29.3. Basic user credentials
HornetQ ships with a security manager implementation that reads user credentials (user names and passwords), and role information from the
hornetq-users.properties
and hornetq-users.roles
files. These files are both located in the /conf/props/
directory within the profile you wish to run.
User credentials, and roles, can easily be added into these files.
Example 29.1, “hornetq-users.properties example file” and Example 29.2, “hornetq-users.roles example file” contain four users. Each user is specified in both the .properties and .roles files.
Following the syntax in each file's comments, you assign each user a unique password and attach roles to each user to control what parts of HornetQ they can change.
Example 29.1. hornetq-users.properties example file
# # user=password # guest=guest tim=marmite andy=doner_kebab jeff=camembert
Example 29.2. hornetq-users.roles example file
# # user=role1,role2,... # guest=guest tim=admin andy=admin,guest jeff=europe-users,guest
The first thing to note is the guest user defined in both files. A user is classed as a guest when the client does not specify a user name/password when creating a session. In this case they will be the user guest and have the role also called guest. Multiple roles can be specified for a default user.
We then have three more users: tim, who has the role admin; andy, who has the roles admin and guest; and jeff, who has the roles europe-users and guest.