Hi all,
I'm using Jetty bundled with ActiveMQ, and want users to be able to
authenticate when accessing secured resources (the ActiveMQ admin GUI) using
either local username/password (HashLoginService) or LDAP (JAASLoginService).
I've successfully configured both (HashLoginService being there by default),
but am currently only able to alternate between the two, as I do not know how
to have them both enabled (if it is even possible?).
I'm grateful if anyone is able to point me in the right direction -- thanks in
advance!
I'm using jetty-all-9.2.13.v20150730.jar (bundled with latest ActiveMQ, 5.14.1)
and jetty-jaas-9.2.13.v20150730.jar.
---[where I currently swap between auth backends]----------------------
<property name="handler">
<bean id="handlers"
class="org.eclipse.jetty.server.handler.HandlerCollection">
<property name="handlers">
<list>
<ref bean="contexts" />
<ref bean="securityHandler" />
<!-- <ref bean="securityHandlerLdap" /> -->
</list>
</property>
</bean>
</property>
-------------------------
---[ Full config (jetty.xml) ]----------------------
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
<!-- Local file authentication -->
<bean id="securityLoginService"
class="org.eclipse.jetty.security.HashLoginService">
<property name="name" value="ActiveMQRealm" />
<property name="config" value="${activemq.conf}/jetty-realm.properties"
/>
</bean>
<!-- LDAP Authentication. 2016-12-07 OYVINDHAL -->
<bean id="ldapLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="LdapRealm" />
<property name="loginModuleName" value="amqLdapLoginModule" />
</bean>
<bean id="identityService"
class="org.eclipse.jetty.security.DefaultIdentityService"/>
<!-- Security constraints -->
<bean id="securityConstraint"
class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin,PA-SYS-IDM-FULL" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint"
class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin,PA-SYS-IDM-FULL" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="securityConstraintMapping"
class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/api/*,/admin/*,*.jsp" />
</bean>
<bean id="adminSecurityConstraintMapping"
class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="adminSecurityConstraint" />
<property name="pathSpec" value="*.action" />
</bean>
<bean id="rewriteHandler"
class="org.eclipse.jetty.rewrite.handler.RewriteHandler">
<property name="rules">
<list>
<bean id="header"
class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<property name="pattern" value="*"/>
<property name="name" value="X-FRAME-OPTIONS"/>
<property name="value" value="SAMEORIGIN"/>
</bean>
</list>
</property>
</bean>
<bean id="secHandlerCollection"
class="org.eclipse.jetty.server.handler.HandlerCollection">
<property name="handlers">
<list>
<ref bean="rewriteHandler"/>
<bean
class="org.eclipse.jetty.webapp.WebAppContext">
<property name="contextPath"
value="/admin" />
<property name="resourceBase"
value="${activemq.home}/webapps/admin" />
<property name="logUrlOnStart"
value="true" />
</bean>
<bean
class="org.eclipse.jetty.webapp.WebAppContext">
<property name="contextPath"
value="/api" />
<property name="resourceBase"
value="${activemq.home}/webapps/api" />
<property name="logUrlOnStart"
value="true" />
</bean>
<bean
class="org.eclipse.jetty.server.handler.ResourceHandler">
<property name="directoriesListed"
value="false" />
<property name="welcomeFiles">
<list>
<value>index.html</value>
</list>
</property>
<property name="resourceBase"
value="${activemq.home}/webapps/" />
</bean>
<bean id="defaultHandler"
class="org.eclipse.jetty.server.handler.DefaultHandler">
<property name="serveIcon"
value="false" />
</bean>
</list>
</property>
</bean>
<!-- Security handler for local users/passwords -->
<bean id="securityHandler"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="securityLoginService" />
<property name="authenticator">
<bean
class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
<!-- Security handler for LDAP. 2016-12-07 OYVINDHAL -->
<bean id="securityHandlerLdap"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="ldapLoginService" />
<property name="identityService" ref="identityService" />
<property name="authenticator">
<bean
class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
<bean id="contexts"
class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
</bean>
<bean id="jettyPort" class="org.apache.activemq.web.WebConsolePort"
init-method="start">
<!-- the default port number for the web console -->
<property name="host" value="0.0.0.0"/>
<property name="port" value="8161"/>
</bean>
<bean id="Server" depends-on="jettyPort"
class="org.eclipse.jetty.server.Server"
destroy-method="stop">
<property name="handler">
<bean id="handlers"
class="org.eclipse.jetty.server.handler.HandlerCollection">
<property name="handlers">
<list>
<ref bean="contexts" />
<ref bean="securityHandler" />
<!-- <ref bean="securityHandlerLdap" /> -->
</list>
</property>
</bean>
</property>
</bean>
<bean id="invokeConnectors"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetObject" ref="Server" />
<property name="targetMethod" value="setConnectors" />
<property name="arguments">
<list>
<bean id="Connector"
class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<!-- see the jettyPort bean -->
<property name="host"
value="#{systemProperties['jetty.host']}" />
<property name="port"
value="#{systemProperties['jetty.port']}" />
</bean>
</list>
</property>
</bean>
<bean id="configureJetty"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.activemq.web.config.JspConfigurer.configureJetty" />
<property name="arguments">
<list>
<ref bean="Server" />
<ref bean="secHandlerCollection" />
</list>
</property>
</bean>
<bean id="invokeStart"
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"
depends-on="configureJetty, invokeConnectors">
<property name="targetObject" ref="Server" />
<property name="targetMethod" value="start" />
</bean>
</beans>
-------------------------
Vennlig hilsen/Kind regards
Øyvind Hallsteinsen
System Analyst - IT Operations
Elkjøp Nordic AS
Address: Solheimveien 6-8 | P.O. Box 153 | NO-1471 Lørenskog
Mobile: +47 926 23 321 | [email protected] | www.elkjop.no
Tenk på miljøet før du skriver ut denne mailen
Think about the environment before printing this e-mail
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
