-
1. Re: Can the web console share the same JAAS security context as the container in AMQ 5.8.0 / 5.7 ?
ffang Jun 26, 2013 8:34 PM (in response to jelramzy)Hi,
Please take a look at the doc here[1], the Activemq WebConsole and Activemq JMS broker already share same Karaf JAAS realm and
login modules. Also take a look at [2] to get more details how you can configure LDAPLoginModule for karaf.
Freeman
-
2. Re: Can the web console share the same JAAS security context as the container in AMQ 5.8.0 / 5.7 ?
jelramzy Jun 27, 2013 11:12 AM (in response to ffang)Hi Freeman,
Thank you for your reply , but i think you did not get my problem, i assume maybe there is a misunderstanding :
i have no problem securing the container when relying on a JAAS Ldap module , my question actually was related to the possibility of having a common authorization security context in the AMQ web console itself ( not just sharing the authentication context with the container).
The AMQ console actually bypasses the authorization context defined in the container and did not share it at all. so in nutshell , authorization to JMS objects is enforced inside the broker and the authorization defined in the container deals with it with no problems , however , any user that is authenticated in the Jetty web console can still invoke certain broker operations regardless of the brokers authorization configuration : it is thus simply bypassed!
Maybe this bug report is related to my request: http://fusesource.com/issues/browse/ENTMQ-333
What do you think ?
Regards