Closed ttichy closed 4 months ago
Could you tell me the steps to reproduce the issue?
deploy bitnami activemq 6.0.1 to aws.
ssh into the instance
curl -XGET -H "Origin: https://localhost" --user admin:whatever http://localhost:8161/api/jolokia/read/java.lang:type=Memory/*
Observe the JSON answer instead of HTTP 401 regardless of the user and password
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
It happens because of change in the org.eclipse.jetty.security.ConstraintMapping
bean, pathSpec
property for securityConstraint
constraint ref
In ActiveMQ 5, the setting was /,/api/*,*.jsp,*.html,*.js,*.css,*.png,*.gif,*.ico"
.
In ActiveMQ 6, the setting is *.jsp
.
In my case I changed the pathSpec to /*
.
(This is in jetty.xml config file)
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
Platform
Google Cloud Platform
bndiagnostic ID know more about bndiagnostic ID
90ab5f83-efff-1d6e-e68f-06513847119c
bndiagnostic output
No response
bndiagnostic was not useful. Could you please tell us why?
It doesn't test activemq console security setup
Describe your issue as much as you can
The 6.0.1 version of bitnami doesn't secure the web console with username and password. Instead, it relies on host 127.0.0.1.
Previous versions (5.17 and 5.18 afaik) used
jetty-realm.properties
andorg.eclipse.jetty.security.HashLoginService
to ensure only authorized users were able to access the console