activemq-artemis/examples/jms/jaas/readme.html

98 lines
5.4 KiB
HTML
Raw Normal View History

<html>
<head>
<title>HornetQ JAAS Example</title>
<link rel="stylesheet" type="text/css" href="../common/common.css" />
<link rel="stylesheet" type="text/css" href="../common/prettify.css" />
<script type="text/javascript" src="../common/prettify.js"></script>
</head>
<body onload="prettyPrint()">
<h1>JAAS Example</h1>
<p>This example shows you how to configure HornetQ to use JAAS for security.</p>
<p>HornetQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.</p>
<p>
The example will show how to configure HornetQ with JAAS in <a href="server0/hornetq-beans.xml">hornetq-beans.xml</a>
(You would use <literal>hornetq-jboss-beans.xml</literal> if you are running inside JBoss Application
Server).
It will use a simple <code>LoginModule</code> without any user interaction.
The example will create a connection and authenticate the user with this JAAS LoginModule, send a message
to a queue and receive it (see the <a href="../../queue/readme.html">Queue example</a> for a complete description
of the application code)
</p>
<p>Note than the example actually sets the security manager via the maven pom.xml, however for we will discuss as if
the hornetq-beans.xml is being configured, the example beans file can be found under the <code>src/main/resources</code>
directory</p>
<h2>Example setup</h2>
<p>HornetQ can use a JAAS security manager by specifying it in <a href="server0/hornetq-beans.xml">hornetq-beans.xml</a>:</p>
<pre class="prettyprint">
&lt;!-- The security manager using JAAS --&gt;
&lt;bean name=&quot;HornetQSecurityManager&quot; class=&quot;org.apache.activemq.integration.jboss.security.JAASSecurityManager&quot;&gt;
&lt;property name=&quot;configurationName&quot;&gt;org.apache.activemq.jms.example.ExampleLoginModule&lt;/property&gt;
&lt;property name=&quot;configuration&quot;&gt;
&lt;inject bean=&quot;ExampleConfiguration&quot;/&gt;
&lt;/property&gt;
&lt;property name=&quot;callbackHandler&quot;&gt;
&lt;inject bean=&quot;ExampleCallbackHandler&quot; /&gt;
&lt;/property&gt;
&lt;/bean&gt;
&lt;!-- JAAS uses a simple LoginModule where the user credentials and roles are
specified as options in the constructor --&gt;
&lt;bean name=&quot;ExampleConfiguration&quot; class=&quot;org.apache.activemq.jms.example.ExampleConfiguration&quot;&gt;
&lt;constructor&gt;
&lt;parameter&gt;org.apache.activemq.jms.example.ExampleLoginModule&lt;/parameter&gt;
&lt;parameter&gt;
&lt;map class=&quot;java.util.HashMap&quot; keyClass=&quot;java.lang.String&quot;
valueClass=&quot;java.lang.String&quot;&gt;
&lt;entry&gt;
&lt;key&gt;user&lt;/key&gt;
&lt;value&gt;jboss&lt;/value&gt;
&lt;/entry&gt;
&lt;entry&gt;
&lt;key&gt;pass&lt;/key&gt;
&lt;value&gt;redhat&lt;/value&gt;
&lt;/entry&gt;
&lt;entry&gt;
&lt;key&gt;role&lt;/key&gt;
&lt;value&gt;guest&lt;/value&gt;
&lt;/entry&gt;
&lt;/map&gt;
&lt;/parameter&gt;
&lt;/constructor&gt;
&lt;/bean&gt;
&lt;!-- the CallbackHandler does nothing as we don&apos;t have any user interaction --&gt;
&lt;bean name=&quot;ExampleCallbackHandler&quot; class=&quot;org.apache.activemq.jms.example.ExampleCallbackHandler&quot;
/&gt;
</pre>
<ul>
<li>the HornetQSecurityManager's <code>configurationName</code> must be the name of the Java class implementing <code>LoginModule</code></li>
<li>the <code>callbackHandler</code> property must be an implementation of <code>CallbackHandler</code>. In this example, the ExampleCallbackHandler
does nothing since the authentication requires no user interaction</li>
<li>the <code>configuration</code> property must be an implementation of <code>Configuration</code>. For simplicity, we pass directly the
user credentials as options to the <code>ExampleConfiguration</code> constructor. These options will be passed to an instance
of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat"
and it has the role "guest". </li>
</ul>
<h2>Example step-by-step</h2>
<p><i>To run the example, simply type <code>mvn verify</code> from this directory</i></p>
<p>The only relevant step with regard to JAAS configuration is step 4 (all the other
steps are identical to the <a href="../../queue/readme.html">Queue example</a>).
<ol start="4">
<li>We create a JMS Connection with user "jboss" and password "redhat". Any other
combination of name and password won't be valid for the ExampleLoginModule</li>
<pre class="prettyprint">
<code>connection = cf.createConnection("jboss", "redhat");</code>
</pre>
</ol>
<h2>More information</h2>
<ul>
<li>User Manual's <a href="../../../docs/user-manual/en/html_single/index.html#security">Security chapter</a></li>
</ul>
</body>
</html>