Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

4.2. Broker JAAS Authentication

Overview
Copiar enlace

The Java Authentication and Authorization Service (JAAS) provides a general framework for implementing authentication and authorization in Java applications. In the context of Apache ActiveMQ, the main purpose of JAAS is to implement authentication of JMS credentials (which consist of a username and a password). In contrast to SSL/TLS security, which is mainly used to verify a broker's identity, the JAAS authentication mechanism verifies client identities.
For more background information about the JAAS framework, see the JAAS Reference Guide.

JAAS realms
Copiar enlace

A JAAS realm is essentially an instance of a login module that provides access to a repository of authentication data. Different JAAS realms provide access to different repositories of authentication data and might perform authentication in different ways.
Standalone applications typically define a JAAS realm by creating an entry in a JAAS login configuration file. Applications deployed in the OSGi container, on the other hand, must define a JAAS realm using a special Apache Karaf schema in a blueprint file (as described in Section 2.1.2, “Defining JAAS Realms”).

How to define JAAS realms
Copiar enlace

If you need to define your own JAAS realm for an application deployed in the OSGi container, you must use the Apache Karaf JAAS schema, http://karaf.apache.org/xmlns/jaas/v1.0.0. For details, see Section 2.1, “JAAS Authentication”.

The karaf realm
Copiar enlace

The OSGi container has a predefined JAAS realm, the karaf realm, which you can also use in your applications See Section 1.1, “OSGi Container Security”.

Configuring JAAS authentication for JMS credentials
Copiar enlace

To authenticate JMS credentials, use Red Hat JBoss A-MQ's jaasAuthenticationPlugin plug-in, which can be configured as follows: 
<beans>
  <broker ...>
    ...
    <plugins>
      <jaasAuthenticationPlugin configuration="JAASRealm" />
    </plugins>
    ...
  </broker>
</beans>
Copy to Clipboard Toggle word wrap
The jaasAuthenticationPlugin plug-in is intended for use with any kind of username/password credentials and can be used in combination with the pre-defined karaf realm or with a realm defined using the LDAP login module.

Configuring JAAS authentication for X.509 certificates
Copiar enlace

If the broker uses SSL/TLS, you could also authenticate the received client certificate using Red Hat JBoss A-MQ's jaasCertificateAuthenticationPlugin plug-in, which can be configured as follows: 
<beans>
  <broker ...>
    ...
    <plugins>
      <jaasCertificateAuthenticationPlugin configuration="CertRealm" />
    </plugins>
    ...
  </broker>
</beans>
Copy to Clipboard Toggle word wrap
The jaasCertificateAuthenticationPlugin plug-in is only intended for use with X.509 certificate credentials and must be used in combination with a realm defined using the TextFileCertificateLoginModule login module. For more details, see the Security Guide from the JBoss A-MQ library.
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat