beautypg.com

Authorization – HP Integrity NonStop H-Series User Manual

Page 43

background image

CLASSPATH and uses it. The NSMQ default configuration provides user and group configuration
using plain-text properties file.

For more information on JAAS, see

http://docs.oracle.com/javase/7/docs/technotes/guides/

security/jaas/JAASRefGuide.html

.

Perform the following steps to configure JAAS, considering you have a custom JAAS implementation
for your Radius or LDAP server:

1.

Change the activemqNonPersistent.template and activemqPersistent.template
files prior to installation, or the
<NSMQ-Installation-folder>/<broker_name>/conf/activemq.xml

post-installation

as follows:



2.

Configure the JAAS login.config, residing in the
<NSMQ-Installation-folder>/conf/

directory, with your custom JAAS implementation

detail:

RadiusConfiguration {
com...jaas.RadiusLoginModule required
initialContextFactory=com..jndi. CtxFactory
connectionURL=""
connectionUsername=""
connectionPassword=



;
};

3.

Configure your authentication server.

4.

Start NSMQ.

Authorization

Authorization enables you to control access of destinations in the broker. With this, you can restrict
access to specific destinations based on the group membership of a user. The following types of
access are supported:

READ: Permission to browse and consume messages from destinations.

WRITE: Permission to publish messages to destinations.

ADMIN: Permission to create destinations if it does not exist. With this permission, you can
control where and how the new destinations can be dynamically created in the queue or topic
hierarchy.

You can configure authorization by adding an authorizationPlugin element in the broker's
XML configuration file. Within this element, define the authorizationEntries where entries
are added to specific groups on queues or topics.

NOTE:

Both queue and topic cannot be defined in the same element.

To control access to temporary destinations, you must add a

element to the authorizationMap. A temporary

destination enables you to create a queue for a particular network connection. The destination
exists as long as the network connection is open. You cannot define any queue or topic attributes
for the tempDestinationAuthorizationEntry element, because temporary destinations
have no names.

For a sample usage, see the Controlling Access To Temporary Destinations section in

http://

activemq.apache.org/security.html

.

Authorization

43

This manual is related to the following products:
See also other documents in the category HP Computer hardware: