You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Jo Rhett <jr...@netconsonance.com> on 2014/06/13 07:51:20 UTC
help getting jolokia auth working?
Hi there. I'm using ActiveMQ 5.9.1 on CentOS 6.4 with both JMX console and Jetty console authenticating correctly. For some reason I can't seem to make Jolokia authenticate successfully. I'm trying to use the hawtio Chrome application. I login successfully with a user and password from the simpleAuthenticationPlugin section of the activemq.conf. I am then prompted for a Basic authentication from the same realm (ActiveMQRealm) as used for the Jetty console. I use the username and password in jetty-realms.properties but authentication fails. I've tried the logins from simpleAuth as well without success. I've put the logins in user and group.properties without success. Nothing works.
Can someone spare some time to help me out?
1. Is there a special group that the user should be part of? This isn't documented.
2. Is there some web application or class which must be loaded for this to work? I ask because I couldn't figure out why Jetty auth didn't work until I found that putting this line in resolved it:
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />
Apparently Jetty's basic authentication can't happen without that class, even though that doesn't appear anywhere in the jetty.xml definitions. It's just a magic token :( Is there a class which must be loaded for Jolokia auth to work properly?
3. How can I get debug logs from the API? I've enabled every log message I see, and I get debug level notifications of every topic and queue event but not a simple message about the REST apis.
4. I can't get useful responses trying to hit the API with browsers or rest clients. I get Not Found. Submitting the login to the exact same API with hawtio seems to get a more useful response :( Documenting how to use a rest client debugger with this would be really help.
All configuration files are below:
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://activemq.apache.org/schema/core
http://activemq.apache.org/schema/core/activemq-core.xsd"
>
<broker xmlns="http://activemq.apache.org/schema/core"
brokerName="activemq.example.net"
schedulePeriodForDestinationPurge="60000"
networkConnectorStartAsync="true"
dataDirectory="${activemq.data}"
useJmx="true"
populateJMSXUserID="true"
>
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" producerFlowControl="false" memoryLimit="1mb" >
<pendingSubscriberPolicy>
<vmCursor />
</pendingSubscriberPolicy>
<pendingMessageLimitStrategy>
<constantPendingMessageLimitStrategy limit="1000"/>
</pendingMessageLimitStrategy>
</policyEntry>
<policyEntry queue=">" producerFlowControl="false" memoryLimit="10mb" gcInactiveDestinations="true" >
<pendingQueuePolicy>
<vmQueueCursor/>
</pendingQueuePolicy>
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>
<managementContext>
<managementContext createConnector="true" connectorHost="localhost" rmiServerPort="1098" connectorPort="1099" />
</managementContext>
<persistenceAdapter>
<kahaDB directory="kahadb"/>
</persistenceAdapter>
<plugins>
<statisticsBrokerPlugin/>
<jaasAuthenticationPlugin configuration="activemq" />
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="client" password="*snip*" groups="servers,clients,everyone"/>
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
*snip*
<authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage percentOfJvmHeap="70"/>
</memoryUsage>
<storeUsage>
<storeUsage limit="1 gb"/>
</storeUsage>
<tempUsage>
<tempUsage limit="100 mb"/>
</tempUsage>
</systemUsage>
</systemUsage>
<transportConnectors>
<transportConnector
name="stomp+nio+ssl"
uri="stomp+nio+ssl://0.0.0.0:61614?needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600"
/>
</transportConnectors>
<sslContext>
<sslContext keyStore="ssl/keystore.jks" keyStorePassword="*snip*" trustStore="ssl/truststore.jks" trustStorePassword="*snip*" />
</sslContext>
<shutdownHooks>
<bean xmlns="http://www.springframework.org/schema/beans" class="org.apache.activemq.hooks.SpringContextHook" />
</shutdownHooks>
</broker>
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />
<import resource="jetty.xml"/>
</beans>
$ cat users.properties
admin=snippetysnip
$ cat groups.properties
admins=admin
$ cat jetty-realm.properties
admin: snippety, admin, user
jetty.xml is bone stock.
--
Jo Rhett
+1 (415) 999-1798
Skype: jorhett
Net Consonance : net philanthropy to improve open source and internet projects.
Nevermind. (Was: help getting jolokia auth working?)
Posted by Jo Rhett <jr...@netconsonance.com>.
This was total *headdesk*. I was using an RPM that didn't include the webapp/api directory. It was exactly what it said :)
--
Jo Rhett
+1 (415) 999-1798
Skype: jorhett
Net Consonance : net philanthropy to improve open source and internet projects.
Re: help getting jolokia auth working?
Posted by Jo Rhett <jr...@netconsonance.com>.
I realized something. The app does succeed in some sense when I use the Jetty credentials. I was confused by the basic auth prompt, which means "login failed". If I hit cancel hawtio then shows me
Failed to log in, Unauthorized
If I type in the correct username and password from jetty-realm.properties I instead get this response:
Failed to log in, Not Found
Any clue what might be wrong here? Is there a role which should be assigned to the user?
Also, what is the format of these files? This is ambiguous:
user: password[, rolename …]
Which of the following two is valid?
user: password, role1, role2, role3
-or-
user: password, role1 role2 role3
On Jun 12, 2014, at 10:51 PM, Jo Rhett <jr...@netconsonance.com> wrote:
> Hi there. I'm using ActiveMQ 5.9.1 on CentOS 6.4 with both JMX console and Jetty console authenticating correctly. For some reason I can't seem to make Jolokia authenticate successfully. I'm trying to use the hawtio Chrome application. I login successfully with a user and password from the simpleAuthenticationPlugin section of the activemq.conf. I am then prompted for a Basic authentication from the same realm (ActiveMQRealm) as used for the Jetty console. I use the username and password in jetty-realms.properties but authentication fails. I've tried the logins from simpleAuth as well without success. I've put the logins in user and group.properties without success. Nothing works.
>
> Can someone spare some time to help me out?
>
> 1. Is there a special group that the user should be part of? This isn't documented.
>
> 2. Is there some web application or class which must be loaded for this to work? I ask because I couldn't figure out why Jetty auth didn't work until I found that putting this line in resolved it:
>
> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />
>
> Apparently Jetty's basic authentication can't happen without that class, even though that doesn't appear anywhere in the jetty.xml definitions. It's just a magic token :( Is there a class which must be loaded for Jolokia auth to work properly?
>
> 3. How can I get debug logs from the API? I've enabled every log message I see, and I get debug level notifications of every topic and queue event but not a simple message about the REST apis.
>
> 4. I can't get useful responses trying to hit the API with browsers or rest clients. I get Not Found. Submitting the login to the exact same API with hawtio seems to get a more useful response :( Documenting how to use a rest client debugger with this would be really help.
>
> All configuration files are below:
>
> <beans
> xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://activemq.apache.org/schema/core
> http://activemq.apache.org/schema/core/activemq-core.xsd"
>>
> <broker xmlns="http://activemq.apache.org/schema/core"
> brokerName="activemq.example.net"
> schedulePeriodForDestinationPurge="60000"
> networkConnectorStartAsync="true"
> dataDirectory="${activemq.data}"
> useJmx="true"
> populateJMSXUserID="true"
>>
> <destinationPolicy>
> <policyMap>
> <policyEntries>
> <policyEntry topic=">" producerFlowControl="false" memoryLimit="1mb" >
> <pendingSubscriberPolicy>
> <vmCursor />
> </pendingSubscriberPolicy>
> <pendingMessageLimitStrategy>
> <constantPendingMessageLimitStrategy limit="1000"/>
> </pendingMessageLimitStrategy>
> </policyEntry>
> <policyEntry queue=">" producerFlowControl="false" memoryLimit="10mb" gcInactiveDestinations="true" >
> <pendingQueuePolicy>
> <vmQueueCursor/>
> </pendingQueuePolicy>
> </policyEntry>
> </policyEntries>
> </policyMap>
> </destinationPolicy>
>
> <managementContext>
> <managementContext createConnector="true" connectorHost="localhost" rmiServerPort="1098" connectorPort="1099" />
> </managementContext>
> <persistenceAdapter>
> <kahaDB directory="kahadb"/>
> </persistenceAdapter>
>
> <plugins>
> <statisticsBrokerPlugin/>
> <jaasAuthenticationPlugin configuration="activemq" />
> <simpleAuthenticationPlugin>
> <users>
> <authenticationUser username="client" password="*snip*" groups="servers,clients,everyone"/>
> </users>
> </simpleAuthenticationPlugin>
>
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> *snip*
> <authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> </plugins>
>
> <systemUsage>
> <systemUsage>
> <memoryUsage>
> <memoryUsage percentOfJvmHeap="70"/>
> </memoryUsage>
> <storeUsage>
> <storeUsage limit="1 gb"/>
> </storeUsage>
> <tempUsage>
> <tempUsage limit="100 mb"/>
> </tempUsage>
> </systemUsage>
> </systemUsage>
>
> <transportConnectors>
> <transportConnector
> name="stomp+nio+ssl"
> uri="stomp+nio+ssl://0.0.0.0:61614?needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600"
> />
> </transportConnectors>
>
> <sslContext>
> <sslContext keyStore="ssl/keystore.jks" keyStorePassword="*snip*" trustStore="ssl/truststore.jks" trustStorePassword="*snip*" />
> </sslContext>
>
> <shutdownHooks>
> <bean xmlns="http://www.springframework.org/schema/beans" class="org.apache.activemq.hooks.SpringContextHook" />
> </shutdownHooks>
> </broker>
>
> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />
> <import resource="jetty.xml"/>
> </beans>
>
> $ cat users.properties
> admin=snippetysnip
>
> $ cat groups.properties
> admins=admin
>
> $ cat jetty-realm.properties
> admin: snippety, admin, user
>
> jetty.xml is bone stock.
>
> --
> Jo Rhett
> +1 (415) 999-1798
> Skype: jorhett
> Net Consonance : net philanthropy to improve open source and internet projects.
>
--
Jo Rhett
+1 (415) 999-1798
Skype: jorhett
Net Consonance : net philanthropy to improve open source and internet projects.
Author of
- Learning MCollective: http://shop.oreilly.com/product/0636920032472.do
- Instant Puppet 3 Starter: http://www.netconsonance.com/instant-puppet-3-starter-book/