I am using ActiveMQ 5.16.2, and I would like to only give a secured access to the web console. Thus, I would like to either:
Make a redirect from HTTP to HTTPS.
If a redirect is not possible then deactivate the HTTP access with port 8161.
Which files will I have to configure and how can I configure those changes?
You only need to change conf/jetty.xml. To disable HTTP access comment out the Connector bean, and then to enable HTTPS access uncomment the SecureConnector bean, e.g.:
<bean id="invokeConnectors" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetObject" ref="Server" />
<property name="targetMethod" value="setConnectors" />
<property name="arguments">
<list>
<!--bean id="Connector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<property name="host" value="#{systemProperties['jetty.host']}" />
<property name="port" value="#{systemProperties['jetty.port']}" />
</bean-->
<!--
Enable this connector if you wish to use https with web console
-->
<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath" value="${activemq.conf}/broker.ks" />
<property name="keyStorePassword" value="password" />
</bean>
</constructor-arg>
<property name="port" value="8162" />
</bean>
</list>
</property>
</bean>
You'll want to supply your own SSL certificate. Just put your certificate in the conf directory and change the keyStorePath and keyStorePassword values appropriately, e.g.:
<property name="keyStorePath" value="${activemq.conf}/myCert.p12" />
<property name="keyStorePassword" value="myCertPassword" />
Related
I currently having ActiveMQ jetty web server configured by using LDAP authentication for the users of the web console (admins), but I'm struggling to have at the same time HashLoginService for Rest API purpose...
I there a way to have the two authentication methods working on ActiveMQ Jetty?
Here my working config with LDAP:
<bean id="ldapLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="LDAP realm" />
<property name="loginModuleName" value="LDAPLogin" />
<property name="roleClassNames" value="org.apache.activemq.jaas.GroupPrincipal" />
<property name="identityService" ref="identityService" />
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin_grp" />
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin_grp" />
<property name="authenticate" value="true" />
</bean>
<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/api/*,/admin/*,*.jsp" />
</bean>
<bean id="adminSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="adminSecurityConstraint" />
<property name="pathSpec" value="*.action" />
</bean>
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="ldapLoginService" />
<property name="realmName" value="LdapRealm" />
<property name="identityService" ref="identityService" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
and the ldap config:
LDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug="false"
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="{{ ldap_connect_url }}"
connectionUsername="{{ bind_dn }}"
connectionPassword="{{ bind_pw }}"
connectionProtocol=""
authentication=simple
userBase="{{ base_dn }}"
userSearchMatching="{{ ldap_user_search_matching }}"
userSearchSubtree="true"
roleBase="{{ ldap_role_base }}"
roleName="cn"
roleSearchMatching="{{ ldap_role_search_matching }}"
roleSearchSubtree=false
;
};
Why don't you add the PropertyFileLoginModule to your JAAS config file? It is similar to the HashLoginService, but works with JAAS. You would have to change your JAAS config to make the LDAPLoginModule sufficient rather than required, and make the PropertyFileLoginModule also sufficient. That way, if either of the login modules can succeed in authenticating the user. Reading more about the definitions of required/requisite/sufficient/optional may be helpful.
Jetty 9.x JAAS docs do not mention the ability to run multiple authentication sources, but you could implement your own custom JAAS LoginModule to support it.
If you are looking for something out-of-the-box, I know many people run ActiveMQ inside another runtime container (such as Apache Karaf) that supports single JAAS realm with multiple backends.
I have a RHEL 7 server where I have ActiveMQ installed (version : apache-activemq-5.15.11).I am trying to run the web console over https and hence I went through the instructions mentioned in the documentation here and made changes in my jetty.xml and un-commented the following section:
<!--
Enable this connector if you wish to use https with web console
-->
<!-- bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath" value="${activemq.conf}/broker.ks" />
<property name="keyStorePassword" value="password" />
</bean>
</constructor-arg>
<property name="port" value="8162" />
</bean -->
when I am trying to access the web console like the following:
https://myserver.com:8162/admin/index.jsp
I am getting connection getting timed out in the browser.
Questions :
Am I trying to access it properly - via port 8162? It works fine with port 8161 and over http like the following:
http://myserver.com:8161/admin/index.jsp
Are there any additional changes needed to make it work over https?
My jetty.xml is below for reference:
<!--
Licensed to the Apache Software Foundation (ASF) under one or more contributor
license agreements. See the NOTICE file distributed with this work for additional
information regarding copyright ownership. The ASF licenses this file to You under
the Apache License, Version 2.0 (the "License"); you may not use this file except in
compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or
agreed to in writing, software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing permissions and
limitations under the License.
-->
<!--
An embedded servlet engine for serving up the Admin consoles, REST and Ajax APIs and
some demos Include this file in your configuration to enable ActiveMQ web components
e.g. <import resource="jetty.xml"/>
-->
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="securityLoginService" class="org.eclipse.jetty.security.HashLoginService">
<property name="name" value="ActiveMQRealm" />
<property name="config" value="${activemq.conf}/jetty-realm.properties" />
</bean>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="user,admin" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/api/*,/admin/*,*.jsp" />
</bean>
<bean id="adminSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="adminSecurityConstraint" />
<property name="pathSpec" value="*.action" />
</bean>
<bean id="rewriteHandler" class="org.eclipse.jetty.rewrite.handler.RewriteHandler">
<property name="rules">
<list>
<bean id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<property name="pattern" value="*"/>
<property name="name" value="X-FRAME-OPTIONS"/>
<property name="value" value="SAMEORIGIN"/>
</bean>
<bean id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<property name="pattern" value="*"/>
<property name="name" value="X-XSS-Protection"/>
<property name="value" value="1; mode=block"/>
</bean>
<bean id="header" class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<property name="pattern" value="*"/>
<property name="name" value="X-Content-Type-Options"/>
<property name="value" value="nosniff"/>
</bean>
</list>
</property>
</bean>
<bean id="secHandlerCollection" class="org.eclipse.jetty.server.handler.HandlerCollection">
<property name="handlers">
<list>
<ref bean="rewriteHandler"/>
<bean class="org.eclipse.jetty.webapp.WebAppContext">
<property name="contextPath" value="/admin" />
<property name="resourceBase" value="${activemq.home}/webapps/admin" />
<property name="logUrlOnStart" value="true" />
</bean>
<bean class="org.eclipse.jetty.webapp.WebAppContext">
<property name="contextPath" value="/api" />
<property name="resourceBase" value="${activemq.home}/webapps/api" />
<property name="logUrlOnStart" value="true" />
</bean>
<bean class="org.eclipse.jetty.server.handler.ResourceHandler">
<property name="directoriesListed" value="false" />
<property name="welcomeFiles">
<list>
<value>index.html</value>
</list>
</property>
<property name="resourceBase" value="${activemq.home}/webapps/" />
</bean>
<bean id="defaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler">
<property name="serveIcon" value="false" />
</bean>
</list>
</property>
</bean>
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="securityLoginService" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
<bean id="contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
</bean>
<bean id="jettyPort" class="org.apache.activemq.web.WebConsolePort" init-method="start">
<!-- the default port number for the web console -->
<property name="host" value="0.0.0.0"/>
<property name="port" value="8161"/>
</bean>
<bean id="Server" depends-on="jettyPort" class="org.eclipse.jetty.server.Server"
destroy-method="stop">
<property name="handler">
<bean id="handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
<property name="handlers">
<list>
<ref bean="contexts" />
<ref bean="securityHandler" />
</list>
</property>
</bean>
</property>
</bean>
<bean id="invokeConnectors" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="targetObject" ref="Server" />
<property name="targetMethod" value="setConnectors" />
<property name="arguments">
<list>
<bean id="Connector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<!-- see the jettyPort bean -->
<property name="host" value="#{systemProperties['jetty.host']}" />
<property name="port" value="#{systemProperties['jetty.port']}" />
</bean>
<!--
Enable this connector if you wish to use https with web console
-->
<!-- Enabling the following connector on Nov 11,2020 for HTTPS -->
<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath" value="${activemq.conf}/broker.ks" />
<property name="keyStorePassword" value="password" />
</bean>
</constructor-arg>
<property name="port" value="8162" />
</bean>
</list>
</property>
</bean>
<bean id="configureJetty" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod" value="org.apache.activemq.web.config.JspConfigurer.configureJetty" />
<property name="arguments">
<list>
<ref bean="Server" />
<ref bean="secHandlerCollection" />
</list>
</property>
</bean>
<bean id="invokeStart" class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"
depends-on="configureJetty, invokeConnectors">
<property name="targetObject" ref="Server" />
<property name="targetMethod" value="start" />
</bean>
</beans>
We have build a 4 node Apache Ignite Cluster and able to do connect and perform the basic operation like creating a Cache from a Java program.
But it fails to connect to the Ignite cluster when I did the MySQL integration.
Following is the error message.
Exception in thread "main" class org.apache.ignite.IgniteException: Resource field is not assignable from the resource: class org.springframework.jdbc.datasource.DriverManagerDataSource
at org.apache.ignite.internal.util.IgniteUtils.convertException(IgniteUtils.java:906)
at org.apache.ignite.Ignition.start(Ignition.java:350)
at PersonExample.PersonStoreExample.main(PersonStoreExample.java:16)
Caused by: class org.apache.ignite.IgniteCheckedException: Resource field is not assignable from the resource: class org.springframework.jdbc.datasource.DriverManagerDataSource
at org.apache.ignite.internal.processors.resource.GridResourceUtils.inject(GridResourceUtils.java:50)
at org.apache.ignite.internal.processors.resource.GridResourceSpringBeanInjector.inject(GridResourceSpringBeanInjector.java:67)
at org.apache.ignite.internal.processors.resource.GridResourceIoc.injectInternal(GridResourceIoc.java:172)
at org.apache.ignite.internal.processors.resource.GridResourceIoc.inject(GridResourceIoc.java:97)
at org.apache.ignite.internal.processors.resource.GridResourceProcessor.injectGeneric(GridResourceProcessor.java:257)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.prepare(GridCacheProcessor.java:539)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.prepare(GridCacheProcessor.java:528)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.createCache(GridCacheProcessor.java:1270)
at org.apache.ignite.internal.processors.cache.GridCacheProcessor.onKernalStart(GridCacheProcessor.java:784)
at org.apache.ignite.internal.IgniteKernal.start(IgniteKernal.java:926)
at org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.start0(IgnitionEx.java:1736)
at org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.start(IgnitionEx.java:1589)
at org.apache.ignite.internal.IgnitionEx.start0(IgnitionEx.java:1042)
at org.apache.ignite.internal.IgnitionEx.startConfigurations(IgnitionEx.java:964)
at org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:850)
at org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:749)
at org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:619)
at org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:589)
at org.apache.ignite.Ignition.start(Ignition.java:347)
... 1 more
Following is the Ignite Config file:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<!--
Alter configuration below as needed.
-->
<bean class="org.springframework.jdbc.datasource.DriverManagerDataSource" name="dataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://<<mysqk_host>>:3306/sample_db" />
<property name="username" value="root" />
<property name="password" value="hadoop" />
</bean>
<bean id="grid.cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
<property name="cacheConfiguration">
<list>
<bean class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="personCache" />
<property name="readThrough" value="true" />
<property name="writeThrough" value="true" />
<property name="cacheStoreFactory">
<bean class="javax.cache.configuration.FactoryBuilder" factory-method="factoryOf">
<constructor-arg value="PersonExample.PersonStore" />
</bean>
</property>
<property name="queryEntities">
<list>
<bean class="org.apache.ignite.cache.QueryEntity">
<property name="keyType" value="java.lang.Long" />
<property name="valueType" value="PersonExample.Person" />
<property name="fields">
<map>
<entry key="id" value="java.lang.Long" />
<entry key="name" value="java.lang.String" />
<entry key="orgId" value="java.lang.Long" />
<entry key="salary" value="java.lang.Integer" />
</map>
</property>
</bean>
</list>
</property>
</bean>
</list>
</property>
<!-- <property name="peerClassLoadingEnabled" value="true"></property> -->
<property name="discoverySpi">
<bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi">
<property name="ipFinder">
<bean class="org.apache.ignite.spi.discovery.tcp.ipfinder.zk.TcpDiscoveryZookeeperIpFinder">
<property name="zkConnectionString" value=“<<zk_host>>:2181" />
</bean>
</property>
</bean>
</property>
</bean>
How to resolve this error?
Error has been resolved with the following changes:
Added the latest MySQL JDBC jar in ignite Libs directory
Ensured Cluster config file and Client config files are same (Earlier client config file contained few additional configurations in cache configuration).
Added the Person class (Which is a MySQL table POJO, that will be stored in Ignite cache).
I am publishing message to ActiveMQ queue (TEST.AMQ.QUEUE), which is Bridged to IBM MQ queue (TEST.IBM-MQ.QUEUE) by the following configuration in activmq.xml:
<bean id="remoteFactory"
class="org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter">
<property name="username" value="***"></property>
<property name="password" value="***"></property>
<property name="targetConnectionFactory">
<bean class="com.ibm.mq.jms.MQQueueConnectionFactory">
<property name="hostName" value="1*.2*6.**.***" />
<property name="port" value="1*1*" />
<property name="queueManager" value="Q****HUB" />
<property name="channel" value="Q*****D" />
<property name="transportType" value="1" />
</bean>
</property>
</bean>
<!-- Configure JMS bridge -->
<jmsBridgeConnectors>
<jmsQueueConnector outboundQueueConnectionFactory="#remoteFactory">
<outboundQueueBridges>
<outboundQueueBridge outboundQueueName="TEST.IBM-MQ.QUEUE" />
</outboundQueueBridges>
</jmsQueueConnector>
</jmsBridgeConnectors>
I need to set the property TARGCLIENT as MQ, to disable RFH2 headers, how can i provide this property in activemq.xml file, in which my bridge configurations are defined.
The targetClient property can be set on queues, but I'm not sure where it will fit with the bridge.
Could try this name:
queue:///TEST.IBM-MQ.QUEUE?targetClient=1
Or maybe define a bean, and reference that:
<bean id="queue" class="com.ibm.mq.jms.MQQueue"
depends-on="remoteFactory">
<property name="baseQueueManagerName" value="*queue manager*" />
<property name="baseQueueName" value="TEST.IBM-MQ.QUEUE" />
<property name="targetClient" value="1" />
</bean>
Could you please help to solve the problem with XA transactions on Activemq and Oracle and Bitronix.
I have a activemq and using camel.xml embeded in for routing message from one queue to oracle db.
this is the content of camel.xml file in conf folder of standalone Activemq.
<camelContext id="camel" xmlns="http://camel.apache.org/schema/spring">
<route id="partnerToDB">
<from uri="activemqXa:example.A" />
<transacted ref="PROPAGATION_REQUIRED"/>
<transform>
<simple>insert into tbl_1(body,type) values('${in.body}','P') </simple>
</transform>
<to uri="jdbc:dataSource" />
</route>
</camelContext>
<!-- TX configuration -->
<bean id="jtaTransactionManager" class="org.springframework.transaction.jta.JtaTransactionManager">
<property name="transactionManager" ref="transactionManager"/>
<property name="userTransaction" ref="transactionManager" />
</bean>
<bean id="btmConfig" factory-method="getConfiguration" class="bitronix.tm.TransactionManagerServices">
<property name="serverId" value="spring-btm" />
</bean>
<bean id="transactionManager" factory-method="getTransactionManager" class="bitronix.tm.TransactionManagerServices" depends-on="btmConfig" destroy-method="shutdown" />
<bean id="PROPAGATION_REQUIRED" class="org.apache.camel.spring.spi.SpringTransactionPolicy">
<property name="transactionManager" ref="jtaTransactionManager"/>
<property name="propagationBehaviorName" value="PROPAGATION_REQUIRED"/>
</bean>
<!-- JMS configuration -->
<bean id="resourceManager" class="org.apache.activemq.pool.ActiveMQResourceManager" init-method="recoverResource">
<property name="transactionManager" ref="transactionManager" />
<property name="connectionFactory" ref="pooledJmsXaConnectionFactory" />
<property name="resourceName" value="activemq.default,java/testDS1" />
</bean>
<bean id="pooledJmsXaConnectionFactory" class="bitronix.tm.resource.jms.PoolingConnectionFactory" init-method="init" destroy-method="close" >
<property name="className" value="org.apache.activemq.ActiveMQXAConnectionFactory" />
<property name="uniqueName" value="activemq" />
<property name="maxPoolSize" value="8" />
<property name="driverProperties">
<props>
<prop key="brokerURL">tcp://172.16.9.17:61617</prop>
</props>
</property>
</bean>
<bean id="activemqXa" class="org.apache.activemq.camel.component.ActiveMQComponent">
<!-- because of https://issues.apache.org/jira/browse/AMQ-3251, we cannot use the XaPooledConnectionFactory in AMQ 5.5.1 -->
<property name="connectionFactory" ref="pooledJmsXaConnectionFactory"/>
<property name="transacted" value="false"/>
<property name="transactionManager" ref="jtaTransactionManager"/>
</bean>
<!-- JDBC configuration -->
<bean id="dataSource" class="bitronix.tm.resource.jdbc.PoolingDataSource"
init-method="init" destroy-method="close">
<property name="className" value="bitronix.tm.resource.jdbc.lrc.LrcXADataSource" />
<property name="uniqueName" value="java/testDS1" />
<property name="maxPoolSize" value="5" />
<property name="minPoolSize" value="0" />
<property name="allowLocalTransactions" value="false" />
<property name="testQuery" value="SELECT 1 FROM DUAL" />
<property name="driverProperties">
<props>
<prop key="user">test</prop>
<prop key="password">test</prop>
<prop key="url">jdbc:oracle:thin:#db1sh:1521/org.amin.org</prop>
<prop key="driverClassName">oracle.jdbc.OracleDriver</prop>
</props>
</property>
</bean>
when I run Activemq and send a message to example.A queue, nothing is inserted on db and message is dequeued from queue, I get this error in activemq log:
[org.apache.camel.RuntimeCamelException - java.sql.SQLException: cannot commit a resource
enlisted in a global transaction]
Also I have run these SQL scripts for Oracle DataBase:
$ORACLE_HOME/javavm/install/initxa.sql
$ORACLE_HOME/javavm/install/initjvm.sql
and the following grant statments:
grant select on pending_trans$ to public;
grant select on dba_2pc_pending to public;
grant select on dba_pending_transactions to public;
grant execute on dbms_system to <user>;
Any ideas/solutions are welcome!
Thanks
Looking at the first lines in the camel jdbc component docs I find this information box
This component can not be used as a Transactional Client. If you need transaction support in your route, you should use the SQL component instead.