红帽全球峰会Fuse 6 is no longer supported
As of February 2025, Red Hat Fuse 6 is no longer supported. If you are using Fuse 6, please upgrade to Red Hat build of Apache Camel.此内容没有您所选择的语言版本。
4.2. Broker JAAS Authentication
Overview
复制链接链接已复制到粘贴板!
The Java Authentication and Authorization Service (JAAS) provides a general framework for implementing authentication and authorization in Java applications. In the context of Apache ActiveMQ, the main purpose of JAAS is to implement authentication of JMS credentials (which consist of a username and a password). In contrast to SSL/TLS security, which is mainly used to verify a broker's identity, the JAAS authentication mechanism verifies client identities.
For more background information about the JAAS framework, see the JAAS Reference Guide.
JAAS realms
复制链接链接已复制到粘贴板!
A JAAS realm is essentially an instance of a login module that provides access to a repository of authentication data. Different JAAS realms provide access to different repositories of authentication data and might perform authentication in different ways.
Standalone applications typically define a JAAS realm by creating an entry in a JAAS login configuration file. Applications deployed in the OSGi container, on the other hand, must define a JAAS realm using a special Apache Karaf schema in a blueprint file (as described in Section 2.1.2, “Defining JAAS Realms”).
How to define JAAS realms
复制链接链接已复制到粘贴板!
If you need to define your own JAAS realm for an application deployed in the OSGi container, you must use the Apache Karaf JAAS schema,
http://karaf.apache.org/xmlns/jaas/v1.0.0. For details, see Section 2.1, “JAAS Authentication”.
The karaf realm
复制链接链接已复制到粘贴板!
The OSGi container has a predefined JAAS realm, the
karaf realm, which you can also use in your applications See Section 1.1, “OSGi Container Security”.
Configuring JAAS authentication for JMS credentials
复制链接链接已复制到粘贴板!
To authenticate JMS credentials, use Red Hat JBoss A-MQ's
jaasAuthenticationPlugin plug-in, which can be configured as follows:
The
jaasAuthenticationPlugin plug-in is intended for use with any kind of username/password credentials and can be used in combination with the pre-defined karaf realm or with a realm defined using the LDAP login module.
Configuring JAAS authentication for X.509 certificates
复制链接链接已复制到粘贴板!
If the broker uses SSL/TLS, you could also authenticate the received client certificate using Red Hat JBoss A-MQ's
jaasCertificateAuthenticationPlugin plug-in, which can be configured as follows:
The
jaasCertificateAuthenticationPlugin plug-in is only intended for use with X.509 certificate credentials and must be used in combination with a realm defined using the TextFileCertificateLoginModule login module. For more details, see the Security Guide from the JBoss A-MQ library.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}