29.5. JAAS Security Manager
JAAS (Java Authentication and Authorization Service) is a standard part of the Java platform. It provides a common API for security authentication and authorization, allowing you to plug in your pre-built implementations.
To configure the JAAS security manager to work with your pre-built JAAS infrastructure, you need to specify the security manager as a
JAASSecurityManager
in the beans file. Here is an example:
<bean name="HornetQSecurityManager" class="org.hornetq.integration.jboss.security.JAASSecurityManager"> <start ignored="true"/> <stop ignored="true"/> <property name="ConfigurationName">org.hornetq.jms.example.ExampleLoginModule</property> <property name="Configuration"> <inject bean="ExampleConfiguration"/> </property> <property name="CallbackHandler"> <inject bean="ExampleCallbackHandler"/> </property> </bean>
Note that you need to feed the JAAS security manager with three properties:
- ConfigurationName
- The name of the
LoginModule
implementation that JAAS must use - Configuration
- The
Configuration
implementation used by JAAS - CallbackHandler
- The
CallbackHandler
implementation to use if user interaction are required