I'm using ActiveMQ Classic and I load users dynamically via a service that updates the users.properties file in my ActiveMQ installation. I use the org.apache.activemq.jaas.PropertiesLoginModule with reload=true to suit this purpose.
I'd like to add a separate list of users, now, though. I can't find any documentation on loading multiple domains.
My login.config:
users {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=True
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
};
admins {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=True
org.apache.activemq.jaas.properties.user="admins.properties"
org.apache.activemq.jaas.properties.group="admin_groups.properties";
};
In my activemq.xml, what should my jaasAuthenticationPlugin look like?
The only time you can define 2 domains is when you're using the jaasDualAuthenticationPlugin which provides the ability to specify one domain for SSL connections and another domain for non-SSL connections.
That said, you can accomplish your goal using multiple modules in the same domain, e.g.:
activemq {
org.apache.activemq.jaas.PropertiesLoginModule sufficient
debug=True
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
org.apache.activemq.jaas.PropertiesLoginModule sufficient
debug=True
org.apache.activemq.jaas.properties.user="admins.properties"
org.apache.activemq.jaas.properties.group="admin_groups.properties";
};
Notice that instead of using required the combined modules use sufficient. You can read more about these in the corresponding JavaDoc.