activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j0llyr0g3r <timo.roess...@wincor-nixdorf.com>
Subject Securing the web console impossible?
Date Fri, 18 Apr 2008 21:22:40 GMT

Hey folks,

i am desperately trying to find out how to configure a simple access control
for the web console, but this is simply not documented......

The documentation here: http://activemq.apache.org/web-console.html
refers to a separate jetty instance, not to the integrated jetty.

That's when i thought

 "ok, it's simply not possible using the integrated jetty"

but then i stumbled over this peace of user-submitted configuration example:
http://activemq.apache.org/user-submitted-configurations.html

This looks really good:

 <!-- Web Console.  Auth is via JAAS.  Beware: jetty-plus-6.1.4.jar contains
the
       JAAS classes, and is not included with ActiveMQ.  You need to
download
       separately.  Web Console queue browser will fail, as it tries to use
JMS
       to browse the queue, and that requires a password.
  -->

  <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
    <connectors>
      <nioConnector port="8161" />
    </connectors>

    <userRealms>
      <!-- "name" must match the realm in web.xml, and "loginModuleName"
must be defined in login.conf -->
      <jaasUserRealm name="ActiveMQ" loginModuleName="ActiveMQ"
        
callbackHandlerClass="org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler"
/>
    </userRealms>

    <handlers>
      <webAppContext contextPath="/admin"
resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
    </handlers>
  </jetty>

But unfortunately, it lacks important information:

<userRealms>
      <!-- "name" must match the realm in web.xml, and "loginModuleName"
must be defined in login.conf -->

Defining a realm in the web.xml is ok, but what about the "login.conf"?

Where should i place this file?

What should its content look like?

What "loginModuleName" should i specify?
-- 
View this message in context: http://www.nabble.com/Securing-the-web-console-impossible--tp16765525s2354p16765525.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message