-
Language:
English
-
Language:
English
Chapter 4. User Authentication
User authentication enables you to verify the identity of users by adding usernames and assigning them to security roles. In AMQ Broker 7, this process is similar to AMQ 6. However, there are some differences in terminology, configuration file locations, and configuration syntax. Once you understand the differences, there are several methods you can use to configure user access to your broker instance.
4.1. User Authentication Changes
In both AMQ Broker 7 and AMQ 6, authentication is provided by pluggable login modules based on the Java Authentication and Authorization Service (JAAS). However, groups in AMQ 6 are now called roles in AMQ Broker 7.
In addition, the names and locations of the login modules have changed in AMQ Broker 7.
| Login Module | Location in AMQ 6 | Location in AMQ Broker 7 |
|---|---|---|
| Users |
|
|
| Roles (groups) |
|
|
The syntax for adding users and roles is also different.
- In AMQ 6
Non-privileged users could be added and assigned a password and security role in the
users.propertiesfile:USER=PASSWORD,ROLE
- In AMQ Broker 7
Users and roles are assigned in separate login modules. You add users in the
artemis-users.propertiesfile:USER=PASSWORD
You assign users to a security role in the
artemis-roles.propertiesfile:ROLE=USER
4.2. How User Authentication is Configured
You can access the AMQ 7 broker instance using the default username and password that you created when you created the broker instance. To enable additional users to access the broker instance, you can configure user authentication for the broker using any of the following methods:
| Authentication Method | Description |
|---|---|
| Guest Authentication | Enables anonymous access. In this configuration, any user who connects without credentials or with the wrong credentials will be authenticated automatically and assigned a specific user and role. For more information, see Enabling Guest Access in Configuring AMQ Broker. |
| Basic User and Password Authentication | For each user, you must define a username and password and assign a security role. Users can only access the broker instance using these credentials. For more information, see Adding Users in Configuring AMQ Broker. |
| Certificate-Based Authentication | Users are authenticated using SSL certificates. For more information, see Adding Certificate-based Authentication in Configuring AMQ Broker. |
| LDAP Authentication | Users are authenticated and authorized by checking the credentials against user data stored in a central X.500 directory server. For more information, see Using LDAP for Authentication in Configuring AMQ Broker. |
