This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/main by this push:
new de7b2726b [AMQ-8391] Convert web to use shared JAAS realm with
messaging layer
new 18c74769d Merge pull request #1100 from hyteio/AMQ-8391-jaas-web
de7b2726b is described below
commit de7b2726b19c5be619685177f6dedcf0fd15b129
Author: Matt Pavlovich <m...@hyte.io>
AuthorDate: Sun Oct 29 10:50:24 2023 -0500
[AMQ-8391] Convert web to use shared JAAS realm with messaging layer
---
assembly/pom.xml | 4 +
assembly/src/main/descriptors/common-bin.xml | 1 +
assembly/src/release/conf/jetty.xml | 136 +++++++++++----------
assembly/src/release/examples/conf/jetty-demo.xml | 2 +-
.../conf/jetty-realm-5.x.properties} | 14 ++-
.../conf/jetty-realm-5.x.xml} | 8 ++
6 files changed, 99 insertions(+), 66 deletions(-)
diff --git a/assembly/pom.xml b/assembly/pom.xml
index 5e3bb4a2e..b75a81237 100644
--- a/assembly/pom.xml
+++ b/assembly/pom.xml
@@ -301,6 +301,10 @@
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-annotations</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-jaas</artifactId>
+ </dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jndi</artifactId>
diff --git a/assembly/src/main/descriptors/common-bin.xml
b/assembly/src/main/descriptors/common-bin.xml
index 7561c6ff1..e5dff72c2 100644
--- a/assembly/src/main/descriptors/common-bin.xml
+++ b/assembly/src/main/descriptors/common-bin.xml
@@ -255,6 +255,7 @@
<include>org.eclipse.jetty:jetty-util</include>
<include>org.eclipse.jetty:jetty-http</include>
<include>org.eclipse.jetty:jetty-io</include>
+ <include>org.eclipse.jetty:jetty-jaas</include>
<include>org.eclipse.jetty:jetty-jndi</include>
<include>org.eclipse.jetty:jetty-plus</include>
<include>org.eclipse.jetty:jetty-servlet</include>
diff --git a/assembly/src/release/conf/jetty.xml
b/assembly/src/release/conf/jetty.xml
index 6ce53142f..dd5dcb82f 100644
--- a/assembly/src/release/conf/jetty.xml
+++ b/assembly/src/release/conf/jetty.xml
@@ -1,5 +1,4 @@
-
- <!--
+<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor
license agreements. See the NOTICE file distributed with this work for
additional
information regarding copyright ownership. The ASF licenses this file
to You under
@@ -24,20 +23,27 @@
<property name="sendServerVersion" value="false"/>
</bean>
- <bean id="securityLoginService"
class="org.eclipse.jetty.security.HashLoginService">
- <property name="name" value="ActiveMQRealm" />
- <property name="config"
value="${activemq.conf}/jetty-realm.properties" />
+ <bean id="jaasLoginService"
class="org.eclipse.jetty.jaas.JAASLoginService">
+ <property name="name" value="ActiveMQRealm"/>
+ <property name="loginModuleName" value="activemq"/>
+ <property name="roleClassNames">
+ <list>
+ <value>org.apache.activemq.jaas.GroupPrincipal</value>
+ </list>
+ </property>
</bean>
+ <bean id="identityService"
class="org.eclipse.jetty.security.DefaultIdentityService"/>
+
<bean id="securityConstraint"
class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
- <property name="roles" value="user,admin" />
+ <property name="roles" value="user,admins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint"
class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
- <property name="roles" value="admin" />
+ <property name="roles" value="admins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
@@ -75,37 +81,38 @@
</property>
</bean>
- <bean id="secHandlerCollection"
class="org.eclipse.jetty.server.handler.HandlerCollection">
- <property name="handlers">
- <list>
- <ref bean="rewriteHandler"/>
- <bean
class="org.eclipse.jetty.webapp.WebAppContext">
- <property name="contextPath"
value="/admin" />
- <property name="resourceBase"
value="${activemq.home}/webapps/admin" />
- <property name="logUrlOnStart"
value="true" />
- </bean>
- <bean
class="org.eclipse.jetty.webapp.WebAppContext">
- <property name="contextPath"
value="/api" />
- <property name="resourceBase"
value="${activemq.home}/webapps/api" />
- <property name="logUrlOnStart"
value="true" />
- </bean>
- <bean
class="org.eclipse.jetty.server.handler.ResourceHandler">
- <property name="directoriesListed"
value="false" />
- <property name="welcomeFiles">
- <list>
-
<value>index.html</value>
- </list>
- </property>
- <property name="resourceBase"
value="${activemq.home}/webapps/" />
- </bean>
- <bean id="defaultHandler"
class="org.eclipse.jetty.server.handler.DefaultHandler">
- <property name="serveIcon"
value="false" />
- </bean>
- </list>
- </property>
- </bean>
+ <bean id="secHandlerCollection"
class="org.eclipse.jetty.server.handler.HandlerCollection">
+ <property name="handlers">
+ <list>
+ <ref bean="rewriteHandler"/>
+ <bean class="org.eclipse.jetty.webapp.WebAppContext">
+ <property name="contextPath" value="/admin" />
+ <property name="resourceBase"
value="${activemq.home}/webapps/admin" />
+ <property name="logUrlOnStart" value="true" />
+ </bean>
+ <bean class="org.eclipse.jetty.webapp.WebAppContext">
+ <property name="contextPath" value="/api" />
+ <property name="resourceBase"
value="${activemq.home}/webapps/api" />
+ <property name="logUrlOnStart" value="true" />
+ </bean>
+ <bean class="org.eclipse.jetty.server.handler.ResourceHandler">
+ <property name="directoriesListed" value="false" />
+ <property name="welcomeFiles">
+ <list>
+ <value>index.html</value>
+ </list>
+ </property>
+ <property name="resourceBase"
value="${activemq.home}/webapps/" />
+ </bean>
+ <bean id="defaultHandler"
class="org.eclipse.jetty.server.handler.DefaultHandler">
+ <property name="serveIcon" value="false" />
+ </bean>
+ </list>
+ </property>
+ </bean>
<bean id="securityHandler"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
- <property name="loginService" ref="securityLoginService" />
+ <property name="identityService" ref="identityService" />
+ <property name="loginService" ref="jaasLoginService" />
<property name="authenticator">
<bean
class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
@@ -144,10 +151,10 @@
</bean>
<bean id="invokeConnectors"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
- <property name="targetObject" ref="Server" />
- <property name="targetMethod" value="setConnectors" />
- <property name="arguments">
- <list>
+ <property name="targetObject" ref="Server" />
+ <property name="targetMethod" value="setConnectors" />
+ <property name="arguments">
+ <list>
<bean id="Connector"
class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server"/>
<constructor-arg>
@@ -165,35 +172,36 @@
Enable this connector if you wish to use https with web
console
-->
<!-- bean id="SecureConnector"
class="org.eclipse.jetty.server.ServerConnector">
- <constructor-arg ref="Server" />
- <constructor-arg>
- <bean id="handlers"
class="org.eclipse.jetty.util.ssl.SslContextFactory">
-
- <property
name="keyStorePath" value="${activemq.conf}/broker.ks" />
- <property
name="keyStorePassword" value="password" />
- </bean>
- </constructor-arg>
- <property name="port" value="8162" />
- </bean -->
+ <constructor-arg ref="Server" />
+ <constructor-arg>
+ <bean id="handlers"
class="org.eclipse.jetty.util.ssl.SslContextFactory">
+
+ <property name="keyStorePath"
value="${activemq.conf}/broker.ks" />
+ <property name="keyStorePassword" value="password"
/>
+ </bean>
+ </constructor-arg>
+ <property name="port" value="8162" />
+ </bean -->
</list>
- </property>
+ </property>
</bean>
- <bean id="configureJetty"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
- <property name="staticMethod"
value="org.apache.activemq.web.config.JspConfigurer.configureJetty" />
- <property name="arguments">
- <list>
- <ref bean="Server" />
- <ref bean="secHandlerCollection" />
- </list>
- </property>
- </bean>
+ <bean id="configureJetty"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+ <property name="staticMethod"
value="org.apache.activemq.web.config.JspConfigurer.configureJetty" />
+ <property name="arguments">
+ <list>
+ <ref bean="Server" />
+ <ref bean="secHandlerCollection" />
+ </list>
+ </property>
+ </bean>
<bean id="invokeStart"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"
- depends-on="configureJetty, invokeConnectors">
- <property name="targetObject" ref="Server" />
- <property name="targetMethod" value="start" />
+ depends-on="configureJetty, invokeConnectors">
+ <property name="targetObject" ref="Server" />
+ <property name="targetMethod" value="start" />
</bean>
</beans>
+
diff --git a/assembly/src/release/examples/conf/jetty-demo.xml
b/assembly/src/release/examples/conf/jetty-demo.xml
index d432dee5b..ea1cbc513 100644
--- a/assembly/src/release/examples/conf/jetty-demo.xml
+++ b/assembly/src/release/examples/conf/jetty-demo.xml
@@ -22,7 +22,7 @@
<bean id="securityLoginService"
class="org.eclipse.jetty.security.HashLoginService">
<property name="name" value="ActiveMQRealm" />
- <property name="config"
value="${activemq.conf}/jetty-realm.properties" />
+ <property name="config"
value="${activemq.conf}/jetty-realm-5.x.properties" />
</bean>
<bean id="securityConstraint"
class="org.eclipse.jetty.util.security.Constraint">
diff --git a/assembly/src/release/conf/jetty-realm.properties
b/assembly/src/release/examples/conf/jetty-realm-5.x.properties
similarity index 59%
rename from assembly/src/release/conf/jetty-realm.properties
rename to assembly/src/release/examples/conf/jetty-realm-5.x.properties
index 1bce6aa81..464312602 100644
--- a/assembly/src/release/conf/jetty-realm.properties
+++ b/assembly/src/release/examples/conf/jetty-realm-5.x.properties
@@ -15,7 +15,19 @@
## limitations under the License.
## ---------------------------------------------------------------------------
+## ---------------------------------------------------------------------------
+## [AMQ-8391] ActiveMQ 6.x converted jetty to use a common JAAS for users and
groups.
+## This version of conf/jetty.xml demonstrates how to use a dedicated JAAS
realm
+## for authentication and authorization of web-based services such as the web
console
+## and rest apis. This is the config approach that was used in ActiveMQ 5.x.
+##
+## Rename this file to conf/jetty-realm.properties to setup user and group
+## authorization following the ActiveMQ 5.x approach
+##
+## Note: conf/jetty-realm.properties is used to store user, password and group
data
+## ---------------------------------------------------------------------------
+
# Defines users that can access the web (console, demo, etc.)
# username: password [,rolename ...]
admin: admin, admin
-user: user, user
\ No newline at end of file
+user: user, user
diff --git a/assembly/src/release/conf/jetty.xml
b/assembly/src/release/examples/conf/jetty-realm-5.x.xml
similarity index 95%
copy from assembly/src/release/conf/jetty.xml
copy to assembly/src/release/examples/conf/jetty-realm-5.x.xml
index 6ce53142f..cb901f2a6 100644
--- a/assembly/src/release/conf/jetty.xml
+++ b/assembly/src/release/examples/conf/jetty-realm-5.x.xml
@@ -17,6 +17,14 @@
some demos Include this file in your configuration to enable ActiveMQ
web components
e.g. <import resource="jetty.xml"/>
-->
+ <!--
+ [AMQ-8391] ActiveMQ 6.x converted jetty to use a common JAAS for users
and groups.
+ This version of conf/jetty.xml demonstrates how to use a dedicated
JAAS realm
+ for authentication and authorization of web-based services such as the
web console
+ and rest apis. This is the config approach that was used in ActiveMQ
5.x.
+
+ Note: conf/jetty-realm.properties is used to store user, password and
group data
+ -->
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
