Red Hat Summit Red Hat Summitサポートコンソール開発者トライアルの開始お問い合わせ

このコンテンツは選択した言語では利用できません。

4.3. Tutorial II: JAAS Authentication

Overview
リンクのコピー

This tutorial shows you how to enable JAAS authentication on a broker installed in the OSGi container. Instead of creating a local instance of a JAAS realm (as you would for a standalone broker), the broker exploits Red Hat JBoss Fuse's support for container-wide JAAS realms, as shown in Figure 1.1, “OSGi Container Security Architecture”.
After the broker is secured by JAAS authentication, you can test it using the sample JMS clients from the standalone Red Hat JBoss A-MQ distribution. The JMS clients must first be modified, however, to provide the requisite username/password JMS credentials.

Prerequisites
リンクのコピー

This tutorial part builds on Section 4.1, “Tutorial I: SSL/TLS Security”. All of the prerequisites from the section called “Prerequisites” apply here and you must complete the previous tutorial part before proceeding.

Tutorial steps
リンクのコピー

To configure JAAS security for a broker deployed in the OSGi container, perform the following steps:
  1. the section called “Configure the broker with the karaf realm”.
  2. the section called “Customize the users.properties file”.
  3. the section called “Build the broker bundle”.
  4. the section called “Deploy the broker bundle”.
  5. the section called “Specify JMS credentials for the consumer and the producer clients”.
  6. the section called “Run the consumer with JMS credentials”.
  7. the section called “Run the producer with JMS credentials”.
  8. the section called “Uninstall the broker bundle”.

Configure the broker with the karaf realm
リンクのコピー

Configure the broker to authenticate JMS username/password credentials by checking them against the karaf JAAS realm. In the Maven project, edit the broker-spring.xml file, adding the plugins element, as highlighted in the following XML sample: 
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core-5.4.0.xsd">

    <broker xmlns="http://activemq.apache.org/schema/core" brokerName="simple-spring">
        <plugins>
            <jaasAuthenticationPlugin configuration="karaf"/>
        </plugins>
        <sslContext>
            <sslContext
                keyStore="classpath:conf/broker.ks"
                keyStorePassword="password"
                trustStore="classpath:conf/broker.ts"
                trustStorePassword="password"
                />
        </sslContext>
        <transportConnectors>
            <transportConnector name="openwire" uri="ssl://localhost:61001"/>
        </transportConnectors>
    </broker>

</beans>
Copy to Clipboard Toggle word wrap

Customize the users.properties file
リンクのコピー

The karaf JAAS realm can be administered by editing the InstallDir/etc/users.properties file, where the file contains entries in the following format: 
Username=Password,Role1,Role2,...
Copy to Clipboard Toggle word wrap
For example, the default users.properties file shows a sample entry (which is commented out) for the user, smx, with password, smx, as follows: 
#smx=smx,admin
Copy to Clipboard Toggle word wrap
Customize the users.properties file by adding at least one user entry with the admin role. For example: 
Username=Password,admin
Copy to Clipboard Toggle word wrap

Build the broker bundle
リンクのコピー

Use Maven to build the broker bundle. Open a command prompt, switch the current directory to ProjectDir/esb-security, and then enter the following command: 
mvn clean install
Copy to Clipboard Toggle word wrap

Deploy the broker bundle
リンクのコピー

If you have not already done so, start up the Apache ServiceMix console (and container instance) by entering the following command in a new command prompt: 
servicemix
Copy to Clipboard Toggle word wrap
To deploy and activate the broker bundle, enter the following console command: 
JBossFuse:karaf@root> osgi:install -s mvn:org.jbossfuse.example/esb-security
Copy to Clipboard Toggle word wrap

Specify JMS credentials for the consumer and the producer clients
リンクのコピー

To test the broker configured in the OSGi container, you are going to use the example consumer tool and producer tool supplied with the standalone version of Red Hat JBoss A-MQ.
You must modify the source code for the consumer and the producer clients in order to specify their JMS credentials.
To specify the JMS credentials for the consumer tool, edit the ActiveMQInstallDir/example/src/ConsumerTool.java file with your favorite text editor, setting the user and password strings, as shown. These strings are ultimately passed as arguments to the ActiveMQConnectionFactory.createConnection() method. 
// Java
// ConsumerTool
...
public void run() {
  ...
  try {
    user = "smx";
    password = "smx";
    ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(user, password, url);
    ...
}
Copy to Clipboard Toggle word wrap
To specify the JMS credentials for the producer tool, edit the ActiveMQInstallDir/example/src/ProducerTool.java file with your favorite text editor, setting the user and password strings, as shown. 
// Java
// ProducerTool
...
public void run() {
  ...
  try {
    user = "smx";
    password = "smx";
    ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(user, password, url);
    ...
}
Copy to Clipboard Toggle word wrap

Run the consumer with JMS credentials
リンクのコピー

To connect the consumer tool to the ssl://localhost:61001 endpoint, change directory to ActiveMQInstallDir/example and enter the following command: 
ant consumer -Durl=ssl://localhost:61001 -Dmax=100
Copy to Clipboard Toggle word wrap
You should see some output like the following: 
Buildfile: build.xml
init:
compile:
consumer:
     [echo] Running consumer against server at $url = ssl://localhost:61001 for subject $subject = TEST.FOO
     [java] Connecting to URL: ssl://localhost:61001
     [java] Consuming queue: TEST.FOO
     [java] Using a non-durable subscription
     [java] We are about to wait until we consume: 100 message(s) then we will shutdown
Copy to Clipboard Toggle word wrap

Run the producer with JMS credentials
リンクのコピー

To connect the producer tool to the ssl://localhost:61001 endpoint, open a new command prompt, change directory to example and enter the following command: 
ant producer -Durl=ssl://localhost:61001 -Dmax=100
Copy to Clipboard Toggle word wrap
In the window where the consumer tool is running, you should see some output like the following: 
     [java] Received: Message: 0 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
     [java] Received: Message: 1 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
     [java] Received: Message: 2 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
     [java] Received: Message: 3 sent at: Thu Feb 05 09:27:43 GMT 2009  ...
Copy to Clipboard Toggle word wrap

Uninstall the broker bundle
リンクのコピー

To uninstall the broker bundle, you need to know its bundle ID, BundleID, in which case you can uninstall it by entering the following console command: 
JBossFuse:karaf@root> osgi:uninstall BundleID
Copy to Clipboard Toggle word wrap
トップに戻る
Red Hat logoGithubredditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。 最新の更新を見る.

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

Theme

© 2025 Red Hat