Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

4.2. Broker JAAS Authentication

Overview
Link kopieren

The Java Authentication and Authorization Service (JAAS) provides a general framework for implementing authentication and authorization in Java applications. In the context of Apache ActiveMQ, the main purpose of JAAS is to implement authentication of JMS credentials (which consist of a username and a password). In contrast to SSL/TLS security, which is mainly used to verify a broker's identity, the JAAS authentication mechanism verifies client identities.
For more background information about the JAAS framework, see the JAAS Reference Guide.

JAAS realms
Link kopieren

A JAAS realm is essentially an instance of a login module that provides access to a repository of authentication data. Different JAAS realms provide access to different repositories of authentication data and might perform authentication in different ways.
Standalone applications typically define a JAAS realm by creating an entry in a JAAS login configuration file. Applications deployed in the OSGi container, on the other hand, must define a JAAS realm using a special Apache Karaf schema in a blueprint file (as described in Section 2.1.2, “Defining JAAS Realms”).

How to define JAAS realms
Link kopieren

If you need to define your own JAAS realm for an application deployed in the OSGi container, you must use the Apache Karaf JAAS schema, http://karaf.apache.org/xmlns/jaas/v1.0.0. For details, see Section 2.1, “JAAS Authentication”.

The karaf realm
Link kopieren

The OSGi container has a predefined JAAS realm, the karaf realm, which you can also use in your applications See Section 1.1, “OSGi Container Security”.

Configuring JAAS authentication for JMS credentials
Link kopieren

To authenticate JMS credentials, use Red Hat JBoss A-MQ's jaasAuthenticationPlugin plug-in, which can be configured as follows: 
<beans>
  <broker ...>
    ...
    <plugins>
      <jaasAuthenticationPlugin configuration="JAASRealm" />
    </plugins>
    ...
  </broker>
</beans>
Copy to Clipboard Toggle word wrap
The jaasAuthenticationPlugin plug-in is intended for use with any kind of username/password credentials and can be used in combination with the pre-defined karaf realm or with a realm defined using the LDAP login module.

Configuring JAAS authentication for X.509 certificates
Link kopieren

If the broker uses SSL/TLS, you could also authenticate the received client certificate using Red Hat JBoss A-MQ's jaasCertificateAuthenticationPlugin plug-in, which can be configured as follows: 
<beans>
  <broker ...>
    ...
    <plugins>
      <jaasCertificateAuthenticationPlugin configuration="CertRealm" />
    </plugins>
    ...
  </broker>
</beans>
Copy to Clipboard Toggle word wrap
The jaasCertificateAuthenticationPlugin plug-in is only intended for use with X.509 certificate credentials and must be used in combination with a realm defined using the TextFileCertificateLoginModule login module. For more details, see the Security Guide from the JBoss A-MQ library.
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat