The JAAS username/password authentication plug-in performs login based on the JMS username/password credentials received from a client. This plug-in can be used with any JAAS login module that stores username/password credentials—for example, the properties login module or the LDAP login module.
The JAAS properties login module provides a simple store of authentication data, where the relevant user data is stored in a pair of flat files. This is convenient for demonstrations and testing, but for an enterprise system, the integration with LDAP is preferable (see JAAS LDAP Login Module).
The properties login module is implemented by the following class:
org.apache.activemq.jaas.PropertiesLoginModule
You can define a JAAS realm by creating a corresponding login entry in a
login.config
file. The following PropertiesLogin
login entry
shows how to configure the properties login module in the login.config
file:
Example 3.4. JAAS Login Entry for Simple Authentication
PropertiesLogin { org.apache.activemq.jaas.PropertiesLoginModule required debug=true org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties"; };
In the preceding example, the JAAS realm is configured to use a single
org.apache.activemq.jaas.PropertiesLoginModule
login module. The options
supported by this login module are as follows:
debug
—boolean debugging flag. Iftrue
, enable debugging. This is used only for testing or debugging. Normally, it should be set tofalse
, or omitted.org.apache.activemq.jaas.properties.user
—specifies the location of the user properties file (relative to the directory containing the login configuration file).org.apache.activemq.jaas.properties.group
—specifies the location of the group properties file (relative to the directory containing the login configuration file).
In the context of the properties login module, the users.properties
file
consists of a list of properties of the form,
.
For example, to define the users, UserName
=Password
system
, user
, and
guest
, you could create a file like the following:
system=manager user=password guest=password
The groups.properties
file consists of a list of properties of the form,
,
where Group
=UserList
UserList
is a comma-separated list of users. For example,
to define the groups, admins
, users
, and guests
,
you could create a file like the following:
admins=system users=system,user guests=guest
The simplest way to make the login configuration available to JAAS is to add the
directory containing the file, login.config
, to your CLASSPATH. For more
details, see Location of the login configuration file.
To enable the JAAS username/password authentication plug-in, add the
jaasAuthenticationPlugin
element to the list of plug-ins in the broker
configuration file, as shown:
<beans>
<broker ...>
...
<plugins>
<jaasAuthenticationPlugin configuration="PropertiesLogin" />
</plugins>
...
</broker>
</beans>
The configuration
attribute specifies the label of a login entry from the
login configuration file (for example, see Example 3.4). In the preceding example, the
PropertiesLogin
login entry is selected.