You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by LosWochos <Al...@Web.de> on 2008/04/25 11:33:32 UTC
Internal web-console login
Hello everybody,
can please anybody provide me a step-by-step configuration howto to enable
basic authentication with the internal jetty web-console and ActiveMQ 5.0.0?
I tried a lot of things, but I do not get it running...
Best regards,
LosWochos
--
View this message in context: http://www.nabble.com/Internal-web-console-login-tp16893848s2354p16893848.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Internal web-console login
Posted by j0llyr0g3r <ti...@wincor-nixdorf.com>.
Hi,
i had a long fight to get this working, hopefully it helps you (this is from
our internal wiki):
* jetty-plus
Download jetty, extract the archive and copy the jar jetty-plus.x.x.x.jar to
$AMQ_HOME/lib/web/.
* activemq.xml
Edit the file $AMQ_HOME/conf/activemq.xml. Find this section:
<jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
<connectors>
<nioConnector port="8161" />
</connectors>
<handlers>
<webAppContext contextPath="/admin"
resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
<webAppContext contextPath="/demo"
resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true" />
</handlers>
</jetty>
Now add a realm between </connectors> and <handlers> like this:
<userRealms>
<jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule"
callbackHandlerClass="org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler">
</jaasUserRealm>
</userRealms>
* activemq start-script
Edit the activemq-startscript under $AMQ_HOME/bin/activemq (or set a
corresponding env-variable):
1. possibility)
Locate the line:
ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS $SUNJMX $SSL_OPTS"
and change it to:
ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS $SUNJMX $SSL_OPTS
${ACTIVEMQ_HOME}/conf/login.config"
2. possibility)
Append this line to the last block of code (last else):
-Djava.security.auth.login.config="${ACTIVEMQ_HOME}/conf/login.config"
The last else-block should look like this:
else
exec "$JAVACMD" $ACTIVEMQ_DEBUG_OPTS $ACTIVEMQ_OPTS
-Dactivemq.classpath="${ACTIVEMQ_CLASSPATH}"
-Dactivemq.home="${ACTIVEMQ_HOME}" -Dactivemq.base="${ACTIVEMQ_BASE}"
-Djava.security.auth.login.config="${ACTIVEMQ_HOME}/conf/login.config" -jar
"${ACTIVEMQ_HOME}/bin/run.jar"
$ACTIVEMQ_TASK $@
fi
* login.config
Create the file login.config in ${ACTIVEMQ_HOME}/conf/:
adminLoginModule { org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule
required
debug="true"
file="/opt/activemq/conf/realm.properties";
};
Important note:
You can also specify a relative file-path (like
file="conf/realm.properties") but then you have to pay attention from which
directory you start AMQ. With something like
file="conf/realm.properties"
you'd have to start AMQ via:
cd $AMQ_HOME
bin/activemq
* Create a password (user is test in this example)
cd $JETTY_HOME
java -cp lib/jetty-6.1.9.jar:lib/jetty-util-6.1.9.jar
org.mortbay.jetty.security.Password test test test OBF:1z0f1vu91vv11z0f
MD5:098f6bcd4621d373cade4e832627b4f6 CRYPT:teH0wLIpW0gyQ
* realm.properties
Create the file realm.properties in ${ACTIVEMQ_HOME}/conf/:
test: MD5:098f6bcd4621d373cade4e832627b4f6,user,admin
or
test: OBF:1z0f1vu91vv11z0f,user,admin
Important note:
If you choose 'MD5' or 'Crypt' you have to choose 'BASIC' as auth-method
(see below). If you choose 'DIGEST' later you will get confusing error
messages later like
WARN log -
javax.security.auth.login.LoginException: Login Failure: all modules ignored
WARN log - AUTH FAILURE: user test2
because of the double encryption ('MD5' is already a hash and 'DIGEST' makes
one additional encryption pass)
* admin-webapp: web.xml
Edit $AMQ_HOME/webapps/admin/WEB-INF/web.xml. Append this section:
<security-constraint>
<web-resource-collection>
<web-resource-name>adminRealm</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
<role-name>moderator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>adminRealm</realm-name>
</login-config>
LosWochos wrote:
>
> Hello everybody,
>
> can please anybody provide me a step-by-step configuration howto to enable
> basic authentication with the internal jetty web-console and ActiveMQ
> 5.0.0? I tried a lot of things, but I do not get it running...
>
> Best regards,
>
> LosWochos
>
--
View this message in context: http://www.nabble.com/Internal-web-console-login-tp16893848s2354p16894186.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.