Version 10
Created by adrianbrock on Apr 10, 2004 11:49 PM. Last modified by adrian.brock on May 17, 2004 1:33 PM.

    JBossMQ Login Module Configuration

     

    This configuration controls how users are authenticated.

    The configuration can be found in conf/login-module.xml it is just a standard configuration against

    some database tables using the DatabaseServerLoginModule.

    NOTE: The application-policy-name is configured on the Security Manager

     

    Default Configuration

        <!-- Security domain for JBossMQ -->
    <application-policy name = "jbossmq">
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "dsJndiName">java:/DefaultDS</module-option>
             <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
             <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
          </login-module>
       </authentication>
    </application-policy>

     

    Unauthenticated Identity

    The role guest is defined as the UnauthenticatedIdentity. This role is used when the jms api

    createQueueConnection() or createTopicConnection() without passing a user or password.

     

    JMS_USERS

    • USERID - the user id

    • PASSWD - the users password - you probably want to change the config to use password hashing

    • CLIENTID - used by the StateManager

     

    JMS_ROLES

    • USERID - the user

    • ROLEID - a role to which they belong

     

    NOTE: Before 3.2.4 the StateManager was used to configure security

     

        <!-- Security domain for JBossMQ -->
    <application-policy name = "jbossmq">
       <authentication>
          <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
          </login-module>
       </authentication>
    </application-policy>

     

    jbossmq-state.xml

    This is the old configuration where authentication is done through the StateManger.

     

    Example configuration

    <StateManager>
     <Users>
          <User>
               <Name>john</Name>
               <Password>needle</Password>
               <Id>DurableSubscriberExample</Id>
          </User>
     </Users>
     <Roles>
          <Role name="guest">
               <UserName>guest</UserName>
               <UserName>john</UserName>
          </Role>
          <Role name="subscriber">
               <UserName>john</UserName>
          </Role>
     </Roles>
     <DurableSubscriptions>
     </DurableSubscriptions>
</StateManager>

     

    Elements

    • StateManager/Users/User/Name - the name of the user

    • StateManager/Users/User/Password - the password of the user

    • StateManager/Users/User/Id - the ClientID used by the StateManger

    • StateManager/Roles/Rolename - the role name

    • StateManager/Roles/Role/UserName - the users in the role

     

    3797 Views Categories: Tags: