In many environments, users want to restrict access to ActiveMQ web server (Jetty) and web console application in particular. Here’s how to do it for ActiveMQ 5.3.1 version of broker.
In 5.3.1, the whole web server configuration is placed in the ${ACTIVEMQ_HOME}/conf/jetty.xml file. The configuration file you can find at here is a drop-in replacement for a default jetty configuration and you should place it in your configuration folder.
Besides that you’ll need to create a ${ACTIVEMQ_HOME}/conf/jetty-realm.properties with the following content:
It’s a classic Jetty hash user realm file that defines one user, with it’s password and roles in each line (Downloadable from here). By default, as you can see in the realm file, you can use admin/admin credentials to access ActiveMQ web server. You should adapt this file to your security needs.
So, after making these changes and restarting your broker, you should get basic authentication dialog before you’d be able to proceed. If you want to later on disable the authentication, you can do that easily by changing the line
to
ActiveMQ 5.4.0 will come with this configuration enabled by default and if you wish to secure older versions of the ActiveMQ take a look at this article.
Hello,
Just a small correction in jetty file :
to
That’s all,
Thank you for your post,
titexe
This is not working for 5.3.2 embedded ActiveMQ Web console.
Can you post what’s you’re doing and experiencing to the ActiveMQ user forum?
Worked for me for Apache 5.3.2
However, the first comment said changed to (yes the empty space is intentional).
However, after a quick investigation, I figured out it was
Change
conf/jetty-realm.properties
to
${activemq.base}/conf/jetty-realm.properties
I hope that was what was in comment 1. Well worked for me.
Just Another Developer
By the way:
Really Appreciate the help and information provided.
Thanks!!
Hi Dejan,
User passwords are stored as clear text in ‘jetty-realm.properties’ file. Is it possible to use encrypted passwords to access Web Console ?
Thanks,
Vlad