Chapter 10. Security Configuration

JBoss Messaging makes internal connections between nodes in order to redistribute messages between clustered destinations. These connections are made with the user name of a special reserved user whose password is specified in the property suckerPassword in the messaging and server configuration files.
The suckerPassword used by JBoss Messaging in a clustered environment is contained in the jboss-as/server/$PROFILE/deploy/messaging/messaging-jboss-beans.xml file and the messaging-service.xml file. These files contain directives that specify the encrypted suckerPassword.

Changing the Password in messaging-jboss-beans.xml

Complete this task to change the distribution placeholder password in messaging-jboss-beans.xml.

Procedure 10.1. Setting suckerPassword for JBoss Messaging

  1. Navigate to the <JBOSS_HOME>/server/<PROFILE>/deploy/messaging/ directory.
  2. Open the messaging-jboss-beans.xml file in your preferred text editor.
  3. Change the suckerPassword placeholder value from "CHANGE ME!!" to a plain text password:
    <property name="suckerPassword">CHANGE ME!!</property>
    Make note of the new password; it will be used in the next task.
  4. Save the file.

Creating the encrypted JBoss Messaging suckerPassword

Complete this task to create an encrypted suckerPassword using the JBoss Messaging SecurityUtil tool.
  1. In a terminal, change to <JBOSS_HOME>/server/<PROFILE>/deploy/messaging/.
  2. Run the following command:
    /path/to/java/executable -cp JBOSS_HOME/client/jboss-messaging-client.jar org.jboss.messaging.util.SecurityUtil PLAIN_TEXT_PASSWORD
  3. PLAIN_TEXT_PASSWORD is the password you set in messaging-jboss-beans.xml in the previous task.
    As an example:

    Example 10.1. Test Encrypted Password

    Running the following command (from the JBOSS_HOME/jboss-as/server/$PROFILE/deploy/messaging/ directory) ...
    /usr/bin/java -cp ../../../../client/jboss-messaging-client.jar org.jboss.messaging.util.SecurityUtil test
    ...produced the following encrypted password:
    key len: 14 length max: 2147483647
    Encoded password: 5e2c1ae5a618317
  4. Make note of the encrypted password output; it will be used in the next task.

Specifying an encrypted suckerPassword for JBoss Messaging

Complete this task to add an encrypted suckerPassword value to JBoss Messaging configuration files.


  1. In a text editor, open the messaging-service.xml file.
  2. Paste the encrypted password from the previous procedure into the SuckerPassword attribute:
    <attribute name="SuckerPassword">ENCRYPTED_PASSWORD</attribute>
  3. Save the messaging-service.xml file.