Justin Reock created AMQ-5236:
---------------------------------
Summary: Shiro Authentication and Authorization for ActiveMQ's
Jetty Instance
Key: AMQ-5236
URL: https://issues.apache.org/jira/browse/AMQ-5236
Project: ActiveMQ
Issue Type: New Feature
Components: webconsole
Affects Versions: 5.10.0
Environment: Any
Reporter: Justin Reock
Priority: Minor
Fix For: Unscheduled
Shiro support for Authentication and Authorization was added to the ActiveMQ
5.10.0 release. Though the documentation states "The ActiveMQ Shiro plugin can
secure all aspects of ActiveMQ," significant work must be done to enable
support for authenticating into the web console, jolokia, and anything else
hosted by jetty in the broker.
The jetty-realm.properties file is still authoritative, and the jetty.xml
configuration creates a security handler and loginService which will have to be
undone to allow Shiro to be authoritative.
My initial thought is to remove this authentication, and alter the web.xml
files of the existing webapps to use Shiro Filters, though this course of
action may change as more research is performed.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
