You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@activemq.apache.org by "Claus Ibsen (JIRA)" <ji...@apache.org> on 2014/06/20 09:51:24 UTC

[jira] [Resolved] (AMQ-5236) Shiro Authentication and Authorization for ActiveMQ's Jetty Instance

     [ https://issues.apache.org/jira/browse/AMQ-5236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Claus Ibsen resolved AMQ-5236.
------------------------------

    Resolution: Won't Fix

> Shiro Authentication and Authorization for ActiveMQ's Jetty Instance
> --------------------------------------------------------------------
>
>                 Key: AMQ-5236
>                 URL: https://issues.apache.org/jira/browse/AMQ-5236
>             Project: ActiveMQ
>          Issue Type: New Feature
>          Components: webconsole
>    Affects Versions: 5.10.0
>         Environment: Any
>            Reporter: Justin Reock
>            Priority: Minor
>              Labels: security
>             Fix For: Unscheduled
>
>
> Shiro support for Authentication and Authorization was added to the ActiveMQ 5.10.0 release.  Though the documentation states "The ActiveMQ Shiro plugin can secure all aspects of ActiveMQ," significant work must be done to enable support for authenticating into the web console, jolokia, and anything else hosted by jetty in the broker.
> The jetty-realm.properties file is still authoritative, and the jetty.xml configuration creates a security handler and loginService which will have to be undone to allow Shiro to be authoritative.  
> My initial thought is to remove this authentication, and alter the web.xml files of the existing webapps to use Shiro Filters, though this course of action may change as more research is performed.



--
This message was sent by Atlassian JIRA
(v6.2#6252)