JAAS Example

This example shows you how to configure ActiveMQ to use JAAS for security.

ActiveMQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.

The example will show how to configure ActiveMQ with JAAS in activemq-beans.xml (You would use activemq-jboss-beans.xml if you are running inside JBoss Application Server). It will use a simple LoginModule without any user interaction. The example will create a connection and authenticate the user with this JAAS LoginModule, send a message to a queue and receive it (see the Queue example for a complete description of the application code)

Note than the example actually sets the security manager via the maven pom.xml, however for we will discuss as if the activemq-beans.xml is being configured, the example beans file can be found under the src/main/resources directory

Example setup

ActiveMQ can use a JAAS security manager by specifying it in activemq-beans.xml:

             <!-- The security manager using JAAS -->
             <bean name="ActiveMQSecurityManager" class="org.apache.activemq.integration.jboss.security.JAASSecurityManager">
             <property name="configurationName">org.apache.activemq.jms.example.ExampleLoginModule</property>
             <property name="configuration">
             <inject bean="ExampleConfiguration"/>
             </property>
             <property name="callbackHandler">
             <inject bean="ExampleCallbackHandler" />
             </property>
             </bean>

             <!-- JAAS uses a simple LoginModule where the user credentials and roles are
             specified as options in the constructor -->
             <bean name="ExampleConfiguration" class="org.apache.activemq.jms.example.ExampleConfiguration">
             <constructor>
             <parameter>org.apache.activemq.jms.example.ExampleLoginModule</parameter>
             <parameter>
             <map class="java.util.HashMap" keyClass="java.lang.String"
             valueClass="java.lang.String">
             <entry>
             <key>user</key>
             <value>jboss</value>
             </entry>
             <entry>
             <key>pass</key>
             <value>redhat</value>
             </entry>
             <entry>
             <key>role</key>
             <value>guest</value>
             </entry>
             </map>
             </parameter>
             </constructor>
             </bean>

             <!-- the CallbackHandler does nothing as we don't have any user interaction -->
             <bean name="ExampleCallbackHandler" class="org.apache.activemq.jms.example.ExampleCallbackHandler"
             />

the ActiveMQSecurityManager's configurationName must be the name of the Java class implementing LoginModule
the callbackHandler property must be an implementation of CallbackHandler. In this example, the ExampleCallbackHandler does nothing since the authentication requires no user interaction
the configuration property must be an implementation of Configuration. For simplicity, we pass directly the user credentials as options to the ExampleConfiguration constructor. These options will be passed to an instance of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat" and it has the role "guest".

Example step-by-step

To run the example, simply type mvn verify from this directory

The only relevant step with regard to JAAS configuration is step 4 (all the other steps are identical to the Queue example).

We create a JMS Connection with user "jboss" and password "redhat". Any other combination of name and password won't be valid for the ExampleLoginModule

           connection = cf.createConnection("jboss", "redhat");

More information

User Manual's Security chapter