You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by criggster <cu...@yahoo.com> on 2008/08/26 19:58:21 UTC
Re: Securing the web console impossible?
Try either using the OBF format in your realm.properties in bold below
or
use BASIC authentication (instead of DIGEST)
criggster "DIGEST and MD5/Crypt do not play well together."
wiseguysby wrote:
>
> Hi bro,
>
> I've just following like below, but not success, when i've trying login
> always failed ( Login failure : all modules ignored)
>
> I've ActiveMQ 5.0 and jetty 1.6.9 and installed on windows XP. ActiveMQ
> without security login is working properly. so what should i do?
>
> regards
>
> hakim
>
> Hey folks,
>
> i finally solved it.....:-)
>
> I will add this information to the wiki so that the average idiot -
> thereby referring to me - can set this up.
>
> But since it might take some time until i find the time to edit the wiki,
> here's a short summary, and hopefully an idiot-proof copy&paste method:
>
>
> * jetty-plus
>
> Download jetty, extract the archive and copy the jar jetty-plus.x.x.x.jar
> to $AMQ_HOME/lib/web/.
>
>
> * activemq.xml
>
> Edit the file $AMQ_HOME/conf/activemq.xml. Find this section:
>
> <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
> <connectors>
> <nioConnector port="8161" />
> </connectors>
> <handlers>
> <webAppContext contextPath="/admin"
> resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
> <webAppContext contextPath="/demo"
> resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true" />
> </handlers>
> </jetty>
>
> Now add a realm between </connectors> and <handlers> like this:
>
> <userRealms>
> <jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
> </jaasUserRealm>
> </userRealms>
>
> * activemq start-script
>
> Edit the activemq-startscript under $AMQ_HOME/bin/activemq (or set a
> corresponding env-variable):
>
> Append this line to the last block of code (last else):
>
> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.conf"
>
> The last else-block should look like this:
>
> else
> exec "$JAVACMD" $ACTIVEMQ_DEBUG_OPTS $ACTIVEMQ_OPTS
> -Dactivemq.classpath="${ACTIVEMQ_CLASSPATH}"
> -Dactivemq.home="${ACTIVEMQ_HOME}" -Dactivemq.base="${ACTIVEMQ_BASE}"
> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.config"
> -jar "${ACTIVEMQ_HOME}/bin/run.jar"
> $ACTIVEMQ_TASK $@
> fi
>
> But setting a corresponding environment variable is highly recommended!
>
> * login.config
>
> Create the file login.config in ${ACTIVEMQ_HOME}/webapps/admin/:
>
> adminLoginModule { org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule
> required
> debug="true"
> file="/opt/activemq/conf/realm.properties";
> };
>
>
> * Create a password
>
> cd $JETTY_HOME
> java -cp lib/jetty-6.1.9.jar:lib/jetty-util-6.1.9.jar
> org.mortbay.jetty.security.Password admin test
> test
> OBF:1z0f1vu91vv11z0f
> MD5:098f6bcd4621d373cade4e832627b4f6
> CRYPT:oewgD4ujswzhg
>
> * realm.properties
>
> Create the file realm.properties in ${ACTIVEMQ_HOME}/conf/:
>
>
> admin: OBF:1z0f1vu91vv11z0f,user,admin
>
>
> * admin-webapp: web.xml
>
>
> Edit $AMQ_HOME/webapps/admin/WEB-INF/web.xml. Append this section:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>adminRealm</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> <role-name>user</role-name>
> <role-name>moderator</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>DIGEST</auth-method>
> <realm-name>adminRealm</realm-name>
> </login-config>
>
>
--
View this message in context: http://www.nabble.com/Securing-the-web-console-impossible--tp16765525p19167118.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Securing the web console impossible?
Posted by magellings <ma...@qg.com>.
I was successfully able to get everything working with login configured with
BASIC authentication and following all the steps in this thread by original
poster.
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>adminRealm</realm-name>
</login-config>
Trying with DIGEST led me to the "all modules ignored" error, which also is
logged with a user who isn't authentic still attempts logging in.
criggster wrote:
>
> Try either using the OBF format in your realm.properties in bold below
> or
> use BASIC authentication (instead of DIGEST)
>
> criggster "DIGEST and MD5/Crypt do not play well together."
>
>
>
> wiseguysby wrote:
>>
>> Hi bro,
>>
>> I've just following like below, but not success, when i've trying login
>> always failed ( Login failure : all modules ignored)
>>
>> I've ActiveMQ 5.0 and jetty 1.6.9 and installed on windows XP. ActiveMQ
>> without security login is working properly. so what should i do?
>>
>> regards
>>
>> hakim
>>
>> Hey folks,
>>
>> i finally solved it.....:-)
>>
>> I will add this information to the wiki so that the average idiot -
>> thereby referring to me - can set this up.
>>
>> But since it might take some time until i find the time to edit the wiki,
>> here's a short summary, and hopefully an idiot-proof copy&paste method:
>>
>>
>> * jetty-plus
>>
>> Download jetty, extract the archive and copy the jar jetty-plus.x.x.x.jar
>> to $AMQ_HOME/lib/web/.
>>
>>
>> * activemq.xml
>>
>> Edit the file $AMQ_HOME/conf/activemq.xml. Find this section:
>>
>> <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
>> <connectors>
>> <nioConnector port="8161" />
>> </connectors>
>> <handlers>
>> <webAppContext contextPath="/admin"
>> resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
>> <webAppContext contextPath="/demo"
>> resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true" />
>> </handlers>
>> </jetty>
>>
>> Now add a realm between </connectors> and <handlers> like this:
>>
>> <userRealms>
>> <jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
>> </jaasUserRealm>
>> </userRealms>
>>
>> * activemq start-script
>>
>> Edit the activemq-startscript under $AMQ_HOME/bin/activemq (or set a
>> corresponding env-variable):
>>
>> Append this line to the last block of code (last else):
>>
>> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.conf"
>>
>> The last else-block should look like this:
>>
>> else
>> exec "$JAVACMD" $ACTIVEMQ_DEBUG_OPTS $ACTIVEMQ_OPTS
>> -Dactivemq.classpath="${ACTIVEMQ_CLASSPATH}"
>> -Dactivemq.home="${ACTIVEMQ_HOME}" -Dactivemq.base="${ACTIVEMQ_BASE}"
>> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.config"
>> -jar "${ACTIVEMQ_HOME}/bin/run.jar"
>> $ACTIVEMQ_TASK $@
>> fi
>>
>> But setting a corresponding environment variable is highly recommended!
>>
>> * login.config
>>
>> Create the file login.config in ${ACTIVEMQ_HOME}/webapps/admin/:
>>
>> adminLoginModule {
>> org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule required
>> debug="true"
>> file="/opt/activemq/conf/realm.properties";
>> };
>>
>>
>> * Create a password
>>
>> cd $JETTY_HOME
>> java -cp lib/jetty-6.1.9.jar:lib/jetty-util-6.1.9.jar
>> org.mortbay.jetty.security.Password admin test
>> test
>> OBF:1z0f1vu91vv11z0f
>> MD5:098f6bcd4621d373cade4e832627b4f6
>> CRYPT:oewgD4ujswzhg
>>
>> * realm.properties
>>
>> Create the file realm.properties in ${ACTIVEMQ_HOME}/conf/:
>>
>>
>> admin: OBF:1z0f1vu91vv11z0f,user,admin
>>
>>
>> * admin-webapp: web.xml
>>
>>
>> Edit $AMQ_HOME/webapps/admin/WEB-INF/web.xml. Append this section:
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>adminRealm</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>admin</role-name>
>> <role-name>user</role-name>
>> <role-name>moderator</role-name>
>> </auth-constraint>
>> </security-constraint>
>> <login-config>
>> <auth-method>DIGEST</auth-method>
>> <realm-name>adminRealm</realm-name>
>> </login-config>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Securing-the-web-console-impossible--tp16765525p22789539.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.