JAAS provides pluggable authentication, which means ActiveMQ would use the same authentication API regardless of the Techni Que used to verify user credentials (a text file, a relational database, LDAP, and so on). All that's required is an implementation
of the Javax.security.auth.spi.LoginModule interface and a configuration change to ActiveMQ. Fortunately, ActiveMQ comes with implementations of some modules, can authenticate users using properties files, LDAP, and SSL certificates, which is enough for many use cases. Because JAAS Login Modules follow a specification, one advantage of them are that they ' re relatively straightforward to con Figure. The best-of-Understand a login module is by walking through a configuration. For this task, the login module, which works with properties files would be used.
The first step in this task was to identify, the propertiesloginmodule so, ActiveMQ is made aware of it. To does so, you must create a file named Login.config that contains a standardized format for configuring JAAS user s and groups. Here is the contents of the file:
Activemq-domain { org.apache.activemq.jaas.PropertiesLoginModule required org.apache.activemq.jaas.properties.user= " Users.properties " org.apache.activemq.jaas.properties.group=" groups.properties ";};
The Login.config file shown here contains a few different items for configuring a JAAS module. The activemq-domain is the predominant item in this file and it contains all the Conf Iguration for the login module. First is the fully qualified name of the propertiesloginmodule and the trailing Notat Ion identifying it as required. This means, the authentication can ' t continue without this login module. Second is a line to enable debug logging for the login module; This is optional. Third is the Org.apache.activemq.jaas.properties.user property, which points to the file. Fourth is the Org.apache.activemq.jaas.properties.group property, which points to the file. Once This was all defined, the properties files must was created.
Note:the Propertiesloginmodule used in the is a implementation of a JAAS login module, and it comes with Active Mq.
Defining user credentials in the properties files are simple. The users.properties file defines each user in a line-delimited manner along with its password, as shown:
Admin=adminproducer=producerconsumer=consumerguest=guest
The groups.properties file defines group names in a line-delimited manner as well. But each group contains a comma-separated list of it users as shown:
Admins=adminproducers=admin,producerconsumers=admin,producer,consumerguests=guest
Once These files is created, the JAAS plug-in must is defined in the ActiveMQ XML configuration file. The following is a example of this necessary change:
... < plugins > < jaasauthenticationplugin configuration = "Activemq-domain" /> </ plugins > ...
The example is shortened for readability and only shows the necessary change to enable the JAAS login module. As can see, the Jaas plug-in only needs the name of the the Jaas domain in the login.config file. ActiveMQ would locate the Login.config file on the classpath (an alternative to . config system property for the location of the Login.config file). To test out the JAAS login module, the is just created, start up ActiveMQ using these changes. Here's the command to use:
-djava.security.auth.login.config=/home/ucm/activemq/apache-activemq-5.10.2/conf/login.config
You can also set the environment variable:
Export activemq_opts=-djava.security.auth.login.config=/home/ucm/activemq/apache-activemq-5.10.2/conf/ Login.config
The JAAS plug-in provides exactly the same functionality as the simple authentication plug-in. But it does so using the standardized Java mechanism, meaning you can use it to plug in any existing security policies Use inside your organization.
ActiveMQ (5.10.0)-Configuring the Jaas authentication Plug-in