activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stoyac <sto...@gmx.de>
Subject The same password for ActiveMQ and WebConsole
Date Mon, 15 Jun 2009 13:17:22 GMT

The ActiveMQ password is configured in activemq.xml, while the WebConsole
password is configured in jetty, mostly in web xml. Both engines - ActiveMQ
and Jetty - follow different configuration files and rules. Eg. there are
roles in Jetty which are not present in ActiveMQ, having groups instead
(whatever the difference is). With some tricks and if you decide to get rid
of role checking you may have the same users and passwords for both ActiveMQ
and the built-in WebConsole.

1. Define the system property java.security.auth.login.config pointing to
the exact location of the JAAS configuration file, eg. in bin\activemq.bat
if "%ACTIVEMQ_OPTS%" == "" set ACTIVEMQ_OPTS=-Xmx512M
-Dorg.apache.activemq.UseDedicatedTaskRunner=true
-Djava.security.auth.login.config="%ACTIVEMQ_HOME%\conf\login.config"
(all in one line)
or in UNIX' bin/activemq
if [ -z "$ACTIVEMQ_OPTS" ] ; then
  ACTIVEMQ_OPTS="-Xmx512M -Dorg.apache.activemq.UseDedicatedTaskRunner=true
-D${ACTIVEMQ_HOME}/conf/login.config"
fi

2. conf/login.config
login {
 org.apache.activemq.jaas.PropertiesLoginModule required
  debug=true
  org.apache.activemq.jaas.properties.user=passwd
  org.apache.activemq.jaas.properties.group=group;
};

3. conf/passwd
myuser=secret

"secret" is the password of the user myuser, as clear text.

4. conf/group
admin=myuser
users=myuser

(no special idea, what is the file for, feel free to correct it)

5. conf/activemq.xml

<beans ...>
  <broker ...>
  ...
    <plugins>
      <jaasAuthenticationPlugin configuration="login" />
    </plugins>
  ...
  </broker>
  ...
  <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
    <!-- TCP port on which the WebConsole listenes -->
    <connectors>
      <nioConnector port="8161"/>
    </connectors>
    <!-- Where the whole jetty stuff (WebPages etc.) is located -->
    <handlers>
      <webAppContext contextPath="/admin"
                     resourceBase="activemq_base/webapps/admin"
                     logUrlOnStart="true"/>
    </handlers>
    <userRealms>
      <jaasUserRealm name="adminRealm"
                     loginModuleName="login" />
    </userRealms>
  </jetty>
  ...
</beans>

Both strings "login" in jaasAuthenticationPlugin and jaasUserRealm point to
the section called "login" (our only section) in conf/login.config.

6. webapps/admin/WEB-INF/web.xml

<web-app ...>
  ...
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>adminRealm</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>adminRealm</realm-name>
  </login-config>
</web-app>

Please use * for role name, because the JAAS module
org.apache.activemq.jaas.PropertiesLoginModule
doesn't use any specific roles.


-- 
View this message in context: http://www.nabble.com/The-same-password-for-ActiveMQ-and-WebConsole-tp24034502p24034502.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message