Hi Martin That's normal: broker authentication and webconsole/api authentication are two different layers (it's intentional). If, in theory, it would be possible to configure conf/jetty.xml to use the same authentication files as for broker, Jetty doesn't use exactly the same authentication schema.
A possible option would be to add a Jetty authentication plugin supporting the authentication broker, or use the same JAAS realm. If you create a Jira, I can work on this :) Regards JB On Fri, Apr 12, 2024 at 1:44 PM Zeissig, Martin <mzeis...@gk-software.com> wrote: > > Dear Community > > I tried to setup my ActiveMQ broker with authentication which is working > fine. But for productive usage I would like to encrypt plain passwords in the > property files. I used the following guides: > > https://activemq.apache.org/components/classic/documentation/security > https://activemq.apache.org/components/classic/documentation/encrypted-passwords > > The user setup with encrypted passwords is working now for the broker but not > for the web-based services like /admin or /api. After long reading I've only > found the possibility to use the old approach from ActiveMQ v5x using > jetty-realm.properties which supports encrypted passwords via Jetty's > Password Utilility. > > At the moment it seems when using encrypted passwords that I have to maintain > 2 files in parallel with users and also different encryption algorithms. One > for the broker and one for the web-based services. > > Is it somehow possible to use the same User/Groups from the broker also for > the web-based services when using password encryption in file > credentials-enc.properties? I don't want to configure 2 files. Additionally I > am not happy with insecure hashes from Jetty Utility (OBF / MD5 / CRYPT). > > I look forward to your feedback. > > Best regards > Martin
