Introduction
ActiveMQ console, by default, use jetty as web container. The login credentials are not encrypted. In the enterprise application, this will not pass the security scan. Thus we need to encrypt the password. This blog will document the process for such a purpose.
Executive Summary
- Download Jetty Utility from: http://download.eclipse.org/jetty/
- run: java -cp lib/jetty-util-$JETTY_VERSION.jar org.eclipse.jetty.util.security.Password admin admin
- replace the admin password in jetty-realm.properties
Detailed Procedures
Download Jetty Utlity
The jetty utility can be downloaded from http://download.eclipse.org/jetty/. At the writing, the latest version is stable-9. For linux, you will need to download .tgz file. Unpack the archive file using the following command:
tar vxzf /software/JETTY/jetty-distribution-9.2.10.v20150310.tar.gz
In my case, I install the jetty under
/opt/app/amq/jetty/
Once you unzip the file, you can use the following command to create encrypted password:
java -cp lib/jetty-util-$JETTY_VERSION.jar org.eclipse.jetty.util.security.Password admin admin
Here is the output
java -cp lib/jetty-util-$JETTY_VERSION.jar org.eclipse.jetty.util.security.Password admin admin 2015-03-30 15:19:15.977:INFO::main: Logging initialized @48ms admin OBF:1u2a1toa1w8v1tok1u30 MD5:21232f297a57a5a743894a0e4a801fc3 CRYPT:adpexzg3FUZAk
Now we can copy the line of: CRYPT:adpexzg3FUZAk to the file of jetty-realm.properties, and here is the how the file looks like:
$ cat jetty-realm.properties ## --------------------------------------------------------------------------- ## Licensed to the Apache Software Foundation (ASF) under one or more ## contributor license agreements. See the NOTICE file distributed with ## this work for additional information regarding copyright ownership. ## The ASF licenses this file to You under the Apache License, Version 2.0 ## (the "License"); you may not use this file except in compliance with ## the License. You may obtain a copy of the License at ## ## http://www.apache.org/licenses/LICENSE-2.0 ## ## Unless required by applicable law or agreed to in writing, software ## distributed under the License is distributed on an "AS IS" BASIS, ## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ## See the License for the specific language governing permissions and ## limitations under the License. ## --------------------------------------------------------------------------- # Defines users that can access the web (console, demo, etc.) # username: password [,rolename ...] admin: CRYPT:adpexzg3FUZAk, admin user: CRYPT:us6EKZMmfBVwI, user
As you can see the original password: "admin" is replaced with "CRYPT:adpexzg3FUZAk". Now you can restart the activemq.
Great help! Thanks
ReplyDeleteThe syntax "CRYPT:" conflicts with the official ActiveMQ documentation that says to use the syntax "ENC()". I can get neither to work.
ReplyDeleteThe ActiveMQ web console still uses crendential.properties to authenticate with the broker and that files does not contain encrypted passwords
ReplyDelete