ACTIVEMQ WEBCONSOLE BROKE CONNECTION | JNDI Question

Mon, 07 Nov 2022 10:21:47 -0800 

Hi All,

ISSUE:

We have Installed AMQ in a MASTER/SLAVE pair for both Consumers and Producers.
We also have installed the Web console to list all the queues using the MBEAN 
connector.
AS part of this implementation, we have provided the JMX plain username and 
password in the Catalina.sh script.

We have been told this is a Security threat and are requested to remove the 
Plain password from the process.The config and output is as shown below.

activemq.xml:

<managementContext>
                    <managementContext createConnector="true"  
connectorPort="5014">
                    <property 
xmlns="http://www.springframework.org/schema/beans"; name="environment">
                     <map xmlns="http://www.springframework.org/schema/beans";>
                     <entry xmlns="http://www.springframework.org/schema/beans";
                                 key="jmx.remote.x.password.file"
                                   value="${activemq.base}/conf/jmx.password"/>
                     <entry xmlns="http://www.springframework.org/schema/beans";
                               key="jmx.remote.x.access.file"
                                 value="${activemq.base}/conf/jmx.access"/>
                     </map>
                    </property>
                  </managementContext>


Catalina.sh :

JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
-Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
-Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
 -Dwebconsole.jmx.user=admin -Dwebconsole.jmx.password=*******”


The process displays the password in plain text. So to overcome this issue we 
tried the below configuration in Catalina.sh but no luck,

JAVA_OPTS="$JAVA_OPTS -Dwebconsole.type=properties 
-Dwebconsole.jms.url=failover:\(tcp://MASTER:52671,tcp://SLAVE:52671\) 
-Dwebconsole.jmx.url=service:jmx:rmi:///jndi/rmi://MASTER:5014/jmxrmi,service:jmx:rmi:///jndi/rmi://SLAVE:5014/jmxrmi
 -Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.password.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.password
 
-Dcom.sun.management.jmxremote.access.file=/opt/sncr/product/ActiveMQ/DEV/AMQ_ETL_MASTER/apache-activemq-5.16.4/conf/jmx.access
 -Dcom.sun.management.jmxremote.rmi.port=5014 
-Dcom.sun.management.jmxremote.authenticate=true”


Question: Is there a way to hide the password in the tomcat configuration to 
authenticate to the brokers?


Thanks,
Kashyap.

Reply via email to