29.3. Basic user credentials

HornetQ ships with a security manager implementation that reads user credentials (user names and passwords), and role information from the hornetq-users.properties and hornetq-users.roles files. These files are both located in the /conf/props/ directory within the profile you wish to run.

User credentials, and roles, can easily be added into these files.

Example 29.1, “hornetq-users.properties example file” and Example 29.2, “hornetq-users.roles example file” contain four users. Each user is specified in both the .properties and .roles files.

Following the syntax in each file's comments, you assign each user a unique password and attach roles to each user to control what parts of HornetQ they can change.

user=password

#
# user=password
#
guest=guest
tim=marmite
andy=doner_kebab
jeff=camembert

user=role1,role2,...

#
# user=role1,role2,...
#
guest=guest
tim=admin
andy=admin,guest
jeff=europe-users,guest

The first thing to note is the guest user defined in both files. A user is classed as a guest when the client does not specify a user name/password when creating a session. In this case they will be the user guest and have the role also called guest. Multiple roles can be specified for a default user.

We then have three more users: tim, who has the role admin; andy, who has the roles admin and guest; and jeff, who has the roles europe-users and guest.