ActiveMQ Web Console Security Configuration
ActiveMQ’s web console is built on Jetty, and its permission management is also based on Jetty. Based on requirements, different permissions can be assigned to different users. Jetty’s permission management is fairly flexible, though it can be a bit cumbersome to configure. You can specify whether a particular role (role) has access to a specific page.
Below is a brief introduction to the configuration method. You only need to modify the following files under /conf: jetty.xml and jetty-realm.properties.
1. jetty-realm.properties
This file configures all users’ usernames, passwords, and their associated roles, following this format:
1 | username: password [,rolename ...] |
2. jetty.xml
First, configure a Constraint class for each role, where the roles correspond to the role names in jetty-realm.properties:
1 | <bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint"> |
Then configure the securityConstraintMapping:
1 | <bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping"> |
This means the role associated with securityConstraint can access the /admin/send.jsp page.
You can use /* to represent all pages that are not individually configured.
For example, suppose we need to create a read-only user. We can configure two roles: admin and readonly. Both roles need a /* ConstraintMapping entry, and then the admin role gets additional entries for all write-operation pages, including /admin/deleteDestination.action/*, /admin/purgeDestination.action/*, etc.
Finally, list all ConstraintMappings in the constraintMappings property of the ConstraintSecurityHandler:
1 | <bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler"> |
This completes the permission configuration for ActiveMQ Web Console users.
微信
