You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Jose Roman Martin Gil (JIRA)" <ji...@apache.org> on 2018/03/08 08:48:00 UTC

[jira] [Commented] (ARTEMIS-1734) Unable to access to AMQ7.1 Management Console in read-only mode

    [ https://issues.apache.org/jira/browse/ARTEMIS-1734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16390920#comment-16390920 ] 

Jose Roman Martin Gil commented on ARTEMIS-1734:
------------------------------------------------

Maybe this is not the right place for this ticket. 

Opened other one here: [https://issues.jboss.org/browse/ENTMQBR-1060]

Close this ticket?

> Unable to access to AMQ7.1 Management Console in read-only mode
> ---------------------------------------------------------------
>
>                 Key: ARTEMIS-1734
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1734
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Web Console
>    Affects Versions: 2.4.0
>         Environment: RHEL 7.3
> OpenJDK 1.8.0 (latest rpm)
>            Reporter: Jose Roman Martin Gil
>            Priority: Major
>         Attachments: amq-monitor-user.png
>
>
> As administrator I want to create a monitor role to allow access to Management Console only to view and read the status of any objects.
>  
> As administrator I am using roles to manage queues and topics successfully but I would like to have users to monitor the broker with the Management Console.
>  
> At this moment I created a role and I updated the following files as: 
>  
> *etc/artemis.profile*: Changed the roles allowed to access:
> {code:java}
> -Dhawtio.roles=amq,monitor{code}
>  
> *etc/management.xml*: Allowed methods for each method:
> {code:java}
> <default-access>
>  <access method="list*" roles="amq,monitor"/>
>  <access method="get*" roles="amq,monitor"/>
>  <access method="is*" roles="amq,monitor"/>
>  <access method="set*" roles="amq"/>
>  <access method="*" roles="amq"/>
> </default-access>
> <role-access>
>  <match domain="org.apache.activemq.artemis">
>  <access method="list*" roles="amq,monitor"/>
>  <access method="get*" roles="amq,monitor"/>
>  <access method="is*" roles="amq,monitor"/>
>  <access method="set*" roles="amq"/>
>  <access method="*" roles="amq"/>
>  </match>
> </role-access>{code}
> With these changes I could login as monitor user however I found a lot of errors as:
>  
> {code:java}
> ERROR: Insufficient roles/credentials for operation (class java.lang.SecurityException){code}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)