examples.jms.jaas.readme.html Maven / Gradle / Ivy
HornetQ JAAS Example
JAAS Example
This example shows you how to configure HornetQ to use JAAS for security.
HornetQ can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.
The example will show how to configure HornetQ with JAAS in hornetq-beans.xml
(You would use hornetq-jboss-beans.xml if you are running inside JBoss Application
Server).
It will use a simple LoginModule without any user interaction.
The example will create a connection and authenticate the user with this JAAS LoginModule, send a message
to a queue and receive it (see the Queue example for a complete description
of the application code)
Example setup
HornetQ can use a JAAS security manager by specifying it in hornetq-beans.xml:
<!-- The security manager using JAAS -->
<bean name="HornetQSecurityManager" class="org.hornetq.integration.jboss.security.JAASSecurityManager">
<property name="configurationName">org.hornetq.jms.example.ExampleLoginModule</property>
<property name="configuration">
<inject bean="ExampleConfiguration"/>
</property>
<property name="callbackHandler">
<inject bean="ExampleCallbackHandler" />
</property>
</bean>
<!-- JAAS uses a simple LoginModule where the user credentials and roles are
specified as options in the constructor -->
<bean name="ExampleConfiguration" class="org.hornetq.jms.example.ExampleConfiguration">
<constructor>
<parameter>org.hornetq.jms.example.ExampleLoginModule</parameter>
<parameter>
<map class="java.util.HashMap" keyClass="java.lang.String"
valueClass="java.lang.String">
<entry>
<key>user</key>
<value>jboss</value>
</entry>
<entry>
<key>pass</key>
<value>redhat</value>
</entry>
<entry>
<key>role</key>
<value>guest</value>
</entry>
</map>
</parameter>
</constructor>
</bean>
<!-- the CallbackHandler does nothing as we don't have any user interaction -->
<bean name="ExampleCallbackHandler" class="org.hornetq.jms.example.ExampleCallbackHandler"
/>
- the HornetQSecurityManager's
configurationName must be the name of the Java class implementing LoginModule
- the
callbackHandler property must be an implementation of CallbackHandler. In this example, the ExampleCallbackHandler
does nothing since the authentication requires no user interaction
- the
configuration property must be an implementation of Configuration. For simplicity, we pass directly the
user credentials as options to the ExampleConfiguration constructor. These options will be passed to an instance
of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat"
and it has the role "guest".
Example step-by-step
To run the example, simply type ./build.sh (or build.bat on windows) from this directory
The only relevant step with regard to JAAS configuration is step 4 (all the other
steps are identical to the Queue example).
- We create a JMS Connection with user "jboss" and password "redhat". Any other
combination of name and password won't be valid for the ExampleLoginModule
connection = cf.createConnection("jboss", "redhat");
More information
- User Manual's Security chapter