<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html>
<head>
<title>ActiveMQ JAAS Example</title>
<link rel="stylesheet" type="text/css" href="../common/common.css" />
<link rel="stylesheet" type="text/css" href="../common/prettify.css" />
<script type="text/javascript" src="../common/prettify.js"></script>
</head>
<body onload="prettyPrint()">
<h1>JAAS Example</h1>
<p>This example shows you how to configure ActiveMQ to use JAAS for security.</p>
<p>ActiveMQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.</p>
<p>
The example will show how to configure ActiveMQ with JAAS in <a href="server0/activemq-beans.xml">activemq-beans.xml</a>
(You would use <literal>activemq-jboss-beans.xml</literal> if you are running inside JBoss Application
Server).
It will use a simple <code>LoginModule</code> without any user interaction.
The example will create a connection and authenticate the user with this JAAS LoginModule, send a message
to a queue and receive it (see the <a href="../../queue/readme.html">Queue example</a> for a complete description
of the application code)
</p>
<p>Note than the example actually sets the security manager via the maven pom.xml, however for we will discuss as if
the activemq-beans.xml is being configured, the example beans file can be found under the <code>src/main/resources</code>
directory</p>
<h2>Example setup</h2>
<p>ActiveMQ can use a JAAS security manager by specifying it in <a href="server0/activemq-beans.xml">activemq-beans.xml</a>:</p>
<pre class="prettyprint">
<!-- The security manager using JAAS -->
<bean name="ActiveMQSecurityManager" class="org.apache.activemq.integration.jboss.security.JAASSecurityManager">
<property name="configurationName">org.apache.activemq.jms.example.ExampleLoginModule</property>
<property name="configuration">
<inject bean="ExampleConfiguration"/>
</property>
<property name="callbackHandler">
<inject bean="ExampleCallbackHandler" />
</property>
</bean>
<!-- JAAS uses a simple LoginModule where the user credentials and roles are
specified as options in the constructor -->
<bean name="ExampleConfiguration" class="org.apache.activemq.jms.example.ExampleConfiguration">
<constructor>
<parameter>org.apache.activemq.jms.example.ExampleLoginModule</parameter>
<parameter>
<map class="java.util.HashMap" keyClass="java.lang.String"
valueClass="java.lang.String">
<entry>
<key>user</key>
<value>jboss</value>
</entry>
<entry>
<key>pass</key>
<value>redhat</value>
</entry>
<entry>
<key>role</key>
<value>guest</value>
</entry>
</map>
</parameter>
</constructor>
</bean>
<!-- the CallbackHandler does nothing as we don't have any user interaction -->
<bean name="ExampleCallbackHandler" class="org.apache.activemq.jms.example.ExampleCallbackHandler"
/>
</pre>
<ul>
<li>the ActiveMQSecurityManager's <code>configurationName</code> must be the name of the Java class implementing <code>LoginModule</code></li>
<li>the <code>callbackHandler</code> property must be an implementation of <code>CallbackHandler</code>. In this example, the ExampleCallbackHandler
does nothing since the authentication requires no user interaction</li>
<li>the <code>configuration</code> property must be an implementation of <code>Configuration</code>. For simplicity, we pass directly the
user credentials as options to the <code>ExampleConfiguration</code> constructor. These options will be passed to an instance
of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat"
and it has the role "guest". </li>
</ul>
<h2>Example step-by-step</h2>
<p><i>To run the example, simply type <code>mvn verify</code> from this directory</i></p>
<p>The only relevant step with regard to JAAS configuration is step 4 (all the other
steps are identical to the <a href="../../queue/readme.html">Queue example</a>).
<ol start="4">
<li>We create a JMS Connection with user "jboss" and password "redhat". Any other
combination of name and password won't be valid for the ExampleLoginModule</li>
<pre class="prettyprint">
<code>connection = cf.createConnection("jboss", "redhat");</code>
</pre>
</ol>
<h2>More information</h2>
<ul>
<li>User Manual's <a href="../../../docs/user-manual/en/html_single/index.html#security">Security chapter</a></li>
</ul>
</body>
</html>
1d022fe474