activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j0llyr0g3r <timo.roess...@wincor-nixdorf.com>
Subject Re: Securing the web console impossible?
Date Tue, 22 Apr 2008 08:06:10 GMT

Hey folks, 

i finally solved it.....:-)

I will add this information to the wiki so that the average idiot - thereby
referring to me - can set this up.

But since it might take some time until i find the time to edit the wiki,
here's a short summary, and hopefully an idiot-proof copy&paste method:


*  jetty-plus 

Download jetty, extract the archive and copy the jar jetty-plus.x.x.x.jar to
$AMQ_HOME/lib/web/.


* activemq.xml 

Edit the file $AMQ_HOME/conf/activemq.xml. Find this section:

<jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
  <connectors>
    <nioConnector port="8161" />
  </connectors>	
  <handlers>
    <webAppContext contextPath="/admin"
resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
    <webAppContext contextPath="/demo"
resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true" />
  </handlers>
</jetty>

Now add a realm between </connectors> and <handlers> like this:

<userRealms>
   <jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
   </jaasUserRealm>
</userRealms>
   
* activemq start-script 

Edit the activemq-startscript under $AMQ_HOME/bin/activemq (or set a
corresponding env-variable):

Append this line to the last block of code (last else):

-Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.conf" 

The last else-block should look like this:

else
exec "$JAVACMD" $ACTIVEMQ_DEBUG_OPTS $ACTIVEMQ_OPTS
-Dactivemq.classpath="${ACTIVEMQ_CLASSPATH}"
-Dactivemq.home="${ACTIVEMQ_HOME}" -Dactivemq.base="${ACTIVEMQ_BASE}"  
-Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.conf"
-jar "${ACTIVEMQ_HOME}/bin/run.jar"  
$ACTIVEMQ_TASK $@
fi

But setting a corresponding environment variable is highly recommended!

* login.config 

Create the file login.config in ${ACTIVEMQ_HOME}/webapps/admin/:

adminLoginModule { org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule
required
       debug="true"
       file="/opt/activemq/conf/realm.properties";
     };


* Create a password 

cd $JETTY_HOME
java -cp lib/jetty-6.1.9.jar:lib/jetty-util-6.1.9.jar
org.mortbay.jetty.security.Password admin test
test
OBF:1z0f1vu91vv11z0f
MD5:098f6bcd4621d373cade4e832627b4f6
CRYPT:oewgD4ujswzhg

* login.config 

Create the file realm.properties in ${ACTIVEMQ_HOME}/conf/:


admin: MD5:098f6bcd4621d373cade4e832627b4f6,user,admin


* admin-webapp: web.xml 


Edit $AMQ_HOME/webapps/admin/WEB-INF/web.xml. Append this section:

<security-constraint>
 <web-resource-collection>
 <web-resource-name>adminRealm</web-resource-name>
   <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
     <role-name>admin</role-name>
     <role-name>user</role-name>
     <role-name>moderator</role-name>
   </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>DIGEST</auth-method>
  <realm-name>adminRealm</realm-name>
</login-config>


-- 
View this message in context: http://www.nabble.com/Securing-the-web-console-impossible--tp16765525s2354p16823509.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message