设置与ActiveMQ的LDAP集成时遇到麻烦(在centos7上)管理页面 [英] trouble setting up LDAP integration with ActiveMQ (on centos7) admin page
问题描述
我已经阅读了所有可以找到的页面,但我没有得到任何帮助.我只是一个简单的农夫(系统管理员),而且我用光了头发才能拔出.
I have read every page I can find on this, and I just am not getting something. I am but a simple farmer (sysadmin), and I am running out hair to pull out.
我做了什么:在Centos7机器上,我通过下载最新的tarball并将其扩展安装了apache-activemq-5.15.8.我设置了一个服务文件和一些其他细节,该服务将运行,并且可以使用默认凭据登录到管理页面.作为受虐狂,我致力于通过为管理页面配置LDAP集成来使此应用程序的用户轻松".那是战斗开始的时候.
What I did: On a Centos7 box, I installed apache-activemq-5.15.8 by downloading the latest tarball, and expanding it. I set up a service file and a few other niceties, and the service will run, and I could log into the admin page with the default creds. Being a masochist, I deiced to make it 'easy' for the users of this app by configuring LDAP integration for the admin page... and that's when the fight started.
我在Apache页面上发现了一些冲突的信息.即: http://activemq.apache.org/security.html 和 http://activemq.apache.org/cached-ldap-authorization-module.html
I found some conflicting information on the Apache pages. Namely: http://activemq.apache.org/security.html and http://activemq.apache.org/cached-ldap-authorization-module.html
但是我发现一些页面似乎更有帮助,例如: https://bacedifo.blogspot.com/2013/06/securing-activemq-580-web-console-using.html 和
But I found some pages that seem more helpful, like: https://bacedifo.blogspot.com/2013/06/securing-activemq-580-web-console-using.html and ActiveMQ Web console using LDAP Active Directory authentication
The error I am getting is basically the same as from this question: Configuring Activemq web console to use LDAP for authorization and authentication but the answer does not give me enough to go on... I might need it one and two syllable words.
管理员页面显示此错误:
The admin page shows this error:
activemq.log文件显示此错误:
The activemq.log file shows this error:
java.lang.AbstractMethodError: org.eclipse.jetty.jaas.JAASLoginService.login(Ljava/lang/String;Ljava/lang/Object;)Lorg/eclipse/jetty/server/UserIdentity;
at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:61)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:92)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:512)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.server.Server.handle(Server.java:499)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:258)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)[jetty-all-9.2.25.v20180606.jar:9.2.25.v20180606]
at java.lang.Thread.run(Thread.java:748)[:1.8.0_201]
我的conf更改是: 下载了jetty-jaas-9.4.15.v20190215.jar和ldaptive-1.2.4.jar并将它们复制到$ ACTIVEMQ_HOME/lib
My conf changes are: downloaded jetty-jaas-9.4.15.v20190215.jar and ldaptive-1.2.4.jar and copied them to $ACTIVEMQ_HOME/lib
更改了$ ACTIVEMQ_HOME/conf/login.config:
changed $ACTIVEMQ_HOME/conf/login.config:
activemq-local {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
org.apache.activemq.jaas.properties.user="org/apache/activemq/security/users.properties"
org.apache.activemq.jaas.properties.group="org/apache/activemq/security/groups.properties";
};
contosoRealm {
org.ldaptive.jaas.LdapLoginModule required
debug=true
storePass="true"
ldapUrl="ldap://dc01.contoso.com:389"
bindDn="cn=SVC ActiveMQ,ou=Service Accounts,dc=contoso,dc=com"
baseDn="OU=User Accounts,DC=contoso,DC=com"
bindCredential="contos0_win5"
useStartTLS="false"
userFilter="(sAMAccountName={user})";
org.ldaptive.jaas.LdapRoleAuthorizationModule required
useFirstPass="true"
ldapUrl="ldap://dc01.contoso.com:389"
bindDn="cn=SVC ActiveMQ,ou=Service Accounts,dc=contoso,dc=com"
baseDn="OU=Security Groups,OU=Groups,DC=contoso,DC=com"
bindCredential="contos0_win5"
roleFilter="(&(cn=activemq_admins)(member={user}))"
useStartTLS="false"
defaultRole="admins"
roleAttribute="cn";
};
然后我配置了$ ACTIVEMQ_HOME/conf/jetty.xml
And I configured $ACTIVEMQ_HOME/conf/jetty.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="securityLDAPLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="contosoRealm" />
<property name="LoginModuleName" value="contosoRealm" />
<property name="roleClassNames" value="org.eclipse.jetty.jaas.JAASRole" />
<property name="identityService" ref="identityService" />
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins,ActiveMQ Admins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin,ActiveMQ Admins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
....
....
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="securityLDAPLoginService" />
<property name="identityService" ref="identityService" />
<property name="realmName" value="contosoRealm" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
如果您能做到这一点,我非常感谢!
If you made it this far, I thank you very much!
推荐答案
好的,我找到了!
因此,我与在这里工作的Java开发人员一起工作,他说了对你们中许多人来说显而易见的事情:类路径中没有某些必要的类.在一些测试和挖掘中,我通过扩展此处的说明来纠正此问题:使用LDAP Active Directory身份验证的ActiveMQ Web控制台
那里的答案说是将2个文件复制到/lib目录中,但这不包括依赖项.我找到了一包所有依赖项,(对它们进行了病毒总数检查)并将它们全部复制到/lib.虽然这不能解决所有问题,但确实可以解决此错误.我发现的那捆罐子在这里:
https://jar- download.com/artifacts/org.eclipse.jetty/jetty-jaas/9.2.25.v20180606/source-code
So I worked with a java dev that works here, and he said what is likely obvious to many of you: Some necessary classes are not available in the classpath. In some testing and digging, I corrected this by expanding on the instructions found here: ActiveMQ Web console using LDAP Active Directory authentication
The answer there says to copy 2 files into the /lib dir, but that does not include dependencies. I found a pack of all dependencies, (checked them on virus total) and copied them all to /lib. While this did not fix every issue, this did fix this error. The bundle of jars I found is here:
https://jar-download.com/artifacts/org.eclipse.jetty/jetty-jaas/9.2.25.v20180606/source-code
这篇关于设置与ActiveMQ的LDAP集成时遇到麻烦(在centos7上)管理页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
