> I am hoping there is a way to pass authenticated credential from step 2 to step 3, then 4.
Looking at the code I don't see where any credentials are taken from the incoming HTTP requests and passed along to the messaging operations. As you noted, everything is hard-code to not use security. > Or better yet, avoid the 2nd authentication and authorization at Artemis server (with security on) all together. I believe the only way to accomplish that would be to completely rewrite the REST interface. > It seems to me that artemis-rest expects us to secure rest interface URLs with Artemis server security turned off. Yes, I believe that was an original design assumption of the REST interface implementation. > In my case, I am hoping to secure both rest interface URLs and tcp:61616 so that client can post message via rest or via normal JMS protocol. Is it possible? That doesn't look to be possible at this point from what I can tell. Out of curiosity, is there a reason you're wanting to use the REST interface (which is not standardized) vs. a lightweight protocol like STOMP (which is standardized)? Justin On Mon, Oct 29, 2018 at 10:37 PM shumin <shuminl...@yahoo.com> wrote: > What I described in my previous post are securing all URLs via web.xml. I > am > using a Servlet filter to enforce basic authentication using the same > security realm as the Artemis server. The issue is that the security > credential from war is not carried over to Artemis server as the server has > it own security turned on although they both use the same realm. Here is > the sequence (and you can see it from the stacktrace) > > 1. curl --user user:password http://localhost:8161/queue/myQueue > 2. the Servlet filter authenticated and authorized the access > 3. artemis-reat creates session at > org.apache.activemq.artemis.rest.queue.QueueDestinationsResource.java:102. > > 4. It passes hard-coded null for both user and password at > > org.apache.activemq.artemis.rest.queue.QueueDestinationsResource.findQueue(QueueDestinationsResource.java:102) > 5. Exception thrown from server that username is null. > > I am hoping there is a way to pass authenticated credential from step 2 to > step 3, then 4. Or better yet, avoid the 2nd authentication and > authorization at Artemis server (with security on) all together. > > It seems to me that artemis-rest expects us to secure rest interface URLs > with Artemis server security turned off. In my case, I am hoping to secure > both rest interface URLs and tcp:61616 so that client can post message via > rest or via normal JMS protocol. Is it possible? > > > > -- > Sent from: > http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html >