ConfigJBossMQLoginModule

JBossMQ Login Module Configuration

 

This configuration controls how users are authenticated.

The configuration can be found in conf/login-module.xml it is just a standard configuration against

some database tables using the DatabaseServerLoginModule.

NOTE: The application-policy-name is configured on the Security Manager

 

Default Configuration

    <!-- Security domain for JBossMQ -->
    <application-policy name = "jbossmq">
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "dsJndiName">java:/DefaultDS</module-option>
             <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
             <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
          </login-module>
       </authentication>
    </application-policy>

 

Unauthenticated Identity

The role guest is defined as the UnauthenticatedIdentity. This role is used when the jms api

createQueueConnection() or createTopicConnection() without passing a user or password.

 

JMS_USERS

  • USERID - the user id

  • PASSWD - the users password - you probably want to change the config to use password hashing

  • CLIENTID - used by the StateManager

 

JMS_ROLES

  • USERID - the user

  • ROLEID - a role to which they belong

 

NOTE: Before 3.2.4 the StateManager was used to configure security

 

    <!-- Security domain for JBossMQ -->
    <application-policy name = "jbossmq">
       <authentication>
          <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
          </login-module>
       </authentication>
    </application-policy>

 

jbossmq-state.xml

This is the old configuration where authentication is done through the StateManger.

 

Example configuration

<StateManager>
     <Users>
          <User>
               <Name>john</Name>
               <Password>needle</Password>
               <Id>DurableSubscriberExample</Id>
          </User>
     </Users>
     <Roles>
          <Role name="guest">
               <UserName>guest</UserName>
               <UserName>john</UserName>
          </Role>
          <Role name="subscriber">
               <UserName>john</UserName>
          </Role>
     </Roles>
     <DurableSubscriptions>
     </DurableSubscriptions>
</StateManager>

 

Elements

  • StateManager/Users/User/Name - the name of the user

  • StateManager/Users/User/Password - the password of the user

  • StateManager/Users/User/Id - the ClientID used by the StateManger

  • StateManager/Roles/Rolename - the role name

  • StateManager/Roles/Role/UserName - the users in the role