activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wiseguysby <wiseguysb...@yahoo.com.sg>
Subject Re: Securing the web console impossible?
Date Mon, 05 May 2008 22:16:23 GMT

Hi bro,

I've just following like below, but not success, when i've trying login
always failed ( Login failure : all modules ignored)

I've ActiveMQ 5.0 and jetty 1.6.9 and installed on windows XP. ActiveMQ
without security login is working properly. so what should i do? 

regards

hakim


j0llyr0g3r wrote:
> 
> Hey folks, 
> 
> i finally solved it.....:-)
> 
> I will add this information to the wiki so that the average idiot -
> thereby referring to me - can set this up.
> 
> But since it might take some time until i find the time to edit the wiki,
> here's a short summary, and hopefully an idiot-proof copy&paste method:
> 
> 
> *  jetty-plus 
> 
> Download jetty, extract the archive and copy the jar jetty-plus.x.x.x.jar
> to $AMQ_HOME/lib/web/.
> 
> 
> * activemq.xml 
> 
> Edit the file $AMQ_HOME/conf/activemq.xml. Find this section:
> 
> <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
>   <connectors>
>     <nioConnector port="8161" />
>   </connectors>	
>   <handlers>
>     <webAppContext contextPath="/admin"
> resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
>     <webAppContext contextPath="/demo"
> resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true" />
>   </handlers>
> </jetty>
> 
> Now add a realm between </connectors> and <handlers> like this:
> 
> <userRealms>
>    <jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
>    </jaasUserRealm>
> </userRealms>
>    
> * activemq start-script 
> 
> Edit the activemq-startscript under $AMQ_HOME/bin/activemq (or set a
> corresponding env-variable):
> 
> Append this line to the last block of code (last else):
> 
> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.conf" 
> 
> The last else-block should look like this:
> 
> else
> exec "$JAVACMD" $ACTIVEMQ_DEBUG_OPTS $ACTIVEMQ_OPTS
> -Dactivemq.classpath="${ACTIVEMQ_CLASSPATH}"
> -Dactivemq.home="${ACTIVEMQ_HOME}" -Dactivemq.base="${ACTIVEMQ_BASE}"  
> -Djava.security.auth.login.config="${ACTIVEMQ_HOME}/webapps/admin/login.conf"
> -jar "${ACTIVEMQ_HOME}/bin/run.jar"  
> $ACTIVEMQ_TASK $@
> fi
> 
> But setting a corresponding environment variable is highly recommended!
> 
> * login.config 
> 
> Create the file login.config in ${ACTIVEMQ_HOME}/webapps/admin/:
> 
> adminLoginModule { org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule
> required
>        debug="true"
>        file="/opt/activemq/conf/realm.properties";
>      };
> 
> 
> * Create a password 
> 
> cd $JETTY_HOME
> java -cp lib/jetty-6.1.9.jar:lib/jetty-util-6.1.9.jar
> org.mortbay.jetty.security.Password admin test
> test
> OBF:1z0f1vu91vv11z0f
> MD5:098f6bcd4621d373cade4e832627b4f6
> CRYPT:oewgD4ujswzhg
> 
> * login.config 
> 
> Create the file realm.properties in ${ACTIVEMQ_HOME}/conf/:
> 
> 
> admin: MD5:098f6bcd4621d373cade4e832627b4f6,user,admin
> 
> 
> * admin-webapp: web.xml 
> 
> 
> Edit $AMQ_HOME/webapps/admin/WEB-INF/web.xml. Append this section:
> 
> <security-constraint>
>  <web-resource-collection>
>  <web-resource-name>adminRealm</web-resource-name>
>    <url-pattern>/*</url-pattern>
>    </web-resource-collection>
>    <auth-constraint>
>      <role-name>admin</role-name>
>      <role-name>user</role-name>
>      <role-name>moderator</role-name>
>    </auth-constraint>
> </security-constraint>
> <login-config>
>   <auth-method>DIGEST</auth-method>
>   <realm-name>adminRealm</realm-name>
> </login-config>
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Securing-the-web-console-impossible--tp16765525s2354p17071452.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message