Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-9198

Self-customized read-only role for AMQ works but caused admin/security login gives 403

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Not A Problem
    • None
    • None
    • Web Console
    • None

    Description

      We added a new customized  read-only Constraint with Mapping:  readerSecurityConstraintMapping for read-only permission for AMQ web UI portal  it works for read-only users to show the expected 403 for prohibited URLs,

      but when we switch to the admin user, it gives 403 error :

      jetty.xml : 

          <bean id="readerSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
              <property name="name" value="BASIC" />
              <property name="roles" value="reader" />
              <property name="authenticate" value="true" />
          </bean>
          
          <bean id="readerSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
              <property name="constraint" ref="readerSecurityConstraint" />
              <property name="pathSpec" value="/index.html,/admin/*.html,/admin/index.jsp,/admin/queues.jsp,/admin/browse.jsp,/admin/queueConsumers.jsp,/admin/topics.jsp,/admin/topicProducers.jsp,/admin/topicSubscribers.jsp,/admin/connections.jsp,/admin/network.jsp,/admin/scheduled.jsp,/admin/queueGraph.jsp,/admin/xml/queues.jsp,/admin/xml/subscribers.jsp"/>
          </bean> 
      
      
          <bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
              <property name="loginService" ref="securityLoginService" />
              <property name="authenticator">
                  <bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
              </property>
              <property name="constraintMappings">
                  <list>
                      <ref bean="adminSecurityConstraintMapping" />
                      <ref bean="securityConstraintMapping" />
                      <ref bean="readerSecurityConstraintMapping" />
                  </list>
              </property>
              <property name="handler" ref="secHandlerCollection" />
          </bean>

      ==jetty-realm.properties==
      admin: admin, admin
      user: user, user
      reader: reader,reader

       

       

       

      Attachments

        Activity

          People

            jbonofre Jean-Baptiste Onofré
            wguo Wei Guo
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: