You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Wei Guo (Jira)" <ji...@apache.org> on 2023/01/16 09:13:00 UTC

[jira] [Created] (AMQ-9198) Self-customized read-only role for AMQ works but caused admin/security login gives 403

Wei Guo created AMQ-9198:
----------------------------

             Summary: Self-customized read-only role for AMQ works but caused admin/security login gives 403
                 Key: AMQ-9198
                 URL: https://issues.apache.org/jira/browse/AMQ-9198
             Project: ActiveMQ
          Issue Type: Bug
            Reporter: Wei Guo
         Attachments: image-2023-01-16-17-12-33-509.png

We added new readerSecurityConstraintMapping for read-only permission for AMQ it works for read-only users, but when we switch to the admin user, it gives 403 error :
!image-2023-01-16-17-12-33-509.png!

jetty.xml : 
{code:java}
    <bean id="readerSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
        <property name="name" value="BASIC" />
        <property name="roles" value="reader" />
        <property name="authenticate" value="true" />
    </bean>
    
    <bean id="readerSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
        <property name="constraint" ref="readerSecurityConstraint" />
        <property name="pathSpec" value="/index.html,/admin/*.html,/admin/index.jsp,/admin/queues.jsp,/admin/browse.jsp,/admin/queueConsumers.jsp,/admin/topics.jsp,/admin/topicProducers.jsp,/admin/topicSubscribers.jsp,/admin/connections.jsp,/admin/network.jsp,/admin/scheduled.jsp,/admin/queueGraph.jsp,/admin/xml/queues.jsp,/admin/xml/subscribers.jsp"/>
    </bean> 


    <bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
        <property name="loginService" ref="securityLoginService" />
        <property name="authenticator">
            <bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
        </property>
        <property name="constraintMappings">
            <list>
                <ref bean="adminSecurityConstraintMapping" />
                <ref bean="securityConstraintMapping" />
                <ref bean="readerSecurityConstraintMapping" />
            </list>
        </property>
        <property name="handler" ref="secHandlerCollection" />
    </bean>{code}

==jetty-realm.properties==
admin: admin, admin
user: user, user
reader: reader,reader




 

 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)