Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

4.2. Broker JAAS Authentication

Overview
Copier lien

The Java Authentication and Authorization Service (JAAS) provides a general framework for implementing authentication and authorization in Java applications. In the context of Apache ActiveMQ, the main purpose of JAAS is to implement authentication of JMS credentials (which consist of a username and a password). In contrast to SSL/TLS security, which is mainly used to verify a broker's identity, the JAAS authentication mechanism verifies client identities.
For more background information about the JAAS framework, see the JAAS Reference Guide.

JAAS realms
Copier lien

A JAAS realm is essentially an instance of a login module that provides access to a repository of authentication data. Different JAAS realms provide access to different repositories of authentication data and might perform authentication in different ways.
Standalone applications typically define a JAAS realm by creating an entry in a JAAS login configuration file. Applications deployed in the OSGi container, on the other hand, must define a JAAS realm using a special Apache Karaf schema in a blueprint file (as described in Section 2.1.2, “Defining JAAS Realms”).

How to define JAAS realms
Copier lien

If you need to define your own JAAS realm for an application deployed in the OSGi container, you must use the Apache Karaf JAAS schema, http://karaf.apache.org/xmlns/jaas/v1.0.0. For details, see Section 2.1, “JAAS Authentication”.

The karaf realm
Copier lien

The OSGi container has a predefined JAAS realm, the karaf realm, which you can also use in your applications See Section 1.1, “OSGi Container Security”.

Configuring JAAS authentication for JMS credentials
Copier lien

To authenticate JMS credentials, use Red Hat JBoss A-MQ's jaasAuthenticationPlugin plug-in, which can be configured as follows: 
<beans>
  <broker ...>
    ...
    <plugins>
      <jaasAuthenticationPlugin configuration="JAASRealm" />
    </plugins>
    ...
  </broker>
</beans>
Copy to Clipboard Toggle word wrap
The jaasAuthenticationPlugin plug-in is intended for use with any kind of username/password credentials and can be used in combination with the pre-defined karaf realm or with a realm defined using the LDAP login module.

Configuring JAAS authentication for X.509 certificates
Copier lien

If the broker uses SSL/TLS, you could also authenticate the received client certificate using Red Hat JBoss A-MQ's jaasCertificateAuthenticationPlugin plug-in, which can be configured as follows: 
<beans>
  <broker ...>
    ...
    <plugins>
      <jaasCertificateAuthenticationPlugin configuration="CertRealm" />
    </plugins>
    ...
  </broker>
</beans>
Copy to Clipboard Toggle word wrap
The jaasCertificateAuthenticationPlugin plug-in is only intended for use with X.509 certificate credentials and must be used in combination with a realm defined using the TextFileCertificateLoginModule login module. For more details, see the Security Guide from the JBoss A-MQ library.
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat