I'm in the process of setting up ActiveMQ to use LDAP on Active Directory.
I have it working for the JMS connections but I'm running into some issues
on the Web Console.
I gone through all the doc's and email threads I can find on the subject.
My setup is a Windows 10 desktop ActiveMQ loaded locally connecting to my AD
domain on remote server.
I'm using ActiveMQ version 5.14.1
*When I access using the Web Console I get this:*
HTTP ERROR: 403
Problem accessing /admin/. Reason:
!role
Powered by Jetty:// 9.3.z-SNAPSHOT
Does anyone have an idea why this would happen?
Thanks
Mike
*Here is a snapshot of my console:*
jvm 1 | INFO | jetty-9.3.z-SNAPSHOT
jvm 1 | INFO | No Spring WebApplicationInitializer types detected on
classpath
jvm 1 | INFO | Refreshing Root WebApplicationContext: startup date [Wed
Oct 26 14:00:46 PDT 2016]; root of context hierarchy
jvm 1 | INFO | Loading XML bean definitions from ServletContext resource
[/WEB-INF/webconsole-embedded.xml]
jvm 1 | INFO | Loading XML bean definitions from ServletContext resource
[/WEB-INF/webconsole-query.xml]
jvm 1 | INFO | Loading properties file from URL
[file:../../conf/credentials.properties]
jvm 1 | INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/
jvm 1 | INFO | ActiveMQ Jolokia REST API available at
http://0.0.0.0:8161/api/jolokia/
jvm 1 | INFO | Initializing Spring FrameworkServlet 'dispatcher'
jvm 1 | INFO | FrameworkServlet 'dispatcher': initialization started
jvm 1 | INFO | Refreshing WebApplicationContext for namespace
'dispatcher-servlet': startup date [Wed Oct 26 14:00:46 PDT 2016]; parent:
Root WebApplicationContext
jvm 1 | INFO | Loading XML bean definitions from ServletContext resource
[/WEB-INF/dispatcher-servlet.xml]
jvm 1 | INFO | Mapped URL path [/createDestination.action] onto handler
'/createDestination.action'
jvm 1 | INFO | Mapped URL path [/deleteDestination.action] onto handler
'/deleteDestination.action'
jvm 1 | INFO | Mapped URL path [/createSubscriber.action] onto handler
'/createSubscriber.action'
jvm 1 | INFO | Mapped URL path [/deleteSubscriber.action] onto handler
'/deleteSubscriber.action'
jvm 1 | INFO | Mapped URL path [/sendMessage.action] onto handler
'/sendMessage.action'
jvm 1 | INFO | Mapped URL path [/purgeDestination.action] onto handler
'/purgeDestination.action'
jvm 1 | INFO | Mapped URL path [/deleteMessage.action] onto handler
'/deleteMessage.action'
jvm 1 | INFO | Mapped URL path [/copyMessage.action] onto handler
'/copyMessage.action'
jvm 1 | INFO | Mapped URL path [/moveMessage.action] onto handler
'/moveMessage.action'
jvm 1 | INFO | Mapped URL path [/deleteJob.action] onto handler
'/deleteJob.action'
jvm 1 | INFO | Mapped URL path [/retryMessage.action] onto handler
'/retryMessage.action'
jvm 1 | INFO | FrameworkServlet 'dispatcher': initialization completed
in 139 ms
jvm 1 | INFO | Started
o.e.j.w.WebAppContext@a49d8a{/admin,file:///C:/Apache/apache-activemq-5.14.1/webapps/admin/,AVAILABLE}
jvm 1 | INFO | ActiveMQ Console at
http://ServerConnector@1a854e0{HTTP/1.1,[http/1.1]}{0.0.0.0:8161}/admin
jvm 1 | INFO | No Spring WebApplicationInitializer types detected on
classpath
jvm 1 | INFO | jolokia-agent: Using policy access restrictor
classpath:/jolokia-access.xml
jvm 1 | INFO | Started
o.e.j.w.WebAppContext@1362cf8{/api,file:///C:/Apache/apache-activemq-5.14.1/webapps/api/,AVAILABLE}
jvm 1 | INFO | Apache ActiveMQ REST API at
http://ServerConnector@1a854e0{HTTP/1.1,[http/1.1]}{0.0.0.0:8161}/api
jvm 1 | INFO | Started
ServerConnector@1a854e0{HTTP/1.1,[http/1.1]}{0.0.0.0:8161}
jvm 1 | INFO | Started @2857ms
*My Jetty.xml sections that I have changed:*
<bean id="defaultIdentityService"
class="org.eclipse.jetty.security.DefaultIdentityService" />
<bean id="securityLDAPLoginService"
class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="ActiveMQLDAPRealm" />
<property name="LoginModuleName" value="LDAP-Login" />
<property name="identityService" ref="defaultIdentityService" />
<property name="roleClassNames"
value="org.eclipse.jetty.jaas.JAASRole" />
</bean>
<bean id="securityConstraint"
class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="APPDEV043 Admins" />
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint"
class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="APPDEV043 Admins" />
<property name="authenticate" value="true" />
</bean>
<bean id="securityHandler"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="realmName" value="ActiveMQLdapRealm" />
<property name="loginService" ref="securityLDAPLoginService" />
*My login.xml:*
LDAP-Login {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://corp.local";
connectionUsername="CN=Mirth Development Service Account,OU=Service
Accounts,DC=corp,DC=local"
connectionPassword="XXXXX"
connectionProtocol=s
authentication=simple
userBase="OU=Service Accounts,DC=corp,DC=local"
userSearchMatching="(samaccountname={0})"
userSearchSubtree=true
roleBase="OU=Server Access Groups,OU=IT Security Groups,OU=Domain
Groups,DC=corp,DC=local"
roleName=CN
roleSearchMatching="(memberOf={0})"
roleSearchSubtree=true
;
};
--
View this message in context:
http://activemq.2283324.n4.nabble.com/ActiveMQ-Locking-down-Web-Console-via-LDAP-tp4718545.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
