Chapter 4. User Authentication

User authentication enables you to verify the identity of users by adding usernames and assigning them to security roles. In AMQ Broker 7, this process is similar to AMQ 6. However, there are some differences in terminology, configuration file locations, and configuration syntax. Once you understand the differences, there are several methods you can use to configure user access to your broker instance.

4.1. User Authentication Changes

In both AMQ Broker 7 and AMQ 6, authentication is provided by pluggable login modules based on the Java Authentication and Authorization Service (JAAS). However, groups in AMQ 6 are now called roles in AMQ Broker 7.

In addition, the names and locations of the login modules have changed in AMQ Broker 7.

Login ModuleLocation in AMQ 6Location in AMQ Broker 7

Users

etc/users.properties

BROKER_INSTANCE_DIR/etc/artemis-users.properties

Roles (groups)

etc/groups.properties

BROKER_INSTANCE_DIR/etc/artemis-roles.properties

The syntax for adding users and roles is also different.

In AMQ 6

Non-privileged users could be added and assigned a password and security role in the users.properties file:

USER=PASSWORD,ROLE
In AMQ Broker 7

Users and roles are assigned in separate login modules. You add users in the artemis-users.properties file:

USER=PASSWORD

You assign users to a security role in the artemis-roles.properties file:

ROLE=USER

4.2. How User Authentication is Configured

You can access the AMQ 7 broker instance using the default username and password that you created when you created the broker instance. To enable additional users to access the broker instance, you can configure user authentication for the broker using any of the following methods:

Authentication MethodDescription

Guest Authentication

Enables anonymous access. In this configuration, any user who connects without credentials or with the wrong credentials will be authenticated automatically and assigned a specific user and role.

For more information, see Enabling Guest Access in Using AMQ Broker.

Basic User and Password Authentication

For each user, you must define a username and password and assign a security role. Users can only access the broker instance using these credentials.

For more information, see Adding Users in Using AMQ Broker.

Certificate-Based Authentication

Users are authenticated using SSL certificates.

For more information, see Adding Certificate-based Authentication in Using AMQ Broker.

LDAP Authentication

Users are authenticated and authorized by checking the credentials against user data stored in a central X.500 directory server.

For more information, see Using LDAP for Authentication in Using AMQ Broker.