Hi Sumit, it will work with encrypted password as well but you need to add the artifact org.eclipse.jetty:jetty-jaas:jar to the `apache-activemq/lib/web/" folder, ie https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jaas/9.4.27.v20200227/jetty-jaas-9.4.27.v20200227.jar
Regards, Domenico Il giorno gio 11 giu 2020 alle ore 07:43 Sumit Bhardwaj < sumit.bhard...@gmail.com> ha scritto: > Thank Domenico, I will try this. This will work with encrypted passwords as > well right? > > Best > Sumit > > On Thu, Jun 11, 2020 at 1:58 AM Domenico Francesco Bruscino < > bruscin...@gmail.com> wrote: > > > Hi Sumit, > > > > to use the same JAAS Authentication Plugin for the web console, you can > > execute the following additional steps: > > > > 1) Replace the `securityLoginService` in jetty.xml: > > <bean id="securityLoginService" > > class="org.eclipse.jetty.jaas.JAASLoginService"> > > <property name="name" value="ActiveMQRealm" /> > > <property name="loginModuleName" value="activemq" /> > > <property name="roleClassNames"> > > <list> > > <value>org.apache.activemq.jaas.GroupPrincipal</value> > > </list> > > </property> > > </bean> > > > > 2) Replace the roles of the `securityConstraint` and > > `adminSecurityConstraint` beans in jetty.xml to match the roles defined > > in groups.properties: > > <bean id="securityConstraint" > > class="org.eclipse.jetty.util.security.Constraint"> > > <property name="name" value="BASIC" /> > > <property name="roles" value="user,*admins*" /> > > <!-- set authenticate=false to disable login --> > > <property name="authenticate" value="true" /> > > </bean> > > <bean id="adminSecurityConstraint" > > class="org.eclipse.jetty.util.security.Constraint"> > > <property name="name" value="BASIC" /> > > <property name="roles" value="*admins*" /> > > <!-- set authenticate=false to disable login --> > > <property name="authenticate" value="true" /> > > </bean> > > > > 3) Set the IdentityService of the `securityHandler` bean jetty.xml: > > <property name="identityService"> > > <bean class="org.eclipse.jetty.security.DefaultIdentityService" > /> > > </property> > > > > Regards, > > Domenico > > > > Il giorno mer 10 giu 2020 alle ore 19:52 Sumit Bhardwaj < > > sumit.bhard...@gmail.com> ha scritto: > > > > > Thanks a lot Dominico! > > > > > > I have one more question, can we use JAASAuthenticationPlugin for web > > > console users as well? > > > > > > Best > > > Sumit > > > > > > On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino < > > > bruscin...@gmail.com> wrote: > > > > > > > Hi Sumit, > > > > > > > > to get a working demo of JAAS Authentication Plugin with encrypted > > > > passwords, you can execute the following steps: > > > > > > > > 1) Create a new broker instance: > > > > $ ./bin/activemq create broker > > > > > > > > 2) Add the JAAS Authentication Plugin to activemq.xml: > > > > <plugins> > > > > <jaasAuthenticationPlugin configuration="activemq"/> > > > > > > > > 3) Replace the admin password with an encrypted password in > > > > users.properties, ie the the encrypted password `manager`: > > > > admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==) > > > > > > > > 4) Enable decrypt in login.config: > > > > activemq { > > > > org.apache.activemq.jaas.PropertiesLoginModule required > > > > decrypt=true > > > > org.apache.activemq.jaas.properties.user="users.properties" > > > > > org.apache.activemq.jaas.properties.group="groups.properties"; > > > > }; > > > > > > > > 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable: > > > > $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq > > > > > > > > 6) Start the broker: > > > > $ ./broker/bin/broker start > > > > > > > > 7) Start the producer: > > > > $ ./bin/activemq producer --user admin --password manager > > --messageCount > > > 1 > > > > > > > > Regards, > > > > Domenico > > > > > > > > Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj < > > > > sumit.bhard...@gmail.com> ha scritto: > > > > > > > > > Hi, > > > > > > > > > > We are trying to use JAAS Authentication plugin for ActiveMQ. We > have > > > > been > > > > > able to use it with plain text passwords in the users.properties. > > > > > > > > > > We are not able to figure out how to use the encrypted passwords in > > > > > users.properties with JAAS Authentication Plugin. > > > > > > > > > > Are there any examples to achieve this? > > > > > > > > > > Thanks in advance. > > > > > > > > > > Best > > > > > Sumit > > > > > > > > > > > > > > >