How to change the JAAS role name used by the ActiveMQ web console when security is enabled?
Environment
- Fuse MQ Enterprise 7.x
- Fuse ESB Enterprise 7.x
Issue
When enabling security in the ActiveMQ web console, the default role name "admin" is assumed. How can this role name be changed?
E.g. if authenticating against an external security system such as LDAP the administrator role name may be different than "admin".
Resolution
The ActiveMQ web console in 7.1. is deployed as a war file and resides in
system/org/fusesource/mq/mq-web-console/7.1.0.fuse-047/mq-web-console-7.1.0.fuse-047.war
The default role name is configured in WEB-INF/web.xml, in section
<security-constraint>
<display-name>FuseMQ</display-name>
<web-resource-collection>
<web-resource-name>FuseMQ</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
In order to change that role name its necessary to extract WEB-INF/web.xml, modify the role name, and update the war file with the modified web.xml file again. You then also need to run an osgi:update on the ActiveMQ web console bundle.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments