4 security, Authentication, Simple authentication plugin – HP Integrity NonStop H-Series User Manual
Page 42
4 Security
This chapter describes the various security methods implemented in NSMQ.
Security in NSMQ consists of:
•
Authentication
•
Authorization
•
Secure Socket Layer (SSL)
Authentication
The authentication between the brokers and producers and consumers is implemented with the
combination of username and password while creating the connection. The authentication in
NSMQ is implemented using the following methods:
Simple authentication plugin
Using this plugin, you can define users and groups directly by adding a
simpleAuthenticationPlugin
element into the broker's XML configuration file. When a client
connects to a broker, it is validated with the username and password combination provided in this
file.
You can also grant anonymous access by adding the anonymousAccessAllowed attribute and
setting it to true in the simpleAuthenticationPlugin element.
To enable simpleAuthenticationPlugin, configure the
activemqNonPersistent.template
and activemqPersistent.template files located
at <NSMQ-PAX-extracted-folder>/nsmq/T0975H01<build> folder as follows:
1.
Remove the comment for the <plugins> element.
2.
Comment out the <authorizationPlugin> and the <jaasAuthenticationPlugin>
within the <plugins> element.
Now, only the <simpleAuthenticationPlugin> is enabled. The default users are as
mentioned in the activemqNonPersistent.template and
activemqPersistent.template
files. You must provide the username and password
while creating a JMS connection.
3.
By default anonymousAccessAllowed attribute of the <simpleAuthenticationPlugin>
element is set to true. This implies that a valid JMS connection can be acquired even without
user credentials. If you set this attribute to false, then only the users specified in the
<simpleAuthenticationPlugin>
element can access JMS.
The following code snippet is an example of the simpleAuthenticationPlugin.
<simpleAuthenticationPlugin anonymousAccessAllowed="true">
<users>
<authenticationUser username="nsmq.sys" password="nsmq1234" groups="users,admins"/>
<authenticationUser username="nsmq.usr" password="nsmq1234" groups="users"/>
<authenticationUser username="nsmq.guest" password="nsmq1234" groups="guests"/>
</users>
</simpleAuthenticationPlugin>
CAUTION:
If you enable anonymous access without authorization, any client can access the
broker. HP recommends that you also enable authorization when enabling anonymous access.
Java Authentication and Authorization Service (JAAS) plugin
The JAAS plugin is configured using a login configuration file, login.config. This file is located
by setting the java system property java.security.auth.login.config to point to it. If the
system property is not specified, the broker looks for the login.config file specified by the
42
Security