JAAS Example

This example shows you how to configure HornetQ to use JAAS for security.

HornetQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.

The example will show how to configure HornetQ with JAAS in hornetq-beans.xml (You would use hornetq-jboss-beans.xml if you are running inside JBoss Application Server). It will use a simple LoginModule without any user interaction. The example will create a connection and authenticate the user with this JAAS LoginModule, send a message to a queue and receive it (see the Queue example for a complete description of the application code)

Note than the example actually sets the security manager via the maven pom.xml, however for we will discuss as if the hornetq-beans.xml is being configured, the example beans file can be found under the src/main/resources directory

Example setup

HornetQ can use a JAAS security manager by specifying it in hornetq-beans.xml:

             <!-- The security manager using JAAS -->
             <bean name="HornetQSecurityManager" class="org.apache.activemq.integration.jboss.security.JAASSecurityManager">
             <property name="configurationName">org.apache.activemq.jms.example.ExampleLoginModule</property>
             <property name="configuration">
             <inject bean="ExampleConfiguration"/>
             </property>
             <property name="callbackHandler">
             <inject bean="ExampleCallbackHandler" />
             </property>
             </bean>

             <!-- JAAS uses a simple LoginModule where the user credentials and roles are
             specified as options in the constructor -->
             <bean name="ExampleConfiguration" class="org.apache.activemq.jms.example.ExampleConfiguration">
             <constructor>
             <parameter>org.apache.activemq.jms.example.ExampleLoginModule</parameter>
             <parameter>
             <map class="java.util.HashMap" keyClass="java.lang.String"
             valueClass="java.lang.String">
             <entry>
             <key>user</key>
             <value>jboss</value>
             </entry>
             <entry>
             <key>pass</key>
             <value>redhat</value>
             </entry>
             <entry>
             <key>role</key>
             <value>guest</value>
             </entry>
             </map>
             </parameter>
             </constructor>
             </bean>

             <!-- the CallbackHandler does nothing as we don't have any user interaction -->
             <bean name="ExampleCallbackHandler" class="org.apache.activemq.jms.example.ExampleCallbackHandler"
             />
     

Example step-by-step

To run the example, simply type mvn verify from this directory

The only relevant step with regard to JAAS configuration is step 4 (all the other steps are identical to the Queue example).

  1. We create a JMS Connection with user "jboss" and password "redhat". Any other combination of name and password won't be valid for the ExampleLoginModule
  2.            connection = cf.createConnection("jboss", "redhat");
            

More information