This example shows you how to configure HornetQ to use JAAS for security.
HornetQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.
The example will show how to configure HornetQ with JAAS in hornetq-beans.xml
(You would use LoginModule
without any user interaction.
The example will create a connection and authenticate the user with this JAAS LoginModule, send a message
to a queue and receive it (see the Queue example for a complete description
of the application code)
Note than the example actually sets the security manager via the maven pom.xml, however for we will discuss as if
the hornetq-beans.xml is being configured, the example beans file can be found under the src/main/resources
directory
HornetQ can use a JAAS security manager by specifying it in hornetq-beans.xml:
<!-- The security manager using JAAS --> <bean name="HornetQSecurityManager" class="org.apache.activemq.integration.jboss.security.JAASSecurityManager"> <property name="configurationName">org.apache.activemq.jms.example.ExampleLoginModule</property> <property name="configuration"> <inject bean="ExampleConfiguration"/> </property> <property name="callbackHandler"> <inject bean="ExampleCallbackHandler" /> </property> </bean> <!-- JAAS uses a simple LoginModule where the user credentials and roles are specified as options in the constructor --> <bean name="ExampleConfiguration" class="org.apache.activemq.jms.example.ExampleConfiguration"> <constructor> <parameter>org.apache.activemq.jms.example.ExampleLoginModule</parameter> <parameter> <map class="java.util.HashMap" keyClass="java.lang.String" valueClass="java.lang.String"> <entry> <key>user</key> <value>jboss</value> </entry> <entry> <key>pass</key> <value>redhat</value> </entry> <entry> <key>role</key> <value>guest</value> </entry> </map> </parameter> </constructor> </bean> <!-- the CallbackHandler does nothing as we don't have any user interaction --> <bean name="ExampleCallbackHandler" class="org.apache.activemq.jms.example.ExampleCallbackHandler" />
configurationName
must be the name of the Java class implementing LoginModule
callbackHandler
property must be an implementation of CallbackHandler
. In this example, the ExampleCallbackHandler
does nothing since the authentication requires no user interactionconfiguration
property must be an implementation of Configuration
. For simplicity, we pass directly the
user credentials as options to the ExampleConfiguration
constructor. These options will be passed to an instance
of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat"
and it has the role "guest". To run the example, simply type mvn verify
from this directory
The only relevant step with regard to JAAS configuration is step 4 (all the other steps are identical to the Queue example).
connection = cf.createConnection("jboss", "redhat");