<html>
<head>
<title>ActiveMQ JAAS Example</title>
<link rel="stylesheet" type="text/css" href="../common/common.css" />
<link rel="stylesheet" type="text/css" href="../common/prettify.css" />
<script type="text/javascript" src="../common/prettify.js"></script>
</head>
<body onload="prettyPrint()">
<h1>JAAS Example</h1>
<p>This example shows you how to configure ActiveMQ to use JAAS for security.</p>
<p>ActiveMQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.</p>
<p>
The example will show how to configure ActiveMQ with JAAS in <a href="server0/activemq-beans.xml">activemq-beans.xml</a>
(You would use <literal>activemq-jboss-beans.xml</literal> if you are running inside JBoss Application
Server).
It will use a simple <code>LoginModule</code> without any user interaction.
The example will create a connection and authenticate the user with this JAAS LoginModule, send a message
to a queue and receive it (see the <a href="../../queue/readme.html">Queue example</a> for a complete description
of the application code)
</p>
<p>Note than the example actually sets the security manager via the maven pom.xml, however for we will discuss as if
the activemq-beans.xml is being configured, the example beans file can be found under the <code>src/main/resources</code>
directory</p>
<h2>Example setup</h2>
<p>ActiveMQ can use a JAAS security manager by specifying it in <a href="server0/activemq-beans.xml">activemq-beans.xml</a>:</p>
<pre class="prettyprint">
<!-- The security manager using JAAS -->
<bean name="ActiveMQSecurityManager" class="org.apache.activemq.integration.jboss.security.JAASSecurityManager">
<property name="configurationName">org.apache.activemq.jms.example.ExampleLoginModule</property>
<property name="configuration">
<inject bean="ExampleConfiguration"/>
</property>
<property name="callbackHandler">
<inject bean="ExampleCallbackHandler" />
</property>
</bean>
<!-- JAAS uses a simple LoginModule where the user credentials and roles are
specified as options in the constructor -->
<bean name="ExampleConfiguration" class="org.apache.activemq.jms.example.ExampleConfiguration">
<constructor>
<parameter>org.apache.activemq.jms.example.ExampleLoginModule</parameter>
<parameter>
<map class="java.util.HashMap" keyClass="java.lang.String"
valueClass="java.lang.String">
<entry>
<key>user</key>
<value>jboss</value>
</entry>
<entry>
<key>pass</key>
<value>redhat</value>
</entry>
<entry>
<key>role</key>
<value>guest</value>
</entry>
</map>
</parameter>
</constructor>
</bean>
<!-- the CallbackHandler does nothing as we don't have any user interaction -->
<bean name="ExampleCallbackHandler" class="org.apache.activemq.jms.example.ExampleCallbackHandler"
/>
</pre>
<ul>
<li>the ActiveMQSecurityManager's <code>configurationName</code> must be the name of the Java class implementing <code>LoginModule</code></li>
<li>the <code>callbackHandler</code> property must be an implementation of <code>CallbackHandler</code>. In this example, the ExampleCallbackHandler
does nothing since the authentication requires no user interaction</li>
<li>the <code>configuration</code> property must be an implementation of <code>Configuration</code>. For simplicity, we pass directly the
user credentials as options to the <code>ExampleConfiguration</code> constructor. These options will be passed to an instance
of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat"
and it has the role "guest". </li>
</ul>
<h2>Example step-by-step</h2>
<p><i>To run the example, simply type <code>mvn verify</code> from this directory</i></p>
<p>The only relevant step with regard to JAAS configuration is step 4 (all the other
steps are identical to the <a href="../../queue/readme.html">Queue example</a>).
<ol start="4">
<li>We create a JMS Connection with user "jboss" and password "redhat". Any other
combination of name and password won't be valid for the ExampleLoginModule</li>
<pre class="prettyprint">
<code>connection = cf.createConnection("jboss", "redhat");</code>
</pre>
</ol>
<h2>More information</h2>
<ul>
<li>User Manual's <a href="../../../docs/user-manual/en/html_single/index.html#security">Security chapter</a></li>
</ul>
</body>
</html>