > > > org.apache.activemq.jaas.PropertiesLoginModule required
> > > > > decrypt=true
> > > > > org.apache.activemq.jaas.properties.user="users.properties"
> > > > >
> > org.apache.activemq.jaas.properties.group="groups.properties";
> > > > > };
> > > > >
> > > > > 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
> > > > > $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
> > > > >
> > > > > 6) Start the broker:
> > > > > $ ./broker/bin/broker start
> > > > >
> > > > > 7) Start the producer:
> > > > > $ ./bin/activemq producer --user admin --password manager
> > > --messageCount
> > > > 1
> > > > >
> > > > > Regards,
> > > > > Domenico
> > > > >
> > > > > Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
> > > > > sumit.bhardwaj@gmail.com> ha scritto:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > We are trying to use JAAS Authentication plugin for ActiveMQ. We
> > have
> > > > > been
> > > > > > able to use it with plain text passwords in the users.properties.
> > > > > >
> > > > > > We are not able to figure out how to use the encrypted passwords
> in
> > > > > > users.properties with JAAS Authentication Plugin.
> > > > > >
> > > > > > Are there any examples to achieve this?
> > > > > >
> > > > > > Thanks in advance.
> > > > > >
> > > > > > Best
> > > > > > Sumit
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: jaasAuthenticationPlugin
Posted by Domenico Francesco Bruscino <br...@gmail.com>.
Hi Sumit,
it will work with encrypted password as well but you need to add the
artifact org.eclipse.jetty:jetty-jaas:jar to the `apache-activemq/lib/web/"
folder, ie
https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jaas/9.4.27.v20200227/jetty-jaas-9.4.27.v20200227.jar
Regards,
Domenico
Il giorno gio 11 giu 2020 alle ore 07:43 Sumit Bhardwaj <
sumit.bhardwaj@gmail.com> ha scritto:
> Thank Domenico, I will try this. This will work with encrypted passwords as
> well right?
>
> Best
> Sumit
>
> On Thu, Jun 11, 2020 at 1:58 AM Domenico Francesco Bruscino <
> bruscinodf@gmail.com> wrote:
>
> > Hi Sumit,
> >
> > to use the same JAAS Authentication Plugin for the web console, you can
> > execute the following additional steps:
> >
> > 1) Replace the `securityLoginService` in jetty.xml:
> > <bean id="securityLoginService"
> > class="org.eclipse.jetty.jaas.JAASLoginService">
> > <property name="name" value="ActiveMQRealm" />
> > <property name="loginModuleName" value="activemq" />
> > <property name="roleClassNames">
> > <list>
> > <value>org.apache.activemq.jaas.GroupPrincipal</value>
> > </list>
> > </property>
> > </bean>
> >
> > 2) Replace the roles of the `securityConstraint` and
> > `adminSecurityConstraint` beans in jetty.xml to match the roles defined
> > in groups.properties:
> > <bean id="securityConstraint"
> > class="org.eclipse.jetty.util.security.Constraint">
> > <property name="name" value="BASIC" />
> > <property name="roles" value="user,*admins*" />
> > <!-- set authenticate=false to disable login -->
> > <property name="authenticate" value="true" />
> > </bean>
> > <bean id="adminSecurityConstraint"
> > class="org.eclipse.jetty.util.security.Constraint">
> > <property name="name" value="BASIC" />
> > <property name="roles" value="*admins*" />
> > <!-- set authenticate=false to disable login -->
> > <property name="authenticate" value="true" />
> > </bean>
> >
> > 3) Set the IdentityService of the `securityHandler` bean jetty.xml:
> > <property name="identityService">
> > <bean class="org.eclipse.jetty.security.DefaultIdentityService"
> />
> > </property>
> >
> > Regards,
> > Domenico
> >
> > Il giorno mer 10 giu 2020 alle ore 19:52 Sumit Bhardwaj <
> > sumit.bhardwaj@gmail.com> ha scritto:
> >
> > > Thanks a lot Dominico!
> > >
> > > I have one more question, can we use JAASAuthenticationPlugin for web
> > > console users as well?
> > >
> > > Best
> > > Sumit
> > >
> > > On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino <
> > > bruscinodf@gmail.com> wrote:
> > >
> > > > Hi Sumit,
> > > >
> > > > to get a working demo of JAAS Authentication Plugin with encrypted
> > > > passwords, you can execute the following steps:
> > > >
> > > > 1) Create a new broker instance:
> > > > $ ./bin/activemq create broker
> > > >
> > > > 2) Add the JAAS Authentication Plugin to activemq.xml:
> > > > <plugins>
> > > > <jaasAuthenticationPlugin configuration="activemq"/>
> > > >
> > > > 3) Replace the admin password with an encrypted password in
> > > > users.properties, ie the the encrypted password `manager`:
> > > > admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
> > > >
> > > > 4) Enable decrypt in login.config:
> > > > activemq {
> > > > org.apache.activemq.jaas.PropertiesLoginModule required
> > > > decrypt=true
> > > > org.apache.activemq.jaas.properties.user="users.properties"
> > > >
> org.apache.activemq.jaas.properties.group="groups.properties";
> > > > };
> > > >
> > > > 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
> > > > $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
> > > >
> > > > 6) Start the broker:
> > > > $ ./broker/bin/broker start
> > > >
> > > > 7) Start the producer:
> > > > $ ./bin/activemq producer --user admin --password manager
> > --messageCount
> > > 1
> > > >
> > > > Regards,
> > > > Domenico
> > > >
> > > > Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
> > > > sumit.bhardwaj@gmail.com> ha scritto:
> > > >
> > > > > Hi,
> > > > >
> > > > > We are trying to use JAAS Authentication plugin for ActiveMQ. We
> have
> > > > been
> > > > > able to use it with plain text passwords in the users.properties.
> > > > >
> > > > > We are not able to figure out how to use the encrypted passwords in
> > > > > users.properties with JAAS Authentication Plugin.
> > > > >
> > > > > Are there any examples to achieve this?
> > > > >
> > > > > Thanks in advance.
> > > > >
> > > > > Best
> > > > > Sumit
> > > > >
> > > >
> > >
> >
>
Re: jaasAuthenticationPlugin
Posted by Sumit Bhardwaj <su...@gmail.com>.
Thank Domenico, I will try this. This will work with encrypted passwords as
well right?
Best
Sumit
On Thu, Jun 11, 2020 at 1:58 AM Domenico Francesco Bruscino <
bruscinodf@gmail.com> wrote:
> Hi Sumit,
>
> to use the same JAAS Authentication Plugin for the web console, you can
> execute the following additional steps:
>
> 1) Replace the `securityLoginService` in jetty.xml:
> <bean id="securityLoginService"
> class="org.eclipse.jetty.jaas.JAASLoginService">
> <property name="name" value="ActiveMQRealm" />
> <property name="loginModuleName" value="activemq" />
> <property name="roleClassNames">
> <list>
> <value>org.apache.activemq.jaas.GroupPrincipal</value>
> </list>
> </property>
> </bean>
>
> 2) Replace the roles of the `securityConstraint` and
> `adminSecurityConstraint` beans in jetty.xml to match the roles defined
> in groups.properties:
> <bean id="securityConstraint"
> class="org.eclipse.jetty.util.security.Constraint">
> <property name="name" value="BASIC" />
> <property name="roles" value="user,*admins*" />
> <!-- set authenticate=false to disable login -->
> <property name="authenticate" value="true" />
> </bean>
> <bean id="adminSecurityConstraint"
> class="org.eclipse.jetty.util.security.Constraint">
> <property name="name" value="BASIC" />
> <property name="roles" value="*admins*" />
> <!-- set authenticate=false to disable login -->
> <property name="authenticate" value="true" />
> </bean>
>
> 3) Set the IdentityService of the `securityHandler` bean jetty.xml:
> <property name="identityService">
> <bean class="org.eclipse.jetty.security.DefaultIdentityService" />
> </property>
>
> Regards,
> Domenico
>
> Il giorno mer 10 giu 2020 alle ore 19:52 Sumit Bhardwaj <
> sumit.bhardwaj@gmail.com> ha scritto:
>
> > Thanks a lot Dominico!
> >
> > I have one more question, can we use JAASAuthenticationPlugin for web
> > console users as well?
> >
> > Best
> > Sumit
> >
> > On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino <
> > bruscinodf@gmail.com> wrote:
> >
> > > Hi Sumit,
> > >
> > > to get a working demo of JAAS Authentication Plugin with encrypted
> > > passwords, you can execute the following steps:
> > >
> > > 1) Create a new broker instance:
> > > $ ./bin/activemq create broker
> > >
> > > 2) Add the JAAS Authentication Plugin to activemq.xml:
> > > <plugins>
> > > <jaasAuthenticationPlugin configuration="activemq"/>
> > >
> > > 3) Replace the admin password with an encrypted password in
> > > users.properties, ie the the encrypted password `manager`:
> > > admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
> > >
> > > 4) Enable decrypt in login.config:
> > > activemq {
> > > org.apache.activemq.jaas.PropertiesLoginModule required
> > > decrypt=true
> > > org.apache.activemq.jaas.properties.user="users.properties"
> > > org.apache.activemq.jaas.properties.group="groups.properties";
> > > };
> > >
> > > 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
> > > $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
> > >
> > > 6) Start the broker:
> > > $ ./broker/bin/broker start
> > >
> > > 7) Start the producer:
> > > $ ./bin/activemq producer --user admin --password manager
> --messageCount
> > 1
> > >
> > > Regards,
> > > Domenico
> > >
> > > Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
> > > sumit.bhardwaj@gmail.com> ha scritto:
> > >
> > > > Hi,
> > > >
> > > > We are trying to use JAAS Authentication plugin for ActiveMQ. We have
> > > been
> > > > able to use it with plain text passwords in the users.properties.
> > > >
> > > > We are not able to figure out how to use the encrypted passwords in
> > > > users.properties with JAAS Authentication Plugin.
> > > >
> > > > Are there any examples to achieve this?
> > > >
> > > > Thanks in advance.
> > > >
> > > > Best
> > > > Sumit
> > > >
> > >
> >
>
Re: jaasAuthenticationPlugin
Posted by Domenico Francesco Bruscino <br...@gmail.com>.
Hi Sumit,
to use the same JAAS Authentication Plugin for the web console, you can
execute the following additional steps:
1) Replace the `securityLoginService` in jetty.xml:
<bean id="securityLoginService"
class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="ActiveMQRealm" />
<property name="loginModuleName" value="activemq" />
<property name="roleClassNames">
<list>
<value>org.apache.activemq.jaas.GroupPrincipal</value>
</list>
</property>
</bean>
2) Replace the roles of the `securityConstraint` and
`adminSecurityConstraint` beans in jetty.xml to match the roles defined
in groups.properties:
<bean id="securityConstraint"
class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="user,*admins*" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint"
class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="*admins*" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
3) Set the IdentityService of the `securityHandler` bean jetty.xml:
<property name="identityService">
<bean class="org.eclipse.jetty.security.DefaultIdentityService" />
</property>
Regards,
Domenico
Il giorno mer 10 giu 2020 alle ore 19:52 Sumit Bhardwaj <
sumit.bhardwaj@gmail.com> ha scritto:
> Thanks a lot Dominico!
>
> I have one more question, can we use JAASAuthenticationPlugin for web
> console users as well?
>
> Best
> Sumit
>
> On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino <
> bruscinodf@gmail.com> wrote:
>
> > Hi Sumit,
> >
> > to get a working demo of JAAS Authentication Plugin with encrypted
> > passwords, you can execute the following steps:
> >
> > 1) Create a new broker instance:
> > $ ./bin/activemq create broker
> >
> > 2) Add the JAAS Authentication Plugin to activemq.xml:
> > <plugins>
> > <jaasAuthenticationPlugin configuration="activemq"/>
> >
> > 3) Replace the admin password with an encrypted password in
> > users.properties, ie the the encrypted password `manager`:
> > admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
> >
> > 4) Enable decrypt in login.config:
> > activemq {
> > org.apache.activemq.jaas.PropertiesLoginModule required
> > decrypt=true
> > org.apache.activemq.jaas.properties.user="users.properties"
> > org.apache.activemq.jaas.properties.group="groups.properties";
> > };
> >
> > 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
> > $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
> >
> > 6) Start the broker:
> > $ ./broker/bin/broker start
> >
> > 7) Start the producer:
> > $ ./bin/activemq producer --user admin --password manager --messageCount
> 1
> >
> > Regards,
> > Domenico
> >
> > Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
> > sumit.bhardwaj@gmail.com> ha scritto:
> >
> > > Hi,
> > >
> > > We are trying to use JAAS Authentication plugin for ActiveMQ. We have
> > been
> > > able to use it with plain text passwords in the users.properties.
> > >
> > > We are not able to figure out how to use the encrypted passwords in
> > > users.properties with JAAS Authentication Plugin.
> > >
> > > Are there any examples to achieve this?
> > >
> > > Thanks in advance.
> > >
> > > Best
> > > Sumit
> > >
> >
>
Re: jaasAuthenticationPlugin
Posted by Sumit Bhardwaj <su...@gmail.com>.
Thanks a lot Dominico!
I have one more question, can we use JAASAuthenticationPlugin for web
console users as well?
Best
Sumit
On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino <
bruscinodf@gmail.com> wrote:
> Hi Sumit,
>
> to get a working demo of JAAS Authentication Plugin with encrypted
> passwords, you can execute the following steps:
>
> 1) Create a new broker instance:
> $ ./bin/activemq create broker
>
> 2) Add the JAAS Authentication Plugin to activemq.xml:
> <plugins>
> <jaasAuthenticationPlugin configuration="activemq"/>
>
> 3) Replace the admin password with an encrypted password in
> users.properties, ie the the encrypted password `manager`:
> admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
>
> 4) Enable decrypt in login.config:
> activemq {
> org.apache.activemq.jaas.PropertiesLoginModule required
> decrypt=true
> org.apache.activemq.jaas.properties.user="users.properties"
> org.apache.activemq.jaas.properties.group="groups.properties";
> };
>
> 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
> $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
>
> 6) Start the broker:
> $ ./broker/bin/broker start
>
> 7) Start the producer:
> $ ./bin/activemq producer --user admin --password manager --messageCount 1
>
> Regards,
> Domenico
>
> Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
> sumit.bhardwaj@gmail.com> ha scritto:
>
> > Hi,
> >
> > We are trying to use JAAS Authentication plugin for ActiveMQ. We have
> been
> > able to use it with plain text passwords in the users.properties.
> >
> > We are not able to figure out how to use the encrypted passwords in
> > users.properties with JAAS Authentication Plugin.
> >
> > Are there any examples to achieve this?
> >
> > Thanks in advance.
> >
> > Best
> > Sumit
> >
>
Re: jaasAuthenticationPlugin
Posted by Domenico Francesco Bruscino <br...@gmail.com>.
Hi Sumit,
to get a working demo of JAAS Authentication Plugin with encrypted
passwords, you can execute the following steps:
1) Create a new broker instance:
$ ./bin/activemq create broker
2) Add the JAAS Authentication Plugin to activemq.xml:
<plugins>
<jaasAuthenticationPlugin configuration="activemq"/>
3) Replace the admin password with an encrypted password in
users.properties, ie the the encrypted password `manager`:
admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
4) Enable decrypt in login.config:
activemq {
org.apache.activemq.jaas.PropertiesLoginModule required
decrypt=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
$ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
6) Start the broker:
$ ./broker/bin/broker start
7) Start the producer:
$ ./bin/activemq producer --user admin --password manager --messageCount 1
Regards,
Domenico
Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
sumit.bhardwaj@gmail.com> ha scritto:
> Hi,
>
> We are trying to use JAAS Authentication plugin for ActiveMQ. We have been
> able to use it with plain text passwords in the users.properties.
>
> We are not able to figure out how to use the encrypted passwords in
> users.properties with JAAS Authentication Plugin.
>
> Are there any examples to achieve this?
>
> Thanks in advance.
>
> Best
> Sumit
>