activemq-artemis/docs/migration-guide/en/authentication.md

1.8 KiB

Authentication

Now that we have our acceptors and addresses ready, it's time to deal with broker security. Artemis inherited most of the security concepts from ActiveMQ. One of the most notable differences is that ActiveMQ groups are now called roles in Artemis. Besides that things should be pretty familiar to existing ActiveMQ users. Let's start by looking into the authentication mechanisms and defining users and roles (groups).

Both ActiveMQ and Artemis use JAAS to define authentication credentials. In ActiveMQ, that's configured through the appropriate broker plugin in conf/activemq.xml

<plugins>
  <jaasAuthenticationPlugin configuration="activemq" />
</plugins>

The name of the JAAS domain is specified as a configuration parameter.

In Artemis, the same thing is achieved by defining <jaas-security> configuration in etc/bootstrap.xml

<jaas-security domain="activemq"/>

From this point on, you can go and define your users and their roles in appropriate files, like conf/users.properties and conf/groups.properties in ActiveMQ. Similarly, etc/artemis-users.properties and etc/artemis-roles.properties files are used in Artemis. These files are interchangeable, so you should be able to just copy your existing configuration over to the new broker.

If your deployment is more complicated than this and requires some advanced JAAS configuration, you'll need go and change the etc/login.config file. It's important to say that all custom JAAS modules and configuration you were using in ActiveMQ should be compatible with Artemis.

Finally, in case you're still using ActiveMQ's Simple Authentication Plugin, which defines users and groups directly in the broker's xml configuration file, you'll need to migrate to JAAS as Artemis doesn't support the similar concept.