JAAS Example

This example shows you how to configure JBoss Messaging to use JAAS for security.

JBoss Messaging can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.

The example will show how to configure JBoss Messaging with JAAS in jbm-jboss-beans.xml. It will use a simple LoginModule without any user interaction. The example will create a connection and authenticate the user with this JAAS LoginModule, send a message to a queue and receive it (see the Queue example for a complete description of the application code)

Example setup

JBoss Messaging can use a JAAS security manager by specifying it in jbm-jboss-beans.xml:

         
            <!-- The security manager using JAAS -->
            <bean name="JBMSecurityManager" class="org.jboss.messaging.integration.security.JAASSecurityManager">
               <property name="configurationName">org.jboss.jms.example.ExampleLoginModule</property>
               <property name="configuration">
                  <inject bean="ExampleConfiguration"/>
               </property>
               <property name="callbackHandler">
                 <inject bean="ExampleCallbackHandler" />
               </property>
            </bean>

            <!-- JAAS uses a simple LoginModule where the user credentials and roles  are
                 specified as options in the constructor -->
            <bean name="ExampleConfiguration" class="org.jboss.jms.example.ExampleConfiguration">
               <constructor>
                  <parameter>org.jboss.jms.example.ExampleLoginModule</parameter>
                  <parameter>
                    <map class="java.util.HashMap" keyClass="java.lang.String"
                                                   valueClass="java.lang.String">
                        <entry>
                           <key>user</key>
                           <value>jboss</value>
                        </entry>
                        <entry>
                           <key>pass</key>
                           <value>redhat</value>
                        </entry>
                        <entry>
                           <key>role</key>
                           <value>guest</value>
                        </entry>
                     </map> 
                  </parameter>
               </constructor>
            </bean>

            <!-- the CallbackHandler does nothing as we don't have any user interaction -->
            <bean name="ExampleCallbackHandler" class="org.jboss.jms.example.ExampleCallbackHandler" />                             
         
     

Example step-by-step

To run the example, simply type ant from this directory

The only relevant step with regard to JAAS configuration is step 4 (all the other steps are identical to the Queue example).

  1. We create a JMS Connection with user "jboss" and password "redhat". Any other combination of name and password won't be valid for the ExampleLoginModule
  2.            connection = cf.createConnection("jboss", "redhat");
            

More information