1 Reply Latest reply on Aug 13, 2014 4:32 PM by dgrove_redhat.com

A-MQ Authentication and Authorization

vatsal12 Aug 29, 2013 4:20 AM

Hi,

I have little confusion over Authentication and Authorization in Jboss AMQ.

First consumer needs to be Authenticated to connect to broker and then need to be Authorized to push message into specific queue/topic. Right ?

How can I define both at same LDAP configuration ?

Thanks

1. Re: A-MQ Authentication and Authorization

dgrove_redhat.com Aug 13, 2014 4:32 PM (in response to vatsal12)

Both of these are done in the etc/activemq.xml file. For example, you can configure:

        <plugins>

            <jaasAuthenticationPlugin configuration="karaf" />

     <authorizationPlugin>

        <map>

              <cachedLDAPAuthorizationMap

                      connectionURL="ldap://10.0.0.153:2389"

                      connectionUsername="cn=Directory Manager"

                      connectionPassword="directory"

                      queueSearchBase="ou=queue,ou=destination,ou=activemq,ou=system,dc=redhat,dc=com"

                      topicSearchBase="ou=topic,ou=destination,ou=activemq,ou=system,dc=redhat,dc=com"

                      tempSearchBase="ou=temp,ou=destination,ou=activemq,ou=system,dc=redhat,dc=com"

                      refreshInterval="300000"

                      legacyGroupMapping="false"

                      groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"

                      userObjectClass="inetorgperson"

                      groupObjectClass="groupofuniquenames"

                      permissionGroupMemberAttribute="uniquemember"

                      userNameAttribute="uid"

                   />

               </map>

            </authorizationPlugin>

        </plugins>

to set up your authorization, then set up access control to destinations as needed.

- Doug
Actions