Configuration file: ACTIVEMQ_HOME/conf/activemq.xml
Here’s a sample snippet to show you how authentication / authorization can be handled in ActiveMQ.
. . .
<
plugins
>
<
simpleAuthenticationPlugin
>
<
users
>
<
authenticationUser
username
=
"sa"
password
=
"manager"
groups
=
"producers,consumers,admins"
/>
<
authenticationUser
username
=
"frontend"
password
=
"manager"
groups
=
"producers,consumers"
/>
<
authenticationUser
username
=
"backend"
password
=
"manager"
groups
=
"consumers"
/>
</
users
>
</
simpleAuthenticationPlugin
>
<
authorizationPlugin
>
<
map
>
<
authorizationMap
>
<
authorizationEntries
>
<
authorizationEntry
queue=">" write="producers" read="consumers" admin="admins" />
</
authorizationEntries
>
</
authorizationMap
>
</
map
>
</
authorizationPlugin
>
</
plugins
>
. . .
For advanced users – ActiveMQ provides pluggable security through various different providers. Have a look at http://activemq.apache.org/security.html
ActiveMQ 4.x and greater provides pluggable security through various different providers.
The most common providers are
- JAAS for authentication
- a default authorization mechanism using a simple XML configuration file.
Authentication
The default JAAS plugin relies on the standard JAAS mechanism for authentication. Refer to the documentation for more detail.
Typically you configure JAAS using a config file like this one and set the java.security.auth.login.config system property to point to it. If no system property is specified then by default the ActiveMQ JAAS plugin will look for login.config on the classpath and use that.
Authentication Example
Here is an example login.config which then points to these files
Note: Until version 5.11.1, these property files got reloaded on every authentication request by default. So updates to users, password and groups were loaded immediately. From 5.12 onward they only get reloaded if reload=true is set in your LoginModule configuration, e.g.
If reload=true is not set, these property files get loaded on broker startup only!! See AMQ-5876 for details.
Simple Authentication Plugin
If you have modest authentication requirements (or just want to quickly set up your testing environment) you can use SimpleAuthenticationPlugin. With this plugin you can define users and groups directly in the broker's XML configuration. Take a look at the following snippet for example:
Users and groups defined in this way can be later used with the appropriate authorization plugin.