LibraryToggle FramesPrintFeedback

JAAS Username/Password Authentication Plug-In

Overview

The JAAS username/password authentication plug-in performs login based on the JMS username/password credentials received from a client. This plug-in can be used with any JAAS login module that stores username/password credentials—for example, the properties login module or the LDAP login module.

Properties login module

The JAAS properties login module provides a simple store of authentication data, where the relevant user data is stored in a pair of flat files. This is convenient for demonstrations and testing, but for an enterprise system, the integration with LDAP is preferable (see JAAS LDAP Login Module).

The properties login module is implemented by the following class:

org.apache.activemq.jaas.PropertiesLoginModule

Defining the JAAS realm

You can define a JAAS realm by creating a corresponding login entry in a login.config file. The following PropertiesLogin login entry shows how to configure the properties login module in the login.config file:

Example 13. JAAS Login Entry for Simple Authentication

PropertiesLogin {
    org.apache.activemq.jaas.PropertiesLoginModule required
        debug=true
        org.apache.activemq.jaas.properties.user="users.properties"
        org.apache.activemq.jaas.properties.group="groups.properties";
};

In the preceding example, the JAAS realm is configured to use a single org.apache.activemq.jaas.PropertiesLoginModule login module. The options supported by this login module are as follows:

  • debug—boolean debugging flag. If true, enable debugging. This is used only for testing or debugging. Normally, it should be set to false, or omitted.

  • org.apache.activemq.jaas.properties.user—specifies the location of the user properties file (relative to the directory containing the login configuration file).

  • org.apache.activemq.jaas.properties.group—specifies the location of the group properties file (relative to the directory containing the login configuration file).

users.properties file

In the context of the properties login module, the users.properties file consists of a list of properties of the form, UserName=Password. For example, to define the users, system, user, and guest, you could create a file like the following:

system=manager
user=password
guest=password

groups.properties file

The groups.properties file consists of a list of properties of the form, Group=UserList, where UserList is a comma-separated list of users. For example, to define the groups, admins, users, and guests, you could create a file like the following:

admins=system
users=system,user
guests=guest

Specifying the login.config file location

The simplest way to make the login configuration available to JAAS is to add the directory containing the file, login.config, to your CLASSPATH. For more details, see Location of the login configuration file.

Enable the JAAS username/password authentication plug-in

To enable the JAAS username/password authentication plug-in, add the jaasAuthenticationPlugin element to the list of plug-ins in the broker configuration file, as shown:

<beans>
  <broker ...>
    ...
    <plugins>
      <jaasAuthenticationPlugin configuration="PropertiesLogin" />
    </plugins>
    ...
  </broker>
</beans>

The configuration attribute specifies the label of a login entry from the login configuration file (for example, see Example 13). In the preceding example, the PropertiesLogin login entry is selected.

Comments powered by Disqus