You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by LosWochos <Al...@Web.de> on 2008/04/25 11:33:32 UTC

Internal web-console login

Hello everybody,

can please anybody provide me a step-by-step configuration howto to enable
basic authentication with the internal jetty web-console and ActiveMQ 5.0.0?
I tried a lot of things, but I do not get it running...

Best regards,

LosWochos
-- 
View this message in context: http://www.nabble.com/Internal-web-console-login-tp16893848s2354p16893848.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: Internal web-console login

Posted by j0llyr0g3r <ti...@wincor-nixdorf.com>.

Hi,

i had a long fight to get this working, hopefully it helps you (this is from
our internal wiki):

    *  jetty-plus 


Download jetty, extract the archive and copy the jar jetty-plus.x.x.x.jar to
$AMQ_HOME/lib/web/.


    * activemq.xml 


Edit the file $AMQ_HOME/conf/activemq.xml. Find this section:

<jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
  <connectors>
    <nioConnector port="8161" />
  </connectors>	
  <handlers>
    <webAppContext contextPath="/admin"
resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
    <webAppContext contextPath="/demo"
resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true" />
  </handlers>
</jetty>

Now add a realm between </connectors> and <handlers> like this:

<userRealms>
   <jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule"
callbackHandlerClass="org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler">
   </jaasUserRealm>
</userRealms>
   

    * activemq start-script 


Edit the activemq-startscript under $AMQ_HOME/bin/activemq (or set a
corresponding env-variable):

1. possibility)

Locate the line:

ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS $SUNJMX $SSL_OPTS"

and change it to:

ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS $SUNJMX $SSL_OPTS
${ACTIVEMQ_HOME}/conf/login.config"

2. possibility)

Append this line to the last block of code (last else):

-Djava.security.auth.login.config="${ACTIVEMQ_HOME}/conf/login.config" 

The last else-block should look like this:

else
exec "$JAVACMD" $ACTIVEMQ_DEBUG_OPTS $ACTIVEMQ_OPTS
-Dactivemq.classpath="${ACTIVEMQ_CLASSPATH}"
-Dactivemq.home="${ACTIVEMQ_HOME}" -Dactivemq.base="${ACTIVEMQ_BASE}"  
-Djava.security.auth.login.config="${ACTIVEMQ_HOME}/conf/login.config" -jar
"${ACTIVEMQ_HOME}/bin/run.jar"  
$ACTIVEMQ_TASK $@
fi


    * login.config 


Create the file login.config in ${ACTIVEMQ_HOME}/conf/:

adminLoginModule { org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule
required
       debug="true"
       file="/opt/activemq/conf/realm.properties";
     };

Important note:

You can also specify a relative file-path (like
file="conf/realm.properties") but then you have to pay attention from which
directory you start AMQ. With something like

file="conf/realm.properties"

you'd have to start AMQ via:

cd $AMQ_HOME
bin/activemq


    * Create a password (user is test in this example) 


cd $JETTY_HOME

java -cp lib/jetty-6.1.9.jar:lib/jetty-util-6.1.9.jar
org.mortbay.jetty.security.Password test test test OBF:1z0f1vu91vv11z0f
MD5:098f6bcd4621d373cade4e832627b4f6 CRYPT:teH0wLIpW0gyQ


    * realm.properties 


Create the file realm.properties in ${ACTIVEMQ_HOME}/conf/:

test: MD5:098f6bcd4621d373cade4e832627b4f6,user,admin

or

test: OBF:1z0f1vu91vv11z0f,user,admin

Important note:

If you choose 'MD5' or 'Crypt' you have to choose 'BASIC' as auth-method
(see below). If you choose 'DIGEST' later you will get confusing error
messages later like

WARN  log                            -
javax.security.auth.login.LoginException: Login Failure: all modules ignored
WARN  log                            - AUTH FAILURE: user test2

because of the double encryption ('MD5' is already a hash and 'DIGEST' makes
one additional encryption pass)


    * admin-webapp: web.xml 


Edit $AMQ_HOME/webapps/admin/WEB-INF/web.xml. Append this section:

<security-constraint>
 <web-resource-collection>
 <web-resource-name>adminRealm</web-resource-name>
   <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
     <role-name>admin</role-name>
     <role-name>user</role-name>
     <role-name>moderator</role-name>
   </auth-constraint>
</security-constraint>

<login-config>
  <auth-method>DIGEST</auth-method>
  <realm-name>adminRealm</realm-name>
</login-config>




LosWochos wrote:
> 
> Hello everybody,
> 
> can please anybody provide me a step-by-step configuration howto to enable
> basic authentication with the internal jetty web-console and ActiveMQ
> 5.0.0? I tried a lot of things, but I do not get it running...
> 
> Best regards,
> 
> LosWochos
> 

-- 
View this message in context: http://www.nabble.com/Internal-web-console-login-tp16893848s2354p16894186.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.