 |  |  |  |  |
| | | | |
 |  |
This section describes how to configure LDAP authentication in the broker, so that it can authenticate incoming credentials based on user entries stored in the X.500 directory server. The tutorial concludes by showing how to program credentials in Java clients and by running an end-to-end demonstration using the consumer and producer tools.
Perform the following steps to enable LDAP authentication:
Create the login configuration file. Using a text editor, create the file,
login.conf under the directory, $ACTIVEMQ_HOME/conf. Paste
the following text into the login.conf file:
LDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://localhost:10389"
connectionUsername="uid=admin,ou=system"
connectionPassword=secret
connectionProtocol=""
authentication=simple
userBase="ou=users,ou=system"
userSearchMatching="(uid={0})"
userSearchSubtree=false
roleSearchMatching="(uid={1})"
;
};Where these settings assume that the broker connects to a default instance of the
Apache Directory Server running on the local host. The account with username,
uid=admin,ou=system, and password, secret, is the default
administration account created by the Apache server.
Add the LDAP authentication plug-in to the broker configuration. Open the broker
configuration file, $ACTIVEMQ_HOME/conf/activemq.xml, with a text editor
and add the jaasAuthenticationPlugin element, as follows:
<beans>
<broker ...>
...
<plugins>
<jaasAuthenticationPlugin configuration="LDAPLogin" />
</plugins>
...
</broker>
</beans>The value of the configuration attribute, LDAPLogin, references the
login entry from the login.conf file.
Comment out the mediation router elements in the broker configuration. Open the
broker configuration file and comment out the camelContext element as
follows:
<beans>
<broker ...>
...
</broker>
<!--
<camelContext>
...
</camelContext>
-->
...
</beans>The Camel route is not used in the current tutorial. If you left it enabled, you would have to supply it with appropriate username/password credentials, because it acts as a broker client.
Add username/password credentials to the consumer tool. Edit the file,
example/src/ConsumerTool.java, search for the line that creates a new
ActiveMQConnectionFactory instance, and just before this line, set the
credentials, user and password, as shown:
// Java
...
public void run() {
...
user = "jdoe";
password = "secret";
ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(user, password, url);
...
}Add username/password credentials to the producer tool. Edit the file,
example/src/ProducerTool.java, search for the line that creates a new
ActiveMQConnectionFactory instance, and just before this line, set the
credentials, user and password, just as you did for the
consumer tool.
Ensure that the X.500 directory server is running. If necessary, manually restart the X.500 directory server. If the server is not running, all broker connections will fail.
Run the broker. Open a new command prompt and start the broker by entering the following command:
activemq
Run the consumer client. Open a new command prompt, change directory to
example and enter the following Ant command:
ant consumer -Durl=tcp://localhost:61616 -Dmax=100
Run the producer client. Open a new command prompt, change directory to
example and enter the following Ant command:
ant producer -Durl=tcp://localhost:61616
Perform a negative test. Edit one of the client source files (for example,
ConsumerTool.java) and change the credentials (username and password) to
some invalid values. Now, if you re-run the client, you will get an authentication
error.
| |  | |
 |
