[ActiveMQ] Web console doesn't require username and password in 6.0.1

[ttichy]

Platform

Google Cloud Platform

bndiagnostic ID know more about bndiagnostic ID

90ab5f83-efff-1d6e-e68f-06513847119c

bndiagnostic output

No response

bndiagnostic was not useful. Could you please tell us why?

It doesn't test activemq console security setup

Describe your issue as much as you can

The 6.0.1 version of bitnami doesn't secure the web console with username and password. Instead, it relies on host 127.0.0.1.

Previous versions (5.17 and 5.18 afaik) used jetty-realm.properties and org.eclipse.jetty.security.HashLoginService to ensure only authorized users were able to access the console

[mdhont]

Could you tell me the steps to reproduce the issue?

[ttichy]

deploy bitnami activemq 6.0.1 to aws. ssh into the instance curl -XGET -H "Origin: https://localhost" --user admin:whatever http://localhost:8161/api/jolokia/read/java.lang:type=Memory/* Observe the JSON answer instead of HTTP 401 regardless of the user and password

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[ttichy]

It happens because of change in the org.eclipse.jetty.security.ConstraintMapping bean, pathSpec property for securityConstraint constraint ref In ActiveMQ 5, the setting was /,/api/*,*.jsp,*.html,*.js,*.css,*.png,*.gif,*.ico". In ActiveMQ 6, the setting is *.jsp.

In my case I changed the pathSpec to /*. (This is in jetty.xml config file)

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions[bot]]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.