activemq-classicjaas

Load multiple domains in ActiveMQ with jaasAuthenticationPlugin


I'm using ActiveMQ Classic and I load users dynamically via a service that updates the users.properties file in my ActiveMQ installation. I use the org.apache.activemq.jaas.PropertiesLoginModule with reload=true to suit this purpose.

I'd like to add a separate list of users, now, though. I can't find any documentation on loading multiple domains.

My login.config:

users {
    org.apache.activemq.jaas.PropertiesLoginModule required
        debug=True
        org.apache.activemq.jaas.properties.user="users.properties"
        org.apache.activemq.jaas.properties.group="groups.properties"
        reload=true;
};
admins {
    org.apache.activemq.jaas.PropertiesLoginModule required
        debug=True
        org.apache.activemq.jaas.properties.user="admins.properties"
        org.apache.activemq.jaas.properties.group="admin_groups.properties";
};

In my activemq.xml, what should my jaasAuthenticationPlugin look like?


Solution

  • The only time you can define 2 domains is when you're using the jaasDualAuthenticationPlugin which provides the ability to specify one domain for SSL connections and another domain for non-SSL connections.

    That said, you can accomplish your goal using multiple modules in the same domain, e.g.:

    activemq {
        org.apache.activemq.jaas.PropertiesLoginModule sufficient
            debug=True
            org.apache.activemq.jaas.properties.user="users.properties"
            org.apache.activemq.jaas.properties.group="groups.properties"
            reload=true;
        org.apache.activemq.jaas.PropertiesLoginModule sufficient
            debug=True
            org.apache.activemq.jaas.properties.user="admins.properties"
            org.apache.activemq.jaas.properties.group="admin_groups.properties";
    };
    

    Notice that instead of using required the combined modules use sufficient. You can read more about these in the corresponding JavaDoc.