Hi You should ask activemq mailing list because it seems to be related to activemq.
On Sat, May 11, 2019 at 11:30 AM Pankaj Ambekar <[email protected]> wrote: > Hello, > > Here's more details on this - > > ** Jetty version - *jetty-9.2.25.v20180606 (packaged with ActiveMQ-5.15.8) > ** Java Version -* 1.8.0_131 > ** Steps to reproduce - *Followed the steps mentioned on the page - > https://activemq.apache.org/security (LDAP Authentication Using the JAAS > Plugin). The changes made to following files - > > *login.config *(actual values replaced by dummy) > > LDAPLogin { > org.apache.activemq.jaas.LDAPLoginModule required > debug=true > initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory > connectionURL="ldap://nyc-dc01.corp.nypiua.com:389"; > connectionUsername="CN=<name>,OU=Dummy Accounts,OU=Dummy Accounts and > Groups,DC=corp,DC=company,DC=com" > connectionPassword="password" > connectionProtocol=s > authentication=simple > userBase="OU=Dummy User Accounts,OU=Test User > Accounts,DC=corp,DC=company,DC=com" > userRoleName=dummyUserRoleName > userSearchMatching="(sAMAccountName={0})" > userSearchSubtree=true > roleBase="OU=Pre-Prod,OU=app,OU=Enterprise Based Applications,OU=Dummy > Application Accounts and Groups,DC=corp,DC=company,DC=com" > roleName=cn > roleSearchMatching="(member={0})" > roleSearchSubtree=true > ; > }; > > *activemq.xml *(added following into the xml) > .... > <plugins> > <jaasAuthenticationPlugin configuration="LDAPLogin" /> > </plugins> > ..... > > *jetty.xml *(added following to the xml) > > <bean id="ldapLoginService" > class="org.eclipse.jetty.jaas.JAASLoginService"> > <property name="name" value="LdapRealm" /> > <property name="loginModuleName" value="LDAPLogin" /> > <property name="roleClassNames" > value="org.eclipse.jetty.jaas.JAASRole" /> > <property name="identityService" ref="identityService" /> > </bean> > ....... > ....... > <bean id="securityHandler" > class="org.eclipse.jetty.security.ConstraintSecurityHandler"> > <property name="loginService" ref="ldapLoginService" /> > <property name="identityService" ref="identityService" /> > <property name="realmName" value="LdapRealm" /> > <property name="authenticator"> > <bean > class="org.eclipse.jetty.security.authentication.BasicAuthenticator" /> > </property> > <property name="constraintMappings"> > <list> > <ref bean="adminSecurityConstraintMapping" /> > <ref bean="securityConstraintMapping" /> > </list> > </property> > <property name="handler" ref="secHandlerCollection" /> > </bean> > <bean id="contexts" > class="org.eclipse.jetty.server.handler.ContextHandlerCollection"> > </bean> > > *No Error in the logs -* > > 2019-05-10 20:35:01,662 | DEBUG | Create the LDAP initial context. | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,711 | DEBUG | Get the user DN. | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,712 | DEBUG | Looking for the user in LDAP with | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,712 | DEBUG | base DN: OU=Dummy User > Accounts,OU=Test User Accounts,DC=corp,DC=company,DC=com | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,713 | DEBUG | filter: (sAMAccountName=user1) | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,734 | DEBUG | LDAP returned a relative name: CN=test > user1 | org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,735 | DEBUG | Using DN [CN=test user1,OU=Dummy User > Accounts,OU=Test User Accounts,DC=corp,DC=company,DC=com ] for binding. | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,736 | DEBUG | Binding the user. | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,780 | DEBUG | User CN=test user1,OU=Dummy User > Accounts,OU=Test User Accounts,DC=corp,DC=company,DC=com successfully > bound. | org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,782 | DEBUG | Get user roles. | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,783 | DEBUG | Looking for the user roles in LDAP with > | org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,785 | DEBUG | base DN: > OU=Pre-Prod,OU=app,OU=Enterprise Based Applications,OU=Dummy Application > Accounts and Groups,DC=corp,DC=company,DC=com | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,786 | DEBUG | filter: (member=CN=test user1,OU=Dummy > User Accounts,OU=Test User Accounts,DC=corp,DC=company,DC=com) | > org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:01,835 | DEBUG | Roles [administrator_group] for user > user1 | org.apache.activemq.jaas.LDAPLoginModule | qtp843299092-39 > 2019-05-10 20:35:03,821 | DEBUG | Checkpoint started. | > org.apache.activemq.store.kahadb.MessageDatabase | ActiveMQ Journal > Checkpoint Worker > 2019-05-10 20:35:03,832 | DEBUG | Checkpoint done. | > org.apache.activemq.store.kahadb.MessageDatabase | ActiveMQ Journal > Checkpoint Worker > > *Error on the browser -* > HTTP ERROR: 403 > > Problem accessing /admin/. Reason: > !role > > On Fri, May 10, 2019 at 9:06 PM Olivier Lamy <[email protected]> wrote: > >> Hi >> In order to help you, we need more details such: >> - Jetty version >> - Java version >> - exact steps to reproduce your problem >> >> cheers >> Olivier >> >> >> On Sat, May 11, 2019 at 10:16 AM Pankaj Ambekar <[email protected]> >> wrote: >> >>> Hello, >>> >>> I'm using apache-activemq-5.15.8 with Jetty and trying to get the >>> configurations working by connecting the admin-console authentication with >>> LDAP/AD. I've followed all the necessary configs on logon.config, >>> activemq.xml, jetty.xml and I can see in the logs that the user is >>> authenticated. However, on the broweser, I see following error - >>> >>> HTTP ERROR: 403 >>> >>> Problem accessing /admin/. Reason: >>> !role >>> >>> Could you please advise if you changed anything specific in web.xml (or >>> any other config file) to get pass this error ? >>> >>> -- >>> Thanks >>> >>> Regards, >>> Pankaj Ambekar >>> >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://www.eclipse.org/mailman/listinfo/jetty-users >> >> >> >> -- >> Olivier >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/jetty-users > > > > -- > Thanks > > Regards, > Pankaj Ambekar > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users -- Olivier
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
