JAAS provides pluggable authentication, which means ActiveMQ will use the same authentication API regardless of the technique used to verify user credentials (a text file, a relational database, LDAP, and so on). All that’s required is an implementation
of the javax.security.auth.spi.LoginModule interface and a configuration change to ActiveMQ. Fortunately, ActiveMQ comes with implementations of some modules that can authenticate users using properties files, LDAP, and SSL certificates, which will be enough for many use cases. Because JAAS login modules follow a specification, one advantage of them is that they’re relatively straightforward to configure. The best way to understand a login module is by walking through a configuration. For this task, the login module that works with properties files will be used.

  The first step in this task is to identify the PropertiesLoginModule so that ActiveMQ is made aware of it. To do so, you must create a file named login.config that contains a standardized format for configuring JAAS users and groups. Here are the contents of the file:

activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};

  The login.config file shown here contains a few different items for configuring a JAAS module. The activemq-domain is the predominant item in this file and it contains all the configuration for the login module. First is the fully qualified name of the PropertiesLoginModule and the trailing notation identifying it as required. This means that the authentication can’t continue without this login module. Second is a line to enable debug logging for the login module; this is optional. Third is the org.apache.activemq.jaas.properties.user property, which points to the users.properties file. Fourth is the org.apache.activemq.jaas.properties.group property, which points to the groups.properties file. Once this is all defined, the two properties files must be created.

  NOTE: The PropertiesLoginModule used in this section is an implementation of a JAAS login module, and it comes with ActiveMQ.

  Defining user credentials in the properties files is simple. The users.properties file defines each user in a line-delimited manner along with its password, as shown:

admin=admin
producer=producer
consumer=consumer
guest=guest

  The groups.properties file defines group names in a line-delimited manner as well. But each group contains a comma-separated list of its users as shown:

admins=admin
producers=admin,producer
consumers=admin,producer,consumer
guests=guest

  Once these files are created, the JAAS plug-in must be defined in the ActiveMQ XML configuration file. The following is an example of this necessary change:

...
<plugins>
<jaasAuthenticationPlugin configuration="activemq-domain" />
</plugins>
...

  The example is shortened for readability and only shows the necessary change to enable the JAAS login module. As you can see, the JAAS plug-in only needs the name of the JAAS domain in the login.config file. ActiveMQ will locate the login.config file on the classpath (an alternative to this is to use the java.security.auth.login.config system property for the location of the login.config file). To test out the JAAS login module that was just created, start up ActiveMQ using these changes. Here’s the command to use:

${ACTIVEMQ_HOME}/bin/activemq start -Djava.security.auth.login.config=/home/ucm/activemq/apache-activemq-5.10.2/conf/login.config

You can also set the environment variable:

export ACTIVEMQ_OPTS=-Djava.security.auth.login.config=/home/ucm/activemq/apache-activemq-5.10.2/conf/login.config

  The JAAS plug-in provides exactly the same functionality as the simple authentication plug-in. But it does so using the standardized Java mechanism, meaning you can use it to plug in any existing security policies you use inside your organization.

ActiveMQ(5.10.0) - Configuring the JAAS Authentication Plug-in的更多相关文章

  1. ActiveMQ(5.10.0) - Configuring the Simple Authentication Plug-in

    The easiest way to secure the broker is through the use of authentication credentials placed directl ...

  2. ActiveMQ 5.10.0 安装与配置

    先在官网下载activeMQ,我这里是5.10.0. 然后在解压在一个文件夹下即可. 我这里是:D:\apache-activemq-5.10.0-bin 然后进入bin目录:D:\apache-ac ...

  3. ActiveMQ(5.10.0) - Destination-level authorization

    To build upon authentication, consider a use case requiring more fine-grained control over clients t ...

  4. ActiveMQ(5.10.0) - Building a custom security plug-in

    If none of any built-in security mechanisms works for you, you can always build your own. Though the ...

  5. ActiveMQ(5.10.0) - Spring Support

    Maven Dependency: <dependencies> <dependency> <groupId>org.apache.activemq</gro ...

  6. ActiveMQ(5.10.0) - 删除闲置的队列或主题

    方法一 通过 ActiveMQ Web 控制台删除. 方法二 通过 Java 代码删除. ActiveMQConnection.destroyDestination(ActiveMQDestinati ...

  7. ActiveMQ(5.10.0) - Connection Configuration URI

    An Apache ActiveMQ connection can be configured by explicitly setting properties on the ActiveMQConn ...

  8. ActiveMQ(5.10.0) - hello world

    Sending a JMS message public class MyMessageProducer { ... // 创建连接工厂实例 ConnectionFactory connFactory ...

  9. ActiveMQ(5.10.0) - 使用 JDBC 持久化消息

    1. 编辑 ACTIVEMQ_HOME/conf/activemq.xml. <beans> <broker brokerName="localhost" per ...

随机推荐

  1. 在线的JSON formate工具

    一个非常好的json formate工具 可以很容易发现json的错误,以及对json进行格式化 https://jsonformatter.curiousconcept.com/

  2. UVaLive 7361 Immortal Porpoises (矩阵快速幂)

    题意:求Fibonacci的第 n 项. 析:矩阵快速幂,如果不懂请看http://www.cnblogs.com/dwtfukgv/articles/5595078.html 是不是很好懂呢. 代码 ...

  3. VC的文件操作

    各种关于文件的操作在程序设计中是十分常见,如果能对其各种操作都了如指掌,就可以根据实际情况找到最佳的解决方案,从而在较短的时间内编写出高效的代码,因而熟练的掌握文件操作是十分重要的.本文将对Visua ...

  4. Myeclipse 10.x 安装Aptana3.2 插件

    安装步骤: 1.下载aptana3.2 Eclipse Plugin插件. 下载地址:http://update1.aptana.org/studio/3.2/024747/index.html 2. ...

  5. (转)HTML5实战与剖析之触摸事件(touchstart、touchmove和touchend)

    HTML5中新添加了很多事件,但是由于他们的兼容问题不是很理想,应用实战性不是太强,所以在这里基本省略,咱们只分享应用广泛兼容不错的事件,日后随着兼容情况提升以后再陆续添加分享.今天为大家介绍的事件主 ...

  6. linux下为php添加mongodb扩展

    基于本博客yum安装的lamp环境,phpize 位于 /usr/bin,php-config 位于/usr/bin,php.ini 位于/etc/ 1.首先从http://pecl.php.net/ ...

  7. Android Developers:在命令行构建和运行

    使用Ant构建脚本构建你的应用程序有两种方式:一种用于测试/调试你的引用程序—debug模式—另一种用于构建你最终发布的包-release模式.无论你使用哪种方式构建你的应用程序,它必须在安装在模拟器 ...

  8. Meteor 加入账户系统

    Meteor 加入账户系统 我们给meteor加入一个账户系统 导入包 meteor add ian:accounts-ui-bootstrap-3 meteor add accounts-passw ...

  9. Android短信彩信收发流程(应用层)

    下图为ComposeMessageActivity中confirmSendMessageIfNeeded部分的信息发送流程.主要以接收者有效性的确认为主,然后转向sendMessage方法进行发送. ...

  10. JavaScipt call和apply用法

    转:http://www.cnblogs.com/wupeng/p/3477879.html Javascript call与apply记录 [注]:记录自己对javascript中call与appl ...