Yes, it is possible to configure multiple PropertiesLoginModules to
separate console users from broker users. You'd need to create multiple
entries in your etc/login.config, e.g.:
activemq {
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
required
debug=false
reload=true
org.apache.activemq.jaas.properties.user="artemis-users.properties"
org.apache.activemq.jaas.properties.role="artemis-roles.properties";
};
console {
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
required
debug=false
reload=true
org.apache.activemq.jaas.properties.user="console-users.properties"
org.apache.activemq.jaas.properties.role="console-roles.properties";
};
Then in your etc/artemis.profile you'd need to change the value of the
"hawtio.realm" system property to use the new entry, e.g.:
-Dhawtio.realm=console
Keep in mind that all the user management commands will only work on the
broker-specific entry. You'll have to manage console users manually.
Justin
On Thu, May 12, 2022 at 6:03 AM Jo De Troy <[email protected]> wrote:
> Hello,
>
> is it possible to create multiple propertiesLoginModules, e.g. 1 for broker
> access and 1 for console access? Or how should/can you separate users
> between broker and console?
> I've tried it but it seems like I only see 1 of the propertiesLoginModules
> user/roles back in the artemis-{users/roles}.properties
>
> Best Regards,
> Jo
>
