[prev in list] [next in list] [prev in thread] [next in thread]
List: activemq-users
Subject: Re: jaasAuthenticationPlugin
From: Sumit Bhardwaj <sumit.bhardwaj () gmail ! com>
Date: 2020-06-11 11:22:45
Message-ID: CAB_TK4rQy1WPSbPYobDHkLmGiOL1TG2q--WCG3ojVuaABvZAKA () mail ! gmail ! com
[Download RAW message or body]
Hi Domenico,
I made a mistake with the role name.. It's working now correctly after I
rectified it.
Thanks a lot for your help!
Best
Sumit
On Thu, Jun 11, 2020 at 1:41 PM Domenico Francesco Bruscino <
bruscinodf@gmail.com> wrote:
> Hi Sumit,
>
> I can't see the image, can you upload it somewhere and share the link?
>
> Regards,
> Domenico
>
> Il giorno gio 11 giu 2020 alle ore 09:38 Sumit Bhardwaj <
> sumit.bhardwaj@gmail.com> ha scritto:
>
> > Yes I already added that jar, but maybe I am missing something. Its
> > showing me following when I login to http://localhost:8161/
> >
> > Any pointer for this?
> >
> > Best
> > Sumit
> >
> >
> > [image: image.png]
> >
> > On Thu, Jun 11, 2020 at 1:04 PM Domenico Francesco Bruscino <
> > bruscinodf@gmail.com> wrote:
> >
> > > Hi Sumit,
> > >
> > > it will work with encrypted password as well but you need to add the
> > > artifact org.eclipse.jetty:jetty-jaas:jar to the
> > > `apache-activemq/lib/web/"
> > > folder, ie
> > >
> > >
> https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jaas/9.4.27.v20200227/jetty-jaas-9.4.27.v20200227.jar
>
> > >
> > > Regards,
> > > Domenico
> > >
> > >
> > > Il giorno gio 11 giu 2020 alle ore 07:43 Sumit Bhardwaj <
> > > sumit.bhardwaj@gmail.com> ha scritto:
> > >
> > > > Thank Domenico, I will try this. This will work with encrypted
> > > passwords as
> > > > well right?
> > > >
> > > > Best
> > > > Sumit
> > > >
> > > > On Thu, Jun 11, 2020 at 1:58 AM Domenico Francesco Bruscino <
> > > > bruscinodf@gmail.com> wrote:
> > > >
> > > > > Hi Sumit,
> > > > >
> > > > > to use the same JAAS Authentication Plugin for the web console, you
> > > can
> > > > > execute the following additional steps:
> > > > >
> > > > > 1) Replace the `securityLoginService` in jetty.xml:
> > > > > <bean id="securityLoginService"
> > > > > class="org.eclipse.jetty.jaas.JAASLoginService">
> > > > > <property name="name" value="ActiveMQRealm" />
> > > > > <property name="loginModuleName" value="activemq" />
> > > > > <property name="roleClassNames">
> > > > > <list>
> > > > >
> <value>org.apache.activemq.jaas.GroupPrincipal</value>
> > > > > </list>
> > > > > </property>
> > > > > </bean>
> > > > >
> > > > > 2) Replace the roles of the `securityConstraint` and
> > > > > `adminSecurityConstraint` beans in jetty.xml to match the roles
> > > defined
> > > > > in groups.properties:
> > > > > <bean id="securityConstraint"
> > > > > class="org.eclipse.jetty.util.security.Constraint">
> > > > > <property name="name" value="BASIC" />
> > > > > <property name="roles" value="user,*admins*" />
> > > > > <!-- set authenticate=false to disable login -->
> > > > > <property name="authenticate" value="true" />
> > > > > </bean>
> > > > > <bean id="adminSecurityConstraint"
> > > > > class="org.eclipse.jetty.util.security.Constraint">
> > > > > <property name="name" value="BASIC" />
> > > > > <property name="roles" value="*admins*" />
> > > > > <!-- set authenticate=false to disable login -->
> > > > > <property name="authenticate" value="true" />
> > > > > </bean>
> > > > >
> > > > > 3) Set the IdentityService of the `securityHandler` bean jetty.xml:
> > > > > <property name="identityService">
> > > > > <bean
> > > class="org.eclipse.jetty.security.DefaultIdentityService"
> > > > />
> > > > > </property>
> > > > >
> > > > > Regards,
> > > > > Domenico
> > > > >
> > > > > Il giorno mer 10 giu 2020 alle ore 19:52 Sumit Bhardwaj <
> > > > > sumit.bhardwaj@gmail.com> ha scritto:
> > > > >
> > > > > > Thanks a lot Dominico!
> > > > > >
> > > > > > I have one more question, can we use JAASAuthenticationPlugin for
> > > web
> > > > > > console users as well?
> > > > > >
> > > > > > Best
> > > > > > Sumit
> > > > > >
> > > > > > On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino <
> > > > > > bruscinodf@gmail.com> wrote:
> > > > > >
> > > > > > > Hi Sumit,
> > > > > > >
> > > > > > > to get a working demo of JAAS Authentication Plugin with
> encrypted
> > > > > > > passwords, you can execute the following steps:
> > > > > > >
> > > > > > > 1) Create a new broker instance:
> > > > > > > $ ./bin/activemq create broker
> > > > > > >
> > > > > > > 2) Add the JAAS Authentication Plugin to activemq.xml:
> > > > > > > <plugins>
> > > > > > > <jaasAuthenticationPlugin configuration="activemq"/>
> > > > > > >
> > > > > > > 3) Replace the admin password with an encrypted password in
> > > > > > > users.properties, ie the the encrypted password `manager`:
> > > > > > > admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
> > > > > > >
> > > > > > > 4) Enable decrypt in login.config:
> > > > > > > activemq {
> > > > > > > org.apache.activemq.jaas.PropertiesLoginModule required
> > > > > > > decrypt=true
> > > > > > >
> > > org.apache.activemq.jaas.properties.user="users.properties"
> > > > > > >
> > > > org.apache.activemq.jaas.properties.group="groups.properties";
> > > > > > > };
> > > > > > >
> > > > > > > 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
> > > > > > > $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
> > > > > > >
> > > > > > > 6) Start the broker:
> > > > > > > $ ./broker/bin/broker start
> > > > > > >
> > > > > > > 7) Start the producer:
> > > > > > > $ ./bin/activemq producer --user admin --password manager
> > > > > --messageCount
> > > > > > 1
> > > > > > >
> > > > > > > Regards,
> > > > > > > Domenico
> > > > > > >
> > > > > > > Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
> > > > > > > sumit.bhardwaj@gmail.com> ha scritto:
> > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > We are trying to use JAAS Authentication plugin for ActiveMQ.
> We
> > > > have
> > > > > > > been
> > > > > > > > able to use it with plain text passwords in the
> > > users.properties.
> > > > > > > >
> > > > > > > > We are not able to figure out how to use the encrypted
> > > passwords in
> > > > > > > > users.properties with JAAS Authentication Plugin.
> > > > > > > >
> > > > > > > > Are there any examples to achieve this?
> > > > > > > >
> > > > > > > > Thanks in advance.
> > > > > > > >
> > > > > > > > Best
> > > > > > > > Sumit
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic