Securing ActiveMQ 5.3.1 console

In many environments, users want to restrict access to ActiveMQ web server (Jetty) and web console application in particular. Here’s how to do it for ActiveMQ 5.3.1 version of broker.

In 5.3.1, the whole web server configuration is placed in the ${ACTIVEMQ_HOME}/conf/jetty.xml file. The configuration file you can find at here is a drop-in replacement for a default jetty configuration and you should place it in your configuration folder.

Besides that you’ll need to create a ${ACTIVEMQ_HOME}/conf/jetty-realm.properties with the following content:

It’s a classic Jetty hash user realm file that defines one user, with it’s password and roles in each line (Downloadable from here). By default, as you can see in the realm file, you can use admin/admin credentials to access ActiveMQ web server. You should adapt this file to your security needs.

So, after making these changes and restarting your broker, you should get basic authentication dialog before you’d be able to proceed. If you want to later on disable the authentication, you can do that easily by changing the line

to

ActiveMQ 5.4.0 will come with this configuration enabled by default and if you wish to secure older versions of the ActiveMQ take a look at this article.

6 comments

  1. Hello,

    Just a small correction in jetty file :

    to

    That’s all,

    Thank you for your post,

    titexe

  2. Can you post what’s you’re doing and experiencing to the ActiveMQ user forum?

  3. Worked for me for Apache 5.3.2

    However, the first comment said changed to (yes the empty space is intentional).

    However, after a quick investigation, I figured out it was

    Change
    conf/jetty-realm.properties

    to
    ${activemq.base}/conf/jetty-realm.properties

    I hope that was what was in comment 1. Well worked for me.

    Just Another Developer

  4. By the way:

    Really Appreciate the help and information provided.

    Thanks!!

  5. Hi Dejan,

    User passwords are stored as clear text in ‘jetty-realm.properties’ file. Is it possible to use encrypted passwords to access Web Console ?

    Thanks,
    Vlad

Comments are closed.