Hi Sumit,
it will work with encrypted password as well but you need to add the
artifact org.eclipse.jetty:jetty-jaas:jar to the `apache-activemq/lib/web/"
folder, ie
https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-jaas/9.4.27.v20200227/jetty-jaas-9.4.27.v20200227.jar
Regards,
Domenico
Il giorno gio 11 giu 2020 alle ore 07:43 Sumit Bhardwaj <
sumit.bhard...@gmail.com> ha scritto:
> Thank Domenico, I will try this. This will work with encrypted passwords as
> well right?
>
> Best
> Sumit
>
> On Thu, Jun 11, 2020 at 1:58 AM Domenico Francesco Bruscino <
> bruscin...@gmail.com> wrote:
>
> > Hi Sumit,
> >
> > to use the same JAAS Authentication Plugin for the web console, you can
> > execute the following additional steps:
> >
> > 1) Replace the `securityLoginService` in jetty.xml:
> > <bean id="securityLoginService"
> > class="org.eclipse.jetty.jaas.JAASLoginService">
> > <property name="name" value="ActiveMQRealm" />
> > <property name="loginModuleName" value="activemq" />
> > <property name="roleClassNames">
> > <list>
> > <value>org.apache.activemq.jaas.GroupPrincipal</value>
> > </list>
> > </property>
> > </bean>
> >
> > 2) Replace the roles of the `securityConstraint` and
> > `adminSecurityConstraint` beans in jetty.xml to match the roles defined
> > in groups.properties:
> > <bean id="securityConstraint"
> > class="org.eclipse.jetty.util.security.Constraint">
> > <property name="name" value="BASIC" />
> > <property name="roles" value="user,*admins*" />
> > <!-- set authenticate=false to disable login -->
> > <property name="authenticate" value="true" />
> > </bean>
> > <bean id="adminSecurityConstraint"
> > class="org.eclipse.jetty.util.security.Constraint">
> > <property name="name" value="BASIC" />
> > <property name="roles" value="*admins*" />
> > <!-- set authenticate=false to disable login -->
> > <property name="authenticate" value="true" />
> > </bean>
> >
> > 3) Set the IdentityService of the `securityHandler` bean jetty.xml:
> > <property name="identityService">
> > <bean class="org.eclipse.jetty.security.DefaultIdentityService"
> />
> > </property>
> >
> > Regards,
> > Domenico
> >
> > Il giorno mer 10 giu 2020 alle ore 19:52 Sumit Bhardwaj <
> > sumit.bhard...@gmail.com> ha scritto:
> >
> > > Thanks a lot Dominico!
> > >
> > > I have one more question, can we use JAASAuthenticationPlugin for web
> > > console users as well?
> > >
> > > Best
> > > Sumit
> > >
> > > On Wed, Jun 10, 2020 at 1:19 AM Domenico Francesco Bruscino <
> > > bruscin...@gmail.com> wrote:
> > >
> > > > Hi Sumit,
> > > >
> > > > to get a working demo of JAAS Authentication Plugin with encrypted
> > > > passwords, you can execute the following steps:
> > > >
> > > > 1) Create a new broker instance:
> > > > $ ./bin/activemq create broker
> > > >
> > > > 2) Add the JAAS Authentication Plugin to activemq.xml:
> > > > <plugins>
> > > > <jaasAuthenticationPlugin configuration="activemq"/>
> > > >
> > > > 3) Replace the admin password with an encrypted password in
> > > > users.properties, ie the the encrypted password `manager`:
> > > > admin=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
> > > >
> > > > 4) Enable decrypt in login.config:
> > > > activemq {
> > > > org.apache.activemq.jaas.PropertiesLoginModule required
> > > > decrypt=true
> > > > org.apache.activemq.jaas.properties.user="users.properties"
> > > >
> org.apache.activemq.jaas.properties.group="groups.properties";
> > > > };
> > > >
> > > > 5) Export the ACTIVEMQ_ENCRYPTION_PASSWORD environment variable:
> > > > $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
> > > >
> > > > 6) Start the broker:
> > > > $ ./broker/bin/broker start
> > > >
> > > > 7) Start the producer:
> > > > $ ./bin/activemq producer --user admin --password manager
> > --messageCount
> > > 1
> > > >
> > > > Regards,
> > > > Domenico
> > > >
> > > > Il giorno mar 9 giu 2020 alle ore 19:09 Sumit Bhardwaj <
> > > > sumit.bhard...@gmail.com> ha scritto:
> > > >
> > > > > Hi,
> > > > >
> > > > > We are trying to use JAAS Authentication plugin for ActiveMQ. We
> have
> > > > been
> > > > > able to use it with plain text passwords in the users.properties.
> > > > >
> > > > > We are not able to figure out how to use the encrypted passwords in
> > > > > users.properties with JAAS Authentication Plugin.
> > > > >
> > > > > Are there any examples to achieve this?
> > > > >
> > > > > Thanks in advance.
> > > > >
> > > > > Best
> > > > > Sumit
> > > > >
> > > >
> > >
> >
>
