Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

4.3. Tutorial II: JAAS Authentication

Overview
Copy link

This tutorial shows you how to enable JAAS authentication on a broker installed in the OSGi container. Instead of creating a local instance of a JAAS realm (as you would for a standalone broker), the broker exploits Red Hat JBoss Fuse's support for container-wide JAAS realms, as shown in Figure 1.1, “OSGi Container Security Architecture”.
After the broker is secured by JAAS authentication, you can test it using the sample JMS clients from the standalone Red Hat JBoss A-MQ distribution. The JMS clients must first be modified, however, to provide the requisite username/password JMS credentials.

Prerequisites
Copy link

This tutorial part builds on Section 4.1, “Tutorial I: SSL/TLS Security”. All of the prerequisites from the section called “Prerequisites” apply here and you must complete the previous tutorial part before proceeding.

Tutorial steps
Copy link

To configure JAAS security for a broker deployed in the OSGi container, perform the following steps:
  1. the section called “Configure the broker with the karaf realm”.
  2. the section called “Customize the users.properties file”.
  3. the section called “Build the broker bundle”.
  4. the section called “Deploy the broker bundle”.
  5. the section called “Specify JMS credentials for the consumer and the producer clients”.
  6. the section called “Run the consumer with JMS credentials”.
  7. the section called “Run the producer with JMS credentials”.
  8. the section called “Uninstall the broker bundle”.

Configure the broker with the karaf realm
Copy link

Configure the broker to authenticate JMS username/password credentials by checking them against the karaf JAAS realm. In the Maven project, edit the broker-spring.xml file, adding the plugins element, as highlighted in the following XML sample: 
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core-5.4.0.xsd">

    <broker xmlns="http://activemq.apache.org/schema/core" brokerName="simple-spring">
        <plugins>
            <jaasAuthenticationPlugin configuration="karaf"/>
        </plugins>
        <sslContext>
            <sslContext
                keyStore="classpath:conf/broker.ks"
                keyStorePassword="password"
                trustStore="classpath:conf/broker.ts"
                trustStorePassword="password"
                />
        </sslContext>
        <transportConnectors>
            <transportConnector name="openwire" uri="ssl://localhost:61001"/>
        </transportConnectors>
    </broker>

</beans>
Copy to Clipboard Toggle word wrap

Customize the users.properties file
Copy link

The karaf JAAS realm can be administered by editing the InstallDir/etc/users.properties file, where the file contains entries in the following format: 
Username=Password,Role1,Role2,...
Copy to Clipboard Toggle word wrap
For example, the default users.properties file shows a sample entry (which is commented out) for the user, smx, with password, smx, as follows: 
#smx=smx,admin
Copy to Clipboard Toggle word wrap
Customize the users.properties file by adding at least one user entry with the admin role. For example: 
Username=Password,admin
Copy to Clipboard Toggle word wrap

Build the broker bundle
Copy link

Use Maven to build the broker bundle. Open a command prompt, switch the current directory to ProjectDir/esb-security, and then enter the following command: 
mvn clean install
Copy to Clipboard Toggle word wrap

Deploy the broker bundle
Copy link

If you have not already done so, start up the Apache ServiceMix console (and container instance) by entering the following command in a new command prompt: 
servicemix
Copy to Clipboard Toggle word wrap
To deploy and activate the broker bundle, enter the following console command: 
JBossFuse:karaf@root> osgi:install -s mvn:org.jbossfuse.example/esb-security
Copy to Clipboard Toggle word wrap
To test the broker configured in the OSGi container, you are going to use the example consumer tool and producer tool supplied with the standalone version of Red Hat JBoss A-MQ.
You must modify the source code for the consumer and the producer clients in order to specify their JMS credentials.
To specify the JMS credentials for the consumer tool, edit the ActiveMQInstallDir/example/src/ConsumerTool.java file with your favorite text editor, setting the user and password strings, as shown. These strings are ultimately passed as arguments to the ActiveMQConnectionFactory.createConnection() method. 
// Java
// ConsumerTool
...
public void run() {
  ...
  try {
    user = "smx";
    password = "smx";
    ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(user, password, url);
    ...
}
Copy to Clipboard Toggle word wrap
To specify the JMS credentials for the producer tool, edit the ActiveMQInstallDir/example/src/ProducerTool.java file with your favorite text editor, setting the user and password strings, as shown. 
// Java
// ProducerTool
...
public void run() {
  ...
  try {
    user = "smx";
    password = "smx";
    ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(user, password, url);
    ...
}
Copy to Clipboard Toggle word wrap

Run the consumer with JMS credentials
Copy link

To connect the consumer tool to the ssl://localhost:61001 endpoint, change directory to ActiveMQInstallDir/example and enter the following command: 
ant consumer -Durl=ssl://localhost:61001 -Dmax=100
Copy to Clipboard Toggle word wrap
You should see some output like the following: 
Buildfile: build.xml
init:
compile:
consumer:
     [echo] Running consumer against server at $url = ssl://localhost:61001 for subject $subject = TEST.FOO
     [java] Connecting to URL: ssl://localhost:61001
     [java] Consuming queue: TEST.FOO
     [java] Using a non-durable subscription
     [java] We are about to wait until we consume: 100 message(s) then we will shutdown
Copy to Clipboard Toggle word wrap

Run the producer with JMS credentials
Copy link

To connect the producer tool to the ssl://localhost:61001 endpoint, open a new command prompt, change directory to example and enter the following command: 
ant producer -Durl=ssl://localhost:61001 -Dmax=100
Copy to Clipboard Toggle word wrap
In the window where the consumer tool is running, you should see some output like the following: 
     [java] Received: Message: 0 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
     [java] Received: Message: 1 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
     [java] Received: Message: 2 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
     [java] Received: Message: 3 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
Copy to Clipboard Toggle word wrap

Uninstall the broker bundle
Copy link

To uninstall the broker bundle, you need to know its bundle ID, BundleID, in which case you can uninstall it by entering the following console command: 
JBossFuse:karaf@root> osgi:uninstall BundleID
Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat