1 Reply Latest reply on Aug 13, 2014 4:32 PM by Doug Grove

    A-MQ Authentication and Authorization

    vatsal12 Newbie

      Hi,

       

      I have little confusion over Authentication and Authorization in Jboss AMQ.

       

      First consumer needs to be Authenticated to connect to broker and then need to be Authorized to push message into specific queue/topic. Right ?


      How can I define both at same LDAP configuration ?


      Thanks

        • 1. Re: A-MQ Authentication and Authorization
          Doug Grove Newbie

          Both of these are done in the etc/activemq.xml file.  For example, you can configure:

                  <plugins>

                      <jaasAuthenticationPlugin configuration="karaf" />

           

           

               <authorizationPlugin>

                  <map>

                        <cachedLDAPAuthorizationMap

                                connectionURL="ldap://10.0.0.153:2389"

                                connectionUsername="cn=Directory Manager"

                                connectionPassword="directory"

                                queueSearchBase="ou=queue,ou=destination,ou=activemq,ou=system,dc=redhat,dc=com"

                                topicSearchBase="ou=topic,ou=destination,ou=activemq,ou=system,dc=redhat,dc=com"

                                tempSearchBase="ou=temp,ou=destination,ou=activemq,ou=system,dc=redhat,dc=com"

                                refreshInterval="300000"

                                legacyGroupMapping="false"

                                groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"

                                userObjectClass="inetorgperson"

                                groupObjectClass="groupofuniquenames"

                                permissionGroupMemberAttribute="uniquemember"

                                userNameAttribute="uid"

                             />

                         </map>

                      </authorizationPlugin>

                  </plugins>

           

          to set up your authorization, then set up access control to destinations as needed.

           

          - Doug