You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by John Smith <js...@googlemail.com> on 2014/04/16 14:54:06 UTC
Securing the ActiveMQ Web Console in ServiceMix 4.5.3
Hello,
I was wondering how one would secure the activemq web console application
so a username/password would be required to access it rather like you need
to use the smx credentials for the karaf web console?
I was assuming that the configuration would be within jetty.xml in which
there are two JAASLoginService beans named karaf and default . I cannot see
where another web application configures itself to use the login service?
thanks,
John.
Re: Securing the ActiveMQ Web Console in ServiceMix 4.5.3
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi,
that would be one possible solution, another one is to add this via a
bundle-fragment to the web-console bundle.
regards, Achim
2014-04-16 17:36 GMT+02:00 John Smith <js...@googlemail.com>:
> Hi Achim, thanks for the reply.
>
> by the "activemq web console" I mean the console installed from the
> activemq feature repository e.g:
>
> org.apache.activemq/activemq-web-console/5.7.0/war
>
> Are you saying that I need to customize this with my own
> security-constraint then repackage the war?
>
>
>
> On Wed, Apr 16, 2014 at 3:30 PM, Achim Nierbeck <bcanhome@googlemail.com
> >wrote:
>
> > Hi John,
> >
> > how about using standard web security mechanisms?
> > Define a security-constraint in your web application and if no other JAAS
> > login service is configured default will be used.
> >
> > regards, Achim
> >
> >
> > 2014-04-16 14:54 GMT+02:00 John Smith <js...@googlemail.com>:
> >
> > > Hello,
> > >
> > > I was wondering how one would secure the activemq web console
> application
> > > so a username/password would be required to access it rather like you
> > need
> > > to use the smx credentials for the karaf web console?
> > >
> > > I was assuming that the configuration would be within jetty.xml in
> which
> > > there are two JAASLoginService beans named karaf and default . I cannot
> > see
> > > where another web application configures itself to use the login
> service?
> > >
> > > thanks,
> > > John.
> > >
> >
> >
> >
> > --
> >
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> &
> > Project Lead
> > blog <http://notizblog.nierbeck.de/>
> >
> > Software Architect / Project Manager / Scrum Master
> >
>
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Software Architect / Project Manager / Scrum Master
Re: Securing the ActiveMQ Web Console in ServiceMix 4.5.3
Posted by John Smith <js...@googlemail.com>.
Hi Achim, thanks for the reply.
by the "activemq web console" I mean the console installed from the
activemq feature repository e.g:
org.apache.activemq/activemq-web-console/5.7.0/war
Are you saying that I need to customize this with my own
security-constraint then repackage the war?
On Wed, Apr 16, 2014 at 3:30 PM, Achim Nierbeck <bc...@googlemail.com>wrote:
> Hi John,
>
> how about using standard web security mechanisms?
> Define a security-constraint in your web application and if no other JAAS
> login service is configured default will be used.
>
> regards, Achim
>
>
> 2014-04-16 14:54 GMT+02:00 John Smith <js...@googlemail.com>:
>
> > Hello,
> >
> > I was wondering how one would secure the activemq web console application
> > so a username/password would be required to access it rather like you
> need
> > to use the smx credentials for the karaf web console?
> >
> > I was assuming that the configuration would be within jetty.xml in which
> > there are two JAASLoginService beans named karaf and default . I cannot
> see
> > where another web application configures itself to use the login service?
> >
> > thanks,
> > John.
> >
>
>
>
> --
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> Project Lead
> blog <http://notizblog.nierbeck.de/>
>
> Software Architect / Project Manager / Scrum Master
>
Re: Securing the ActiveMQ Web Console in ServiceMix 4.5.3
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi John,
how about using standard web security mechanisms?
Define a security-constraint in your web application and if no other JAAS
login service is configured default will be used.
regards, Achim
2014-04-16 14:54 GMT+02:00 John Smith <js...@googlemail.com>:
> Hello,
>
> I was wondering how one would secure the activemq web console application
> so a username/password would be required to access it rather like you need
> to use the smx credentials for the karaf web console?
>
> I was assuming that the configuration would be within jetty.xml in which
> there are two JAASLoginService beans named karaf and default . I cannot see
> where another web application configures itself to use the login service?
>
> thanks,
> John.
>
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Software Architect / Project Manager / Scrum Master