I am using ActiveMQ Version 5.7.0 with Jetty on a RHEL 7 VM.
I have already enabled the ssl connector to access the web console via https.
Now I am trying to configure a webconsole access redirect from HTTP to HTTPS but I am really struggling with it.
In have found this guideline for "How to have Jetty redirect https to https" in this forum site: https://serverfault.com/questions/367660/how-to-have-jetty-redirect-http-to-https
I have problems to follow both steps since:
Step 1: Configure the web.xml file --> I don't know which of the following is the correct one:
apache-activemq-5.7.0/webapps/fileserver/WEB-INF/web.xml
apache-activemq-5.7.0/webapps/admin/WEB-INF/web.xml
Step 2: The instruction looks very different from the jetty.xml file of ActiveMQ where different connectors are used:
<property name="connectors">
<list>
<bean id="Connector" class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<property name="port" value="8161" />
</bean>
<bean id="SecureConnector" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<property name="port" value="8162" />
<property name="keystore" value="file:${activemq.conf}/broker.ks" />
<property name="password" value="password" />
</bean>
</list>
</property>
Can anyone help me please?
Thanks very much in advance.
The admin web app is the one you want to modify. The fileserver web app is for uploading files and it was removed in 5.14.0 via AMQ-6276 due to security issues (e.g. CVE-2016-3088).
I strongly encourage you to upgrade to the latest release.
Related
I was unable to access the ActiveMQ web console in 5.16 version.
I opened the required ports in AWS security group and I checked which ports are configured for console and the broker URL, yet the browser said "Page Not Found" so I looked into the jetty.xml and noticed this line:
<bean id="jettyPort" class="org.apache.activemq.web.WebConsolePort" init-method="start">
<!-- the default port number for the web console -->
<property name="host" value="127.0.0.1"/>
<property name="port" value="8161"/>
</bean>
I changed the host to 0.0.0.0:
<bean id="jettyPort" class="org.apache.activemq.web.WebConsolePort" init-method="start">
<!-- the default port number for the web console -->
<property name="host" value="0.0.0.0"/>
<property name="port" value="8161"/>
</bean>
Now I am able to access the web console. However does this give any security risk?
There is always inherently more risk when exposing additional points of entry into a system (e.g. a management console).
The ActiveMQ web console is a powerful tool which can be used to delete messages, remove destinations, stop the broker, etc. If a user gains unauthorized access to the web console then they can make a real mess. If you expose the web console to external users then be sure to secure it according to the documentation.
I am trying to use Ignite to store the table in cache using C++. We are using REST API for requesting the data. I have configured the xml like this
<property name="connectorConfiguration">
<bean class="org.apache.ignite.configuration.ConnectorConfiguration">
<property name="host" value="localhost"/>
<property name="port" value="8085"/>
</bean>
</property>
And send a request using curl
curl -X POST http://localhost:8085/ignite?cmd=version
But the response i got like this curl: (52) Empty reply from server .How can i cache the data using REST POST request?
ConnectorConfiguration.port is not responsible for REST API port. You can specify it using JETTY_REST_PORT JVM parameter:
$ JVM_OPTS='-DIGNITE_JETTY_PORT=8085' ignite.sh
It can also be changed in Jetty configuration. Path to Jetty configuration file can be specified using ConnectorConfiguration.jettyPath property.
I am relatively new to SOAP web services, and it seems to be a basic thing, but still, I cannot find the way so solve it. I have a SOAP server written using Spring WS with XWS security. These are the relevant beans:
<bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
<property name="policyConfiguration"
value="classpath:security-policy.xml"/>
<property name="callbackHandlers">
<list>
<ref bean="passwordValidationHandler"/>
</list>
</property>
</bean>
<bean id="passwordValidationHandler" class="org.springframework.ws.soap.security.xwss.callback.SimplePasswordValidationCallbackHandler">
<property name="users">
<props>
<prop key="user">*****</prop>
</props>
</property>
</bean>
And the following is security-policy.xml:
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:RequireUsernameToken passwordDigestRequired="true" nonceRequired="true"/>
<xwss:UsernameToken digestPassword="true" useNonce="true"/>
</xwss:SecurityConfiguration>
The thing is that I want to extablish a digest authentication using nonce (a one-time token that prevents an intercepted request from being sent again). As far as I know (and it is described here http://www.whitemesa.com/soapauth.html#S4), the server should create a challenge (nonce and timestamp, I think) and then the client should encrypt it with its password and timestamp and send it back to the server for verification. And this it should work for every request. Even if the user sends an empty request, the server should provide a challenge. But in my case it does not work. Am I missing something?
As it turned up, it is not necessarily the server who should generate nonce. I generated it on client, concatenated and hashed it according to the rules and then sent to the server. Frankly speaking, I could only find the root of error by debugging Spring WS sources and looking for where exactly an authentication problem is.
I am developing a soap web service client with spring.
I am using webServiceTemplate
How do I specify which kind of version of soap do I use?
I can see that it s using soap 1.1 by default.
I want to force it to use soap 1.2
How can I do that?
<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory">
<property name="soapVersion">
<util:constant static-field="org.springframework.ws.soap.SoapVersion.SOAP_12"/>
</property>
</bean>
i just found, i need to pass a message Factory
You just specify the soap version in the configuration file of spring usually spring.cfg.xml in the following way:
<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory">
<property name="soapVersion">
<util:constant static-field="org.springframework.ws.soap.SoapVersion.SOAP_12"/>
</property>
</bean>
i'm working on a webapp offering SOAP WebServices using Spring-WS 2.0. The WebService Requests need to be signed with a certificate which is of course validated on the server. In order to do this WSS4J and a truststore is used - here the spring-config:
<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="validationActions" value="Signature" />
<property name="validationSignatureCrypto">
<bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="keyStorePassword" value="pass"/>
<property name="keyStoreLocation" value="location"/>
</bean>
</property>
</bean>
The application should be deployed to WebSphere 7 and the major requirement is, that the truststore should not be shipped with the application but be provided by the Application Server.
Does anybody know how i can achieve, that WebSphere either provides the truststore or how WebSphere can be configured to perform the security authorization ? The major challenge seems to be, that Spring-WS is used instead of using the WebSphere's facility for WebServices...
I don't work with Spring-WS so don't know the details of it.
WAS has a truststore which is where the list of trusted signer certificates are stored.
THe keystores and truststores can kept # multiple levels if you desire (e.g node,cell etc).
For detailed info you can look at a publicly available PPT
http://www.websphereusergroup.org.uk/wug/files/presentations/25/25_3_WAS61SecUpdate.pdf.
I don't know the version of WAS that you are using WAS 6.1 and WAS 7.x are the most widely used ones these days!
HTH
Manglu