2014-10-31 06:20:28 -04:00
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<title>HornetQ JAAS Example</title>
|
|
|
|
<link rel="stylesheet" type="text/css" href="../common/common.css" />
|
|
|
|
<link rel="stylesheet" type="text/css" href="../common/prettify.css" />
|
|
|
|
<script type="text/javascript" src="../common/prettify.js"></script>
|
|
|
|
</head>
|
|
|
|
<body onload="prettyPrint()">
|
|
|
|
<h1>JAAS Example</h1>
|
|
|
|
|
|
|
|
<p>This example shows you how to configure HornetQ to use JAAS for security.</p>
|
|
|
|
<p>HornetQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
The example will show how to configure HornetQ with JAAS in <a href="server0/hornetq-beans.xml">hornetq-beans.xml</a>
|
|
|
|
(You would use <literal>hornetq-jboss-beans.xml</literal> if you are running inside JBoss Application
|
|
|
|
Server).
|
|
|
|
It will use a simple <code>LoginModule</code> without any user interaction.
|
|
|
|
The example will create a connection and authenticate the user with this JAAS LoginModule, send a message
|
|
|
|
to a queue and receive it (see the <a href="../../queue/readme.html">Queue example</a> for a complete description
|
|
|
|
of the application code)
|
|
|
|
</p>
|
|
|
|
<p>Note than the example actually sets the security manager via the maven pom.xml, however for we will discuss as if
|
|
|
|
the hornetq-beans.xml is being configured, the example beans file can be found under the <code>src/main/resources</code>
|
|
|
|
directory</p>
|
|
|
|
<h2>Example setup</h2>
|
|
|
|
<p>HornetQ can use a JAAS security manager by specifying it in <a href="server0/hornetq-beans.xml">hornetq-beans.xml</a>:</p>
|
|
|
|
<pre class="prettyprint">
|
|
|
|
<!-- The security manager using JAAS -->
|
2014-11-17 09:23:06 -05:00
|
|
|
<bean name="HornetQSecurityManager" class="org.apache.activemq.integration.jboss.security.JAASSecurityManager">
|
|
|
|
<property name="configurationName">org.apache.activemq.jms.example.ExampleLoginModule</property>
|
2014-10-31 06:20:28 -04:00
|
|
|
<property name="configuration">
|
|
|
|
<inject bean="ExampleConfiguration"/>
|
|
|
|
</property>
|
|
|
|
<property name="callbackHandler">
|
|
|
|
<inject bean="ExampleCallbackHandler" />
|
|
|
|
</property>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
<!-- JAAS uses a simple LoginModule where the user credentials and roles are
|
|
|
|
specified as options in the constructor -->
|
2014-11-17 09:23:06 -05:00
|
|
|
<bean name="ExampleConfiguration" class="org.apache.activemq.jms.example.ExampleConfiguration">
|
2014-10-31 06:20:28 -04:00
|
|
|
<constructor>
|
2014-11-17 09:23:06 -05:00
|
|
|
<parameter>org.apache.activemq.jms.example.ExampleLoginModule</parameter>
|
2014-10-31 06:20:28 -04:00
|
|
|
<parameter>
|
|
|
|
<map class="java.util.HashMap" keyClass="java.lang.String"
|
|
|
|
valueClass="java.lang.String">
|
|
|
|
<entry>
|
|
|
|
<key>user</key>
|
|
|
|
<value>jboss</value>
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
|
|
<key>pass</key>
|
|
|
|
<value>redhat</value>
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
|
|
<key>role</key>
|
|
|
|
<value>guest</value>
|
|
|
|
</entry>
|
|
|
|
</map>
|
|
|
|
</parameter>
|
|
|
|
</constructor>
|
|
|
|
</bean>
|
|
|
|
|
|
|
|
<!-- the CallbackHandler does nothing as we don't have any user interaction -->
|
2014-11-17 09:23:06 -05:00
|
|
|
<bean name="ExampleCallbackHandler" class="org.apache.activemq.jms.example.ExampleCallbackHandler"
|
2014-10-31 06:20:28 -04:00
|
|
|
/>
|
|
|
|
</pre>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
<li>the HornetQSecurityManager's <code>configurationName</code> must be the name of the Java class implementing <code>LoginModule</code></li>
|
|
|
|
<li>the <code>callbackHandler</code> property must be an implementation of <code>CallbackHandler</code>. In this example, the ExampleCallbackHandler
|
|
|
|
does nothing since the authentication requires no user interaction</li>
|
|
|
|
<li>the <code>configuration</code> property must be an implementation of <code>Configuration</code>. For simplicity, we pass directly the
|
|
|
|
user credentials as options to the <code>ExampleConfiguration</code> constructor. These options will be passed to an instance
|
|
|
|
of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat"
|
|
|
|
and it has the role "guest". </li>
|
|
|
|
</ul>
|
|
|
|
|
|
|
|
<h2>Example step-by-step</h2>
|
|
|
|
<p><i>To run the example, simply type <code>mvn verify</code> from this directory</i></p>
|
|
|
|
<p>The only relevant step with regard to JAAS configuration is step 4 (all the other
|
|
|
|
steps are identical to the <a href="../../queue/readme.html">Queue example</a>).
|
|
|
|
<ol start="4">
|
|
|
|
<li>We create a JMS Connection with user "jboss" and password "redhat". Any other
|
|
|
|
combination of name and password won't be valid for the ExampleLoginModule</li>
|
|
|
|
<pre class="prettyprint">
|
|
|
|
<code>connection = cf.createConnection("jboss", "redhat");</code>
|
|
|
|
</pre>
|
|
|
|
</ol>
|
|
|
|
|
|
|
|
<h2>More information</h2>
|
|
|
|
|
|
|
|
<ul>
|
|
|
|
<li>User Manual's <a href="../../../docs/user-manual/en/html_single/index.html#security">Security chapter</a></li>
|
|
|
|
</ul>
|
|
|
|
</body>
|
|
|
|
</html>
|