activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Snyder <bruce.sny...@gmail.com>
Subject Re: Dynamically setting activemq username password when logging into web console
Date Thu, 29 Oct 2009 19:06:14 GMT
On Thu, Oct 29, 2009 at 2:49 PM, magellings <mark.gellings@qg.com> wrote:
>
> Hi.
>
> I'm using ActiveMQ 5.2 and am wondering if there is a way to set the
> userName and password properties in webconsole-embedded.xml based on
> credentials entered with a basic authentication setup for the web console?
>
>  <bean id="connectionFactory"
> class="org.apache.activemq.ActiveMQConnectionFactory">
>    <property name="brokerURL" value="vm://localhost"/>
>    <property name="userName" value="${activemq.username}"/>
>    <property name="password" value="${activemq.password}"/>
>  </bean>
>
> These are the credentials the web console uses to connect to the broker.  I
> want to be able to configure privs based on what credentials the user uses
> to log into the web console.  I currently configure privs with the
> simpleAuthentication/authorization plugin configured in activemq.xml.  I'd
> like to add another user with read-only privs in which they can log in with
> that user to the web console and restricts them from deleting
> queues/messages etc.
>
>    <plugins>
>      <simpleAuthenticationPlugin>
>        <users>
>          <authenticationUser username="GL$ACTIVEMQ_QUADNMS"
> password="destination" groups="producers,consumers,admins" />
>        </users>
>      </simpleAuthenticationPlugin>
>      <authorizationPlugin>
>        <map>
>          <authorizationMap>
>            <authorizationEntries>
>              <authorizationEntry queue=">" write="producers"
> read="consumers" admin="admins,producers" />
>              <authorizationEntry topic=">" read="admins"
> write="admins,producers" admin="admins,producers,consumers" />
>            </authorizationEntries>
>          </authorizationMap>
>        </map>
>      </authorizationPlugin>
>    </plugins>
>
> Here's a seperate thread explaining how to configure the web console to use
> basic authentication.
>
> http://www.nabble.com/Securing-the-web-console-impossible--tt16765525.html#a16784476

Broker authentication for a JMS connection is wholly separate from JMX
authentication. Here's some info on setting up standard JMX
authentication:

http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html

Once JMX authentication is configured, you'll need to specify the JMX
authentication credentials using the web console user/password system
properties as noted here:

http://activemq.apache.org/web-console.html

Bruce
-- 
perl -e 'print unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*"
);'

ActiveMQ in Action: http://bit.ly/2je6cQ
Blog: http://bruceblog.org/
Twitter: http://twitter.com/brucesnyder

Mime
View raw message