ConfigJBossMQLoginModule

    JBossMQ Login Module Configuration

     

    This configuration controls how users are authenticated.

    The configuration can be found in conf/login-module.xml it is just a standard configuration against

    some database tables using the DatabaseServerLoginModule.

    NOTE: The application-policy-name is configured on the Security Manager

     

    Default Configuration

        <!-- Security domain for JBossMQ -->
        <application-policy name = "jbossmq">
           <authentication>
              <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
                 flag = "required">
                 <module-option name = "unauthenticatedIdentity">guest</module-option>
                 <module-option name = "dsJndiName">java:/DefaultDS</module-option>
                 <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
                 <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
              </login-module>
           </authentication>
        </application-policy>
    

     

    Unauthenticated Identity

    The role guest is defined as the UnauthenticatedIdentity. This role is used when the jms api

    createQueueConnection() or createTopicConnection() without passing a user or password.

     

    JMS_USERS

    • USERID - the user id

    • PASSWD - the users password - you probably want to change the config to use password hashing

    • CLIENTID - used by the StateManager

     

    JMS_ROLES

    • USERID - the user

    • ROLEID - a role to which they belong

     

    NOTE: Before 3.2.4 the StateManager was used to configure security

     

        <!-- Security domain for JBossMQ -->
        <application-policy name = "jbossmq">
           <authentication>
              <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
                 flag = "required">
                 <module-option name = "unauthenticatedIdentity">guest</module-option>
                 <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
              </login-module>
           </authentication>
        </application-policy>
    

     

    jbossmq-state.xml

    This is the old configuration where authentication is done through the StateManger.

     

    Example configuration

    <StateManager>
         <Users>
              <User>
                   <Name>john</Name>
                   <Password>needle</Password>
                   <Id>DurableSubscriberExample</Id>
              </User>
         </Users>
         <Roles>
              <Role name="guest">
                   <UserName>guest</UserName>
                   <UserName>john</UserName>
              </Role>
              <Role name="subscriber">
                   <UserName>john</UserName>
              </Role>
         </Roles>
         <DurableSubscriptions>
         </DurableSubscriptions>
    </StateManager>
    

     

    Elements

    • StateManager/Users/User/Name - the name of the user

    • StateManager/Users/User/Password - the password of the user

    • StateManager/Users/User/Id - the ClientID used by the StateManger

    • StateManager/Roles/Rolename - the role name

    • StateManager/Roles/Role/UserName - the users in the role