I'm in the process of setting up ActiveMQ to use LDAP on Active Directory. I have it working for the JMS connections but I'm running into some issues on the Web Console. I gone through all the doc's and email threads I can find on the subject. My setup is a Windows 10 desktop ActiveMQ loaded locally connecting to my AD domain on remote server.
I'm using ActiveMQ version 5.14.1 *When I access using the Web Console I get this:* HTTP ERROR: 403 Problem accessing /admin/. Reason: !role Powered by Jetty:// 9.3.z-SNAPSHOT Does anyone have an idea why this would happen? Thanks Mike *Here is a snapshot of my console:* jvm 1 | INFO | jetty-9.3.z-SNAPSHOT jvm 1 | INFO | No Spring WebApplicationInitializer types detected on classpath jvm 1 | INFO | Refreshing Root WebApplicationContext: startup date [Wed Oct 26 14:00:46 PDT 2016]; root of context hierarchy jvm 1 | INFO | Loading XML bean definitions from ServletContext resource [/WEB-INF/webconsole-embedded.xml] jvm 1 | INFO | Loading XML bean definitions from ServletContext resource [/WEB-INF/webconsole-query.xml] jvm 1 | INFO | Loading properties file from URL [file:../../conf/credentials.properties] jvm 1 | INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/ jvm 1 | INFO | ActiveMQ Jolokia REST API available at http://0.0.0.0:8161/api/jolokia/ jvm 1 | INFO | Initializing Spring FrameworkServlet 'dispatcher' jvm 1 | INFO | FrameworkServlet 'dispatcher': initialization started jvm 1 | INFO | Refreshing WebApplicationContext for namespace 'dispatcher-servlet': startup date [Wed Oct 26 14:00:46 PDT 2016]; parent: Root WebApplicationContext jvm 1 | INFO | Loading XML bean definitions from ServletContext resource [/WEB-INF/dispatcher-servlet.xml] jvm 1 | INFO | Mapped URL path [/createDestination.action] onto handler '/createDestination.action' jvm 1 | INFO | Mapped URL path [/deleteDestination.action] onto handler '/deleteDestination.action' jvm 1 | INFO | Mapped URL path [/createSubscriber.action] onto handler '/createSubscriber.action' jvm 1 | INFO | Mapped URL path [/deleteSubscriber.action] onto handler '/deleteSubscriber.action' jvm 1 | INFO | Mapped URL path [/sendMessage.action] onto handler '/sendMessage.action' jvm 1 | INFO | Mapped URL path [/purgeDestination.action] onto handler '/purgeDestination.action' jvm 1 | INFO | Mapped URL path [/deleteMessage.action] onto handler '/deleteMessage.action' jvm 1 | INFO | Mapped URL path [/copyMessage.action] onto handler '/copyMessage.action' jvm 1 | INFO | Mapped URL path [/moveMessage.action] onto handler '/moveMessage.action' jvm 1 | INFO | Mapped URL path [/deleteJob.action] onto handler '/deleteJob.action' jvm 1 | INFO | Mapped URL path [/retryMessage.action] onto handler '/retryMessage.action' jvm 1 | INFO | FrameworkServlet 'dispatcher': initialization completed in 139 ms jvm 1 | INFO | Started o.e.j.w.WebAppContext@a49d8a{/admin,file:///C:/Apache/apache-activemq-5.14.1/webapps/admin/,AVAILABLE} jvm 1 | INFO | ActiveMQ Console at http://ServerConnector@1a854e0{HTTP/1.1,[http/1.1]}{0.0.0.0:8161}/admin jvm 1 | INFO | No Spring WebApplicationInitializer types detected on classpath jvm 1 | INFO | jolokia-agent: Using policy access restrictor classpath:/jolokia-access.xml jvm 1 | INFO | Started o.e.j.w.WebAppContext@1362cf8{/api,file:///C:/Apache/apache-activemq-5.14.1/webapps/api/,AVAILABLE} jvm 1 | INFO | Apache ActiveMQ REST API at http://ServerConnector@1a854e0{HTTP/1.1,[http/1.1]}{0.0.0.0:8161}/api jvm 1 | INFO | Started ServerConnector@1a854e0{HTTP/1.1,[http/1.1]}{0.0.0.0:8161} jvm 1 | INFO | Started @2857ms *My Jetty.xml sections that I have changed:* <bean id="defaultIdentityService" class="org.eclipse.jetty.security.DefaultIdentityService" /> <bean id="securityLDAPLoginService" class="org.eclipse.jetty.jaas.JAASLoginService"> <property name="name" value="ActiveMQLDAPRealm" /> <property name="LoginModuleName" value="LDAP-Login" /> <property name="identityService" ref="defaultIdentityService" /> <property name="roleClassNames" value="org.eclipse.jetty.jaas.JAASRole" /> </bean> <bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint"> <property name="name" value="BASIC" /> <property name="roles" value="APPDEV043 Admins" /> <property name="authenticate" value="true" /> </bean> <bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint"> <property name="name" value="BASIC" /> <property name="roles" value="APPDEV043 Admins" /> <property name="authenticate" value="true" /> </bean> <bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler"> <property name="realmName" value="ActiveMQLdapRealm" /> <property name="loginService" ref="securityLDAPLoginService" /> *My login.xml:* LDAP-Login { org.apache.activemq.jaas.LDAPLoginModule required debug=true initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connectionURL="ldap://corp.local" connectionUsername="CN=Mirth Development Service Account,OU=Service Accounts,DC=corp,DC=local" connectionPassword="XXXXX" connectionProtocol=s authentication=simple userBase="OU=Service Accounts,DC=corp,DC=local" userSearchMatching="(samaccountname={0})" userSearchSubtree=true roleBase="OU=Server Access Groups,OU=IT Security Groups,OU=Domain Groups,DC=corp,DC=local" roleName=CN roleSearchMatching="(memberOf={0})" roleSearchSubtree=true ; }; -- View this message in context: http://activemq.2283324.n4.nabble.com/ActiveMQ-Locking-down-Web-Console-via-LDAP-tp4718545.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.