You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by magellings <ma...@qg.com> on 2009/03/30 20:22:48 UTC

Re: Securing the web console impossible?

I was successfully able to get everything working with login configured with
BASIC authentication and following all the steps in this thread by original
poster.


  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>adminRealm</realm-name>
  </login-config>

Trying with DIGEST led me to the "all modules ignored" error, which also is
logged with a user who isn't authentic still attempts logging in.



criggster wrote:
> 
> Try either using the OBF format in your realm.properties in bold below
>   or
> use BASIC authentication (instead of DIGEST)
> 
> criggster "DIGEST and MD5/Crypt do not play well together."
> 
> 
> 
> wiseguysby wrote:
>> 
>> Hi bro,
>> 
>> I've just following like below, but not success, when i've trying login
>> always failed ( Login failure : all modules ignored)
>> 
>> I've ActiveMQ 5.0 and jetty 1.6.9 and installed on windows XP. ActiveMQ
>> without security login is working properly. so what should i do? 
>> 
>> regards
>> 
>> hakim
>> 
>> Hey folks, 
>> 
>> i finally solved it.....:-)
>> 
>> I will add this information to the wiki so that the average idiot -
>> thereby referring to me - can set this up.
>> 
>> But since it might take some time until i find the time to edit the wiki,
>> here's a short summary, and hopefully an idiot-proof copy&paste method:
>> 
>> 
>> *  jetty-plus 
>> 
>> Download jetty, extract the archive and copy the jar jetty-plus.x.x.x.jar
>> to $AMQ_HOME/lib/web/.
>> 
>> 
>> * activemq.xml 
>> 
>> Edit the file $AMQ_HOME/conf/activemq.xml. Find this section:
>> 
>> <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
>>   <connectors>
>>     <nioConnector port="8161" />
>>   </connectors>	
>>   <handlers>
>>     <webAppContext contextPath="/admin"
>> resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
>>     <webAppContext contextPath="/demo"
>> resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true" />
>>   </handlers>
>> </jetty>
>> 
>> Now add a realm between </connectors> and <handlers> like this:
>> 
>> <userRealms>
>>    <jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
>>    </jaasUserRealm>
>> </userRealms>
>>    
>> * activemq start-script 
>> 
>> Edit the activemq-startscript under $AMQ_HOME/bin/activemq (or set a
>> corresponding env-variable):
>> 
>> Append this line to the last block of code (last else):
>> 
>> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.conf" 
>> 
>> The last else-block should look like this:
>> 
>> else
>> exec "$JAVACMD" $ACTIVEMQ_DEBUG_OPTS $ACTIVEMQ_OPTS
>> -Dactivemq.classpath="${ACTIVEMQ_CLASSPATH}"
>> -Dactivemq.home="${ACTIVEMQ_HOME}" -Dactivemq.base="${ACTIVEMQ_BASE}"  
>> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.config"
>> -jar "${ACTIVEMQ_HOME}/bin/run.jar"  
>> $ACTIVEMQ_TASK $@
>> fi
>> 
>> But setting a corresponding environment variable is highly recommended!
>> 
>> * login.config 
>> 
>> Create the file login.config in ${ACTIVEMQ_HOME}/webapps/admin/:
>> 
>> adminLoginModule {
>> org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule required
>>        debug="true"
>>        file="/opt/activemq/conf/realm.properties";
>>      };
>> 
>> 
>> * Create a password 
>> 
>> cd $JETTY_HOME
>> java -cp lib/jetty-6.1.9.jar:lib/jetty-util-6.1.9.jar
>> org.mortbay.jetty.security.Password admin test
>> test
>> OBF:1z0f1vu91vv11z0f
>> MD5:098f6bcd4621d373cade4e832627b4f6
>> CRYPT:oewgD4ujswzhg
>> 
>> * realm.properties 
>> 
>> Create the file realm.properties in ${ACTIVEMQ_HOME}/conf/:
>> 
>> 
>> admin: OBF:1z0f1vu91vv11z0f,user,admin
>> 
>> 
>> * admin-webapp: web.xml 
>> 
>> 
>> Edit $AMQ_HOME/webapps/admin/WEB-INF/web.xml. Append this section:
>> 
>> <security-constraint>
>>  <web-resource-collection>
>>  <web-resource-name>adminRealm</web-resource-name>
>>    <url-pattern>/*</url-pattern>
>>    </web-resource-collection>
>>    <auth-constraint>
>>      <role-name>admin</role-name>
>>      <role-name>user</role-name>
>>      <role-name>moderator</role-name>
>>    </auth-constraint>
>> </security-constraint>
>> <login-config>
>>   <auth-method>DIGEST</auth-method>
>>   <realm-name>adminRealm</realm-name>
>> </login-config>
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Securing-the-web-console-impossible--tp16765525p22789539.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.