What I described in my previous post are securing all URLs via web.xml. I am using a Servlet filter to enforce basic authentication using the same security realm as the Artemis server. The issue is that the security credential from war is not carried over to Artemis server as the server has it own security turned on although they both use the same realm. Here is the sequence (and you can see it from the stacktrace)
1. curl --user user:password http://localhost:8161/queue/myQueue 2. the Servlet filter authenticated and authorized the access 3. artemis-reat creates session at org.apache.activemq.artemis.rest.queue.QueueDestinationsResource.java:102. 4. It passes hard-coded null for both user and password at org.apache.activemq.artemis.rest.queue.QueueDestinationsResource.findQueue(QueueDestinationsResource.java:102) 5. Exception thrown from server that username is null. I am hoping there is a way to pass authenticated credential from step 2 to step 3, then 4. Or better yet, avoid the 2nd authentication and authorization at Artemis server (with security on) all together. It seems to me that artemis-rest expects us to secure rest interface URLs with Artemis server security turned off. In my case, I am hoping to secure both rest interface URLs and tcp:61616 so that client can post message via rest or via normal JMS protocol. Is it possible? -- Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
