You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by magellings <ma...@qg.com> on 2009/03/30 20:22:48 UTC
Re: Securing the web console impossible?
I was successfully able to get everything working with login configured with
BASIC authentication and following all the steps in this thread by original
poster.
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>adminRealm</realm-name>
</login-config>
Trying with DIGEST led me to the "all modules ignored" error, which also is
logged with a user who isn't authentic still attempts logging in.
criggster wrote:
>
> Try either using the OBF format in your realm.properties in bold below
> or
> use BASIC authentication (instead of DIGEST)
>
> criggster "DIGEST and MD5/Crypt do not play well together."
>
>
>
> wiseguysby wrote:
>>
>> Hi bro,
>>
>> I've just following like below, but not success, when i've trying login
>> always failed ( Login failure : all modules ignored)
>>
>> I've ActiveMQ 5.0 and jetty 1.6.9 and installed on windows XP. ActiveMQ
>> without security login is working properly. so what should i do?
>>
>> regards
>>
>> hakim
>>
>> Hey folks,
>>
>> i finally solved it.....:-)
>>
>> I will add this information to the wiki so that the average idiot -
>> thereby referring to me - can set this up.
>>
>> But since it might take some time until i find the time to edit the wiki,
>> here's a short summary, and hopefully an idiot-proof copy&paste method:
>>
>>
>> * jetty-plus
>>
>> Download jetty, extract the archive and copy the jar jetty-plus.x.x.x.jar
>> to $AMQ_HOME/lib/web/.
>>
>>
>> * activemq.xml
>>
>> Edit the file $AMQ_HOME/conf/activemq.xml. Find this section:
>>
>> <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
>> <connectors>
>> <nioConnector port="8161" />
>> </connectors>
>> <handlers>
>> <webAppContext contextPath="/admin"
>> resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
>> <webAppContext contextPath="/demo"
>> resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true" />
>> </handlers>
>> </jetty>
>>
>> Now add a realm between </connectors> and <handlers> like this:
>>
>> <userRealms>
>> <jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
>> </jaasUserRealm>
>> </userRealms>
>>
>> * activemq start-script
>>
>> Edit the activemq-startscript under $AMQ_HOME/bin/activemq (or set a
>> corresponding env-variable):
>>
>> Append this line to the last block of code (last else):
>>
>> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.conf"
>>
>> The last else-block should look like this:
>>
>> else
>> exec "$JAVACMD" $ACTIVEMQ_DEBUG_OPTS $ACTIVEMQ_OPTS
>> -Dactivemq.classpath="${ACTIVEMQ_CLASSPATH}"
>> -Dactivemq.home="${ACTIVEMQ_HOME}" -Dactivemq.base="${ACTIVEMQ_BASE}"
>> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.config"
>> -jar "${ACTIVEMQ_HOME}/bin/run.jar"
>> $ACTIVEMQ_TASK $@
>> fi
>>
>> But setting a corresponding environment variable is highly recommended!
>>
>> * login.config
>>
>> Create the file login.config in ${ACTIVEMQ_HOME}/webapps/admin/:
>>
>> adminLoginModule {
>> org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule required
>> debug="true"
>> file="/opt/activemq/conf/realm.properties";
>> };
>>
>>
>> * Create a password
>>
>> cd $JETTY_HOME
>> java -cp lib/jetty-6.1.9.jar:lib/jetty-util-6.1.9.jar
>> org.mortbay.jetty.security.Password admin test
>> test
>> OBF:1z0f1vu91vv11z0f
>> MD5:098f6bcd4621d373cade4e832627b4f6
>> CRYPT:oewgD4ujswzhg
>>
>> * realm.properties
>>
>> Create the file realm.properties in ${ACTIVEMQ_HOME}/conf/:
>>
>>
>> admin: OBF:1z0f1vu91vv11z0f,user,admin
>>
>>
>> * admin-webapp: web.xml
>>
>>
>> Edit $AMQ_HOME/webapps/admin/WEB-INF/web.xml. Append this section:
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>adminRealm</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>admin</role-name>
>> <role-name>user</role-name>
>> <role-name>moderator</role-name>
>> </auth-constraint>
>> </security-constraint>
>> <login-config>
>> <auth-method>DIGEST</auth-method>
>> <realm-name>adminRealm</realm-name>
>> </login-config>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Securing-the-web-console-impossible--tp16765525p22789539.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.