activemq-artemis/examples/jms/jaas/readme.html

<html>
  <head>
    <title>ActiveMQ JAAS Example</title>
    <link rel="stylesheet" type="text/css" href="../common/common.css" />
    <link rel="stylesheet" type="text/css" href="../common/prettify.css" />
    <script type="text/javascript" src="../common/prettify.js"></script>
  </head>
  <body onload="prettyPrint()">
     <h1>JAAS Example</h1>

     <p>This example shows you how to configure ActiveMQ to use JAAS for security.</p>
     <p>ActiveMQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.</p>
     
     <p>
         The example will show how to configure ActiveMQ with JAAS in <a href="server0/hornetq-beans.xml">hornetq-beans.xml</a>
         (You would use <literal>hornetq-jboss-beans.xml</literal> if you are running inside JBoss Application
         Server).
         It will use a simple <code>LoginModule</code> without any user interaction.
         The example will create a connection and authenticate the user with this JAAS LoginModule, send a message
         to a queue and receive it (see the <a href="../../queue/readme.html">Queue example</a> for a complete description
         of the application code)
     </p>
     <p>Note than the example actually sets the security manager via the maven pom.xml, however for we will discuss as if
     the hornetq-beans.xml is being configured, the example beans file can be found under the <code>src/main/resources</code>
     directory</p>
     <h2>Example setup</h2>
     <p>ActiveMQ can use a JAAS security manager by specifying it in <a href="server0/hornetq-beans.xml">hornetq-beans.xml</a>:</p>
     <pre class="prettyprint">
             &lt;!-- The security manager using JAAS --&gt;
             &lt;bean name=&quot;ActiveMQSecurityManager&quot; class=&quot;org.apache.activemq.integration.jboss.security.JAASSecurityManager&quot;&gt;
             &lt;property name=&quot;configurationName&quot;&gt;org.apache.activemq.jms.example.ExampleLoginModule&lt;/property&gt;
             &lt;property name=&quot;configuration&quot;&gt;
             &lt;inject bean=&quot;ExampleConfiguration&quot;/&gt;
             &lt;/property&gt;
             &lt;property name=&quot;callbackHandler&quot;&gt;
             &lt;inject bean=&quot;ExampleCallbackHandler&quot; /&gt;
             &lt;/property&gt;
             &lt;/bean&gt;

             &lt;!-- JAAS uses a simple LoginModule where the user credentials and roles are
             specified as options in the constructor --&gt;
             &lt;bean name=&quot;ExampleConfiguration&quot; class=&quot;org.apache.activemq.jms.example.ExampleConfiguration&quot;&gt;
             &lt;constructor&gt;
             &lt;parameter&gt;org.apache.activemq.jms.example.ExampleLoginModule&lt;/parameter&gt;
             &lt;parameter&gt;
             &lt;map class=&quot;java.util.HashMap&quot; keyClass=&quot;java.lang.String&quot;
             valueClass=&quot;java.lang.String&quot;&gt;
             &lt;entry&gt;
             &lt;key&gt;user&lt;/key&gt;
             &lt;value&gt;jboss&lt;/value&gt;
             &lt;/entry&gt;
             &lt;entry&gt;
             &lt;key&gt;pass&lt;/key&gt;
             &lt;value&gt;redhat&lt;/value&gt;
             &lt;/entry&gt;
             &lt;entry&gt;
             &lt;key&gt;role&lt;/key&gt;
             &lt;value&gt;guest&lt;/value&gt;
             &lt;/entry&gt;
             &lt;/map&gt;
             &lt;/parameter&gt;
             &lt;/constructor&gt;
             &lt;/bean&gt;

             &lt;!-- the CallbackHandler does nothing as we don&apos;t have any user interaction --&gt;
             &lt;bean name=&quot;ExampleCallbackHandler&quot; class=&quot;org.apache.activemq.jms.example.ExampleCallbackHandler&quot;
             /&gt;
     </pre>
     
     <ul>
        <li>the ActiveMQSecurityManager's <code>configurationName</code> must be the name of the Java class implementing <code>LoginModule</code></li>
        <li>the <code>callbackHandler</code> property must be an implementation of <code>CallbackHandler</code>. In this example, the ExampleCallbackHandler
           does nothing since the authentication requires no user interaction</li>
        <li>the <code>configuration</code> property must be an implementation of <code>Configuration</code>. For simplicity, we pass directly the
           user credentials as options to the <code>ExampleConfiguration</code> constructor. These options will be passed to an instance
           of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat"
           and it has the role "guest". </li>
     </ul>        

     <h2>Example step-by-step</h2>
     <p><i>To run the example, simply type <code>mvn verify</code> from this directory</i></p>
     <p>The only relevant step with regard to JAAS configuration is step 4 (all the other
        steps are identical to the <a href="../../queue/readme.html">Queue example</a>).
     <ol start="4">
        <li>We create a JMS Connection with user "jboss" and password "redhat". Any other
           combination of name and password won't be valid for the ExampleLoginModule</li>
        <pre class="prettyprint">
           <code>connection = cf.createConnection("jboss", "redhat");</code>
        </pre>  
     </ol>
        
     <h2>More information</h2>
     
     <ul>
         <li>User Manual's <a href="../../../docs/user-manual/en/html_single/index.html#security">Security chapter</a></li>
     </ul>
  </body>
</html>