ARTEMIS-352 security examples readme fix
This commit is contained in:
parent
1dc7a8946a
commit
c2be2d452c
|
@ -25,12 +25,12 @@ under the License.
|
||||||
<script type="text/javascript" src="../../../common/prettify.js"></script>
|
<script type="text/javascript" src="../../../common/prettify.js"></script>
|
||||||
</head>
|
</head>
|
||||||
<body onload="prettyPrint()">
|
<body onload="prettyPrint()">
|
||||||
<h1>JMS Security Example</h1>
|
<h1>JMS Security LDAP Example</h1>
|
||||||
|
|
||||||
<pre>To run the example, simply type <b>mvn verify</b> from this directory, <br>or <b>mvn -PnoServer verify</b> if you want to start and create the server manually.</pre>
|
<pre>To run the example, simply type <b>mvn verify</b> from this directory, <br>or <b>mvn -PnoServer verify</b> if you want to start and create the server manually.</pre>
|
||||||
|
|
||||||
|
|
||||||
<p>This example shows how to configure and use security using ActiveMQ Artemis with LDAP.</p>
|
<p>This example shows how to configure and use security using ActiveMQ Artemis and the Apache DS LDAP server.</p>
|
||||||
|
|
||||||
<p>With security properly configured, ActiveMQ Artemis can restrict client access to its resources, including
|
<p>With security properly configured, ActiveMQ Artemis can restrict client access to its resources, including
|
||||||
connection creation, message sending/receiving, etc. This is done by configuring users and roles as well as permissions in
|
connection creation, message sending/receiving, etc. This is done by configuring users and roles as well as permissions in
|
||||||
|
@ -42,41 +42,81 @@ under the License.
|
||||||
<p>For a full description of how to configure security with ActiveMQ Artemis, please consult the user
|
<p>For a full description of how to configure security with ActiveMQ Artemis, please consult the user
|
||||||
manual.</p>
|
manual.</p>
|
||||||
|
|
||||||
<p>This example demonstrates how to configure users/roles, how to configure topics with proper permissions using wild-card
|
<p>This example demonstrates how to configure users/roles in the Apache DS LDAP server, how to configure topics with
|
||||||
expressions, and how they take effects in a simple program. </p>
|
proper permissions using wild-card expressions, and how they take effects in a simple program.</p>
|
||||||
|
|
||||||
<p>First we need to configure users with roles. Users and Roles are configured in <code>activemq-users.xml</code>. This example has four users
|
<p>Users and roles are configured in Apache DS. The SecurityExample class will start an embedded version of Apache
|
||||||
configured as below </p>
|
DS and load the contents of example.ldif which contains the users and passwords for this example.</p>
|
||||||
|
|
||||||
<pre class="prettyprint">
|
<pre class="prettyprint">
|
||||||
<code>
|
<code>
|
||||||
<user name="bill" password="activemq">
|
dn: dc=activemq,dc=org
|
||||||
<role name="user"/>
|
dc: activemq
|
||||||
</user>
|
objectClass: top
|
||||||
|
objectClass: domain
|
||||||
|
|
||||||
<user name="andrew" password="activemq1">
|
dn: uid=bill,dc=activemq,dc=org
|
||||||
<role name="europe-user"/>
|
uid: bill
|
||||||
<role name="user"/>
|
userPassword: activemq
|
||||||
</user>
|
objectClass: account
|
||||||
|
objectClass: simpleSecurityObject
|
||||||
|
objectClass: top
|
||||||
|
|
||||||
<user name="frank" password="activemq2">
|
dn: uid=andrew,dc=activemq,dc=org
|
||||||
<role name="us-user"/>
|
uid: andrew
|
||||||
<role name="news-user"/>
|
userPassword: activemq1
|
||||||
<role name="user"/>
|
objectClass: account
|
||||||
</user>
|
objectClass: simpleSecurityObject
|
||||||
|
objectClass: top
|
||||||
|
|
||||||
<user name="sam" password="activemq3">
|
dn: uid=frank,dc=activemq,dc=org
|
||||||
<role name="news-user"/>
|
uid: frank
|
||||||
<role name="user"/>
|
userPassword: activemq2
|
||||||
</user>
|
objectClass: account
|
||||||
|
objectClass: simpleSecurityObject
|
||||||
|
objectClass: top
|
||||||
|
|
||||||
|
dn: uid=sam,dc=activemq,dc=org
|
||||||
|
uid: sam
|
||||||
|
userPassword: activemq3
|
||||||
|
objectClass: account
|
||||||
|
objectClass: simpleSecurityObject
|
||||||
|
objectClass: top
|
||||||
|
|
||||||
|
###################
|
||||||
|
## Define roles ##
|
||||||
|
###################
|
||||||
|
|
||||||
|
dn: cn=user,dc=activemq,dc=org
|
||||||
|
cn: user
|
||||||
|
member: uid=bill,dc=activemq,dc=org
|
||||||
|
member: uid=andrew,dc=activemq,dc=org
|
||||||
|
member: uid=frank,dc=activemq,dc=org
|
||||||
|
member: uid=sam,dc=activemq,dc=org
|
||||||
|
objectClass: groupOfNames
|
||||||
|
objectClass: top
|
||||||
|
|
||||||
|
dn: cn=europe-user,dc=activemq,dc=org
|
||||||
|
cn: europe-user
|
||||||
|
member: uid=andrew,dc=activemq,dc=org
|
||||||
|
objectClass: groupOfNames
|
||||||
|
objectClass: top
|
||||||
|
|
||||||
|
dn: cn=news-user,dc=activemq,dc=org
|
||||||
|
cn: news-user
|
||||||
|
member: uid=frank,dc=activemq,dc=org
|
||||||
|
member: uid=sam,dc=activemq,dc=org
|
||||||
|
objectClass: groupOfNames
|
||||||
|
objectClass: top
|
||||||
|
|
||||||
|
dn: cn=us-user,dc=activemq,dc=org
|
||||||
|
cn: us-user
|
||||||
|
member: uid=frank,dc=activemq,dc=org
|
||||||
|
objectClass: groupOfNames
|
||||||
|
objectClass: top
|
||||||
</code>
|
</code>
|
||||||
</pre>
|
</pre>
|
||||||
|
|
||||||
<p>
|
|
||||||
Each user has three properties available: user name, password, and roles it belongs to. It should be noted that
|
|
||||||
a user can belong to more than one role. In the above configuration, all users belong to role 'user'. User 'andrew' also
|
|
||||||
belongs to role 'europe-user', user 'frank' also belongs to 'us-user' and 'news-user' and user 'sam' also belongs to 'news-user'.
|
|
||||||
</p>
|
|
||||||
<p>
|
<p>
|
||||||
User name and password consists of a valid account that can be used to establish connections to a ActiveMQ Artemis server, while
|
User name and password consists of a valid account that can be used to establish connections to a ActiveMQ Artemis server, while
|
||||||
roles are used in controlling the access privileges against ActiveMQ Artemis topics and queues. You can achieve this control by
|
roles are used in controlling the access privileges against ActiveMQ Artemis topics and queues. You can achieve this control by
|
||||||
|
@ -129,13 +169,8 @@ under the License.
|
||||||
<p>To illustrate the effect of permissions, three topics are deployed. Topic 'genericTopic' matches 'jms.topic.#' wild-card, topic 'news.europe.europeTopic' matches
|
<p>To illustrate the effect of permissions, three topics are deployed. Topic 'genericTopic' matches 'jms.topic.#' wild-card, topic 'news.europe.europeTopic' matches
|
||||||
jms.topic.news.europe.#' wild-cards, and topic 'news.us.usTopic' matches 'jms.topic.news.us.#'.</p>
|
jms.topic.news.europe.#' wild-cards, and topic 'news.us.usTopic' matches 'jms.topic.news.us.#'.</p>
|
||||||
|
|
||||||
<p>With ActiveMQ Artemis, the security manager is also configurable. You can use JAASSecurityManager or JBossASSecurityManager based on you need. Please
|
|
||||||
check out the activemq-beans.xml for how to do. In this example we just use the basic ActiveMQSecurityManagerImpl which reads users/roles/passwords from the xml
|
|
||||||
file <code>activemq-users.xml</code>.
|
|
||||||
|
|
||||||
|
|
||||||
<h2>Example step-by-step</h2>
|
<h2>Example step-by-step</h2>
|
||||||
<p><i>To run the example, simply type <code>mvn verify -Pexample</code> from this directory</i></p>
|
<p><i>To run the example, simply type <code>mvn verify</code> from this directory</i></p>
|
||||||
|
|
||||||
<ol>
|
<ol>
|
||||||
<li>First we need to get an initial context so we can look-up the JMS connection factory and destination objects from JNDI. This initial context will get it's properties from the <code>client-jndi.properties</code> file in the directory <code>../common/config</code></li>
|
<li>First we need to get an initial context so we can look-up the JMS connection factory and destination objects from JNDI. This initial context will get it's properties from the <code>client-jndi.properties</code> file in the directory <code>../common/config</code></li>
|
||||||
|
|
|
@ -49,7 +49,7 @@ objectClass: simpleSecurityObject
|
||||||
objectClass: top
|
objectClass: top
|
||||||
|
|
||||||
###################
|
###################
|
||||||
## Define groups ##
|
## Define roles ##
|
||||||
###################
|
###################
|
||||||
|
|
||||||
dn: cn=user,dc=activemq,dc=org
|
dn: cn=user,dc=activemq,dc=org
|
||||||
|
|
|
@ -45,38 +45,32 @@ under the License.
|
||||||
<p>This example demonstrates how to configure users/roles, how to configure topics with proper permissions using wild-card
|
<p>This example demonstrates how to configure users/roles, how to configure topics with proper permissions using wild-card
|
||||||
expressions, and how they take effects in a simple program. </p>
|
expressions, and how they take effects in a simple program. </p>
|
||||||
|
|
||||||
<p>First we need to configure users with roles. Users and Roles are configured in <code>activemq-users.xml</code>. This example has four users
|
<p>First we need to configure users with roles. For this example, users and roles are configured in <code>artemis-users.properties</code>
|
||||||
configured as below </p>
|
and <code>artemis-roles.properties</code>. The <code>artemis-users.properties</code> file follows the syntax of
|
||||||
|
<user>=<password>. This example has four users configured as below </p>
|
||||||
|
|
||||||
<pre class="prettyprint">
|
<pre class="prettyprint">
|
||||||
<code>
|
<code>
|
||||||
<user name="bill" password="activemq">
|
bill=activemq
|
||||||
<role name="user"/>
|
andrew=activemq1
|
||||||
</user>
|
frank=activemq2
|
||||||
|
sam=activemq3
|
||||||
<user name="andrew" password="activemq1">
|
</code>
|
||||||
<role name="europe-user"/>
|
</pre>
|
||||||
<role name="user"/>
|
|
||||||
</user>
|
<p>The <code>artemis-roles.properties</code> file follows the syntax of <role>=<users> where <users> can be
|
||||||
|
a comma-separated list of users from <code>artemis-users.properties</code> (since more than one user can belong in a
|
||||||
<user name="frank" password="activemq2">
|
particular role). This example has four roles configured as below </p>
|
||||||
<role name="us-user"/>
|
|
||||||
<role name="news-user"/>
|
<pre class="prettyprint">
|
||||||
<role name="user"/>
|
<code>
|
||||||
</user>
|
user=bill,andrew,frank,sam
|
||||||
|
europe-user=andrew
|
||||||
<user name="sam" password="activemq3">
|
news-user=frank,sam
|
||||||
<role name="news-user"/>
|
us-user=frank
|
||||||
<role name="user"/>
|
|
||||||
</user>
|
|
||||||
</code>
|
</code>
|
||||||
</pre>
|
</pre>
|
||||||
|
|
||||||
<p>
|
|
||||||
Each user has three properties available: user name, password, and roles it belongs to. It should be noted that
|
|
||||||
a user can belong to more than one role. In the above configuration, all users belong to role 'user'. User 'andrew' also
|
|
||||||
belongs to role 'europe-user', user 'frank' also belongs to 'us-user' and 'news-user' and user 'sam' also belongs to 'news-user'.
|
|
||||||
</p>
|
|
||||||
<p>
|
<p>
|
||||||
User name and password consists of a valid account that can be used to establish connections to a ActiveMQ Artemis server, while
|
User name and password consists of a valid account that can be used to establish connections to a ActiveMQ Artemis server, while
|
||||||
roles are used in controlling the access privileges against ActiveMQ Artemis topics and queues. You can achieve this control by
|
roles are used in controlling the access privileges against ActiveMQ Artemis topics and queues. You can achieve this control by
|
||||||
|
@ -129,13 +123,8 @@ under the License.
|
||||||
<p>To illustrate the effect of permissions, three topics are deployed. Topic 'genericTopic' matches 'jms.topic.#' wild-card, topic 'news.europe.europeTopic' matches
|
<p>To illustrate the effect of permissions, three topics are deployed. Topic 'genericTopic' matches 'jms.topic.#' wild-card, topic 'news.europe.europeTopic' matches
|
||||||
jms.topic.news.europe.#' wild-cards, and topic 'news.us.usTopic' matches 'jms.topic.news.us.#'.</p>
|
jms.topic.news.europe.#' wild-cards, and topic 'news.us.usTopic' matches 'jms.topic.news.us.#'.</p>
|
||||||
|
|
||||||
<p>With ActiveMQ Artemis, the security manager is also configurable. You can use JAASSecurityManager or JBossASSecurityManager based on you need. Please
|
|
||||||
check out the activemq-beans.xml for how to do. In this example we just use the basic ActiveMQSecurityManagerImpl which reads users/roles/passwords from the xml
|
|
||||||
file <code>activemq-users.xml</code>.
|
|
||||||
|
|
||||||
|
|
||||||
<h2>Example step-by-step</h2>
|
<h2>Example step-by-step</h2>
|
||||||
<p><i>To run the example, simply type <code>mvn verify -Pexample</code> from this directory</i></p>
|
<p><i>To run the example, simply type <code>mvn verify</code> from this directory</i></p>
|
||||||
|
|
||||||
<ol>
|
<ol>
|
||||||
<li>First we need to get an initial context so we can look-up the JMS connection factory and destination objects from JNDI. This initial context will get it's properties from the <code>client-jndi.properties</code> file in the directory <code>../common/config</code></li>
|
<li>First we need to get an initial context so we can look-up the JMS connection factory and destination objects from JNDI. This initial context will get it's properties from the <code>client-jndi.properties</code> file in the directory <code>../common/config</code></li>
|
||||||
|
|
Loading…
Reference in New Issue