 |  |  |  |  |
| | | | |
 |  |
The JAAS simple authentication plug-in provides a light-weight authentication implementation, where the relevant user security data is stored in a pair of flat files. This is convenient for demonstrations and testing, but for an enterprise system, the integration with LDAP is preferable (see JAAS LDAP Authentication Plug-In).
The simplest way to make the login configuration available to JAAS is to add the
directory containing the file, login.config, to your CLASSPATH.
Alternatively, you can set the java.security.auth.login.config system
property at the command line, setting it to the pathname of the login configuration file
(for example, edit the bin/activemq script, adding an option of the form,
-Djava.security.auth.login.config= to the
Java command line). If you are working on the Windows platform, note that the pathname of
the login configuration file must use forward slashes, Value/, in place of
backslashes, \.
The following PropertiesLogin login entry shows how to configure JAAS
simple authentication in the login.config file:
Example 3.3. JAAS Login Entry for Simple Authentication
PropertiesLogin {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};JAAS simple authentication is configured by the
org.apache.activemq.jaas.PropertiesLoginModule login module. The options
supported by this login module are as follows:
debug—boolean debugging flag. If true, enable
debugging. This is used only for testing or debugging. Normally, it should be set to
false, or omitted.
org.apache.activemq.jaas.properties.user—specifies the location
of the user properties file (relative to the directory containing the login
configuration file).
org.apache.activemq.jaas.properties.group—specifies the
location of the group properties file (relative to the directory containing the login
configuration file).
In the context of the simple authentication plug-in, the users.properties
file consists of a list of properties of the form,
UserName=Passwordsystem, user, and
guest, you could create a file like the following:
system=manager user=password guest=password
The groups.properties file consists of a list of properties of the form,
Group=UserListUserList is a comma-separated list of users. For example,
to define the groups, admins, users, and guests,
you could create a file like the following:
admins=system users=system,user guests=guest
To enable the JAAS simple authentication plug-in, add the
jaasAuthenticationPlugin element to the list of plug-ins in the broker
configuration file, as shown:
<beans>
<broker ...>
...
<plugins>
<jaasAuthenticationPlugin configuration="PropertiesLogin" />
</plugins>
...
</broker>
</beans>The configuration attribute specifies the label of a login entry from the
login configuration file (for example, see Example 3.3). In the preceding example, the
PropertiesLogin login entry is selected.
| |  | |
 |
