Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

4.3. Tutorial II: JAAS Authentication

Overview
Copiar enlace

This tutorial shows you how to enable JAAS authentication on a broker installed in the OSGi container. Instead of creating a local instance of a JAAS realm (as you would for a standalone broker), the broker exploits Red Hat JBoss Fuse's support for container-wide JAAS realms, as shown in Figure 1.1, “OSGi Container Security Architecture”.
After the broker is secured by JAAS authentication, you can test it using the sample JMS clients from the standalone Red Hat JBoss A-MQ distribution. The JMS clients must first be modified, however, to provide the requisite username/password JMS credentials.

Prerequisites
Copiar enlace

This tutorial part builds on Section 4.1, “Tutorial I: SSL/TLS Security”. All of the prerequisites from the section called “Prerequisites” apply here and you must complete the previous tutorial part before proceeding.

Tutorial steps
Copiar enlace

To configure JAAS security for a broker deployed in the OSGi container, perform the following steps:
  1. the section called “Configure the broker with the karaf realm”.
  2. the section called “Customize the users.properties file”.
  3. the section called “Build the broker bundle”.
  4. the section called “Deploy the broker bundle”.
  5. the section called “Specify JMS credentials for the consumer and the producer clients”.
  6. the section called “Run the consumer with JMS credentials”.
  7. the section called “Run the producer with JMS credentials”.
  8. the section called “Uninstall the broker bundle”.

Configure the broker with the karaf realm
Copiar enlace

Configure the broker to authenticate JMS username/password credentials by checking them against the karaf JAAS realm. In the Maven project, edit the broker-spring.xml file, adding the plugins element, as highlighted in the following XML sample: 
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core-5.4.0.xsd">

    <broker xmlns="http://activemq.apache.org/schema/core" brokerName="simple-spring">
        <plugins>
            <jaasAuthenticationPlugin configuration="karaf"/>
        </plugins>
        <sslContext>
            <sslContext
                keyStore="classpath:conf/broker.ks"
                keyStorePassword="password"
                trustStore="classpath:conf/broker.ts"
                trustStorePassword="password"
                />
        </sslContext>
        <transportConnectors>
            <transportConnector name="openwire" uri="ssl://localhost:61001"/>
        </transportConnectors>
    </broker>

</beans>
Copy to Clipboard Toggle word wrap

Customize the users.properties file
Copiar enlace

The karaf JAAS realm can be administered by editing the InstallDir/etc/users.properties file, where the file contains entries in the following format: 
Username=Password,Role1,Role2,...
Copy to Clipboard Toggle word wrap
For example, the default users.properties file shows a sample entry (which is commented out) for the user, smx, with password, smx, as follows: 
#smx=smx,admin
Copy to Clipboard Toggle word wrap
Customize the users.properties file by adding at least one user entry with the admin role. For example: 
Username=Password,admin
Copy to Clipboard Toggle word wrap

Build the broker bundle
Copiar enlace

Use Maven to build the broker bundle. Open a command prompt, switch the current directory to ProjectDir/esb-security, and then enter the following command: 
mvn clean install
Copy to Clipboard Toggle word wrap

Deploy the broker bundle
Copiar enlace

If you have not already done so, start up the Apache ServiceMix console (and container instance) by entering the following command in a new command prompt: 
servicemix
Copy to Clipboard Toggle word wrap
To deploy and activate the broker bundle, enter the following console command: 
JBossFuse:karaf@root> osgi:install -s mvn:org.jbossfuse.example/esb-security
Copy to Clipboard Toggle word wrap

Specify JMS credentials for the consumer and the producer clients
Copiar enlace

To test the broker configured in the OSGi container, you are going to use the example consumer tool and producer tool supplied with the standalone version of Red Hat JBoss A-MQ.
You must modify the source code for the consumer and the producer clients in order to specify their JMS credentials.
To specify the JMS credentials for the consumer tool, edit the ActiveMQInstallDir/example/src/ConsumerTool.java file with your favorite text editor, setting the user and password strings, as shown. These strings are ultimately passed as arguments to the ActiveMQConnectionFactory.createConnection() method. 
// Java
// ConsumerTool
...
public void run() {
  ...
  try {
    user = "smx";
    password = "smx";
    ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(user, password, url);
    ...
}
Copy to Clipboard Toggle word wrap
To specify the JMS credentials for the producer tool, edit the ActiveMQInstallDir/example/src/ProducerTool.java file with your favorite text editor, setting the user and password strings, as shown. 
// Java
// ProducerTool
...
public void run() {
  ...
  try {
    user = "smx";
    password = "smx";
    ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(user, password, url);
    ...
}
Copy to Clipboard Toggle word wrap

Run the consumer with JMS credentials
Copiar enlace

To connect the consumer tool to the ssl://localhost:61001 endpoint, change directory to ActiveMQInstallDir/example and enter the following command: 
ant consumer -Durl=ssl://localhost:61001 -Dmax=100
Copy to Clipboard Toggle word wrap
You should see some output like the following: 
Buildfile: build.xml
init:
compile:
consumer:
     [echo] Running consumer against server at $url = ssl://localhost:61001 for subject $subject = TEST.FOO
     [java] Connecting to URL: ssl://localhost:61001
     [java] Consuming queue: TEST.FOO
     [java] Using a non-durable subscription
     [java] We are about to wait until we consume: 100 message(s) then we will shutdown
Copy to Clipboard Toggle word wrap

Run the producer with JMS credentials
Copiar enlace

To connect the producer tool to the ssl://localhost:61001 endpoint, open a new command prompt, change directory to example and enter the following command: 
ant producer -Durl=ssl://localhost:61001 -Dmax=100
Copy to Clipboard Toggle word wrap
In the window where the consumer tool is running, you should see some output like the following: 
     [java] Received: Message: 0 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
     [java] Received: Message: 1 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
     [java] Received: Message: 2 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
     [java] Received: Message: 3 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
Copy to Clipboard Toggle word wrap

Uninstall the broker bundle
Copiar enlace

To uninstall the broker bundle, you need to know its bundle ID, BundleID, in which case you can uninstall it by entering the following console command: 
JBossFuse:karaf@root> osgi:uninstall BundleID
Copy to Clipboard Toggle word wrap
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat