activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r908646 - in /websites/production/activemq/content: cache/main.pageCache security.html
Date Mon, 12 May 2014 14:21:03 GMT
Author: buildbot
Date: Mon May 12 14:21:02 2014
New Revision: 908646

Log:
Production update by buildbot for activemq

Modified:
    websites/production/activemq/content/cache/main.pageCache
    websites/production/activemq/content/security.html

Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/activemq/content/security.html
==============================================================================
--- websites/production/activemq/content/security.html (original)
+++ websites/production/activemq/content/security.html Mon May 12 14:21:02 2014
@@ -83,30 +83,8 @@
   <tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><p>ActiveMQ 4.x and greater provides pluggable
security through various different providers.</p>
-
-<p>The most common providers are</p>
-<ul><li><a shape="rect" class="external-link" href="http://java.sun.com/products/jaas/"
rel="nofollow">JAAS</a> for authentication</li><li>a default authorization
mechanism using a simple XML configuration file.</li></ul>
-
-
-<h3 id="Security-Authentication">Authentication</h3>
-
-<p>The default <a shape="rect" class="external-link" href="http://java.sun.com/products/jaas/"
rel="nofollow">JAAS</a> plugin relies on the standard JAAS mechanism for authentication.
Refer to the <a shape="rect" class="external-link" href="http://java.sun.com/products/jaas/reference/docs/index.html"
rel="nofollow">documentation</a> for more detail.</p>
-
-<p>Typically you configure JAAS using a config file like <a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/login.config">this
one</a> and set the <strong>java.security.auth.login.config</strong> system
property to point to it. If no system property is specified then by default the ActiveMQ JAAS
plugin will look for <strong>login.config</strong> on the classpath and use that.</p>
-
-<h4 id="Security-AuthenticationExample">Authentication Example</h4>
-
-<p>Here is an example <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/login.config">login.config</a>
which then points to these files</p>
-<ul><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users.properties">users.properties</a></li><li><a
shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties">groups.properties</a></li></ul>
-
-
-<h4 id="Security-SimpleAuthenticationPlugin">Simple Authentication Plugin</h4>
-
-<p>If you have modest authentication requirements (or just want to quickly set up your
testing environment) you can use SimpleAuthenticationPlugin. With this plugin you can define
users and groups directly in the broker's XML configuration. Take a look at the following
snippet for example:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;simpleAuthenticationPlugin&gt;
+<div class="wiki-content maincontent"><p>ActiveMQ 4.x and greater provides pluggable
security through various different providers.</p><p>The most common providers
are</p><ul><li><a shape="rect" class="external-link" href="http://java.sun.com/products/jaas/"
rel="nofollow">JAAS</a> for authentication</li><li>a default authorization
mechanism using a simple XML configuration file.</li></ul><h3 id="Security-Authentication">Authentication</h3><p>The
default <a shape="rect" class="external-link" href="http://java.sun.com/products/jaas/"
rel="nofollow">JAAS</a> plugin relies on the standard JAAS mechanism for authentication.
Refer to the <a shape="rect" class="external-link" href="http://java.sun.com/products/jaas/reference/docs/index.html"
rel="nofollow">documentation</a> for more detail.</p><p>Typically you
configure JAAS using a config file like <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/login.config">this
  one</a> and set the <strong>java.security.auth.login.config</strong> system
property to point to it. If no system property is specified then by default the ActiveMQ JAAS
plugin will look for <strong>login.config</strong> on the classpath and use that.</p><h4
id="Security-AuthenticationExample">Authentication Example</h4><p>Here is an
example <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/login.config">login.config</a>
which then points to these files</p><ul><li><a shape="rect" class="external-link"
href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/org/apache/activemq/security/users.properties">users.properties</a></li><li><a
shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/org/apache/activemq/security/groups.properties">groups.properties</a></li></ul><h4
id="Security-SimpleAuthentic
 ationPlugin">Simple Authentication Plugin</h4><p>If you have modest authentication
requirements (or just want to quickly set up your testing environment) you can use SimpleAuthenticationPlugin.
With this plugin you can define users and groups directly in the broker's XML configuration.
Take a look at the following snippet for example:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;simpleAuthenticationPlugin&gt;
 	&lt;users&gt;
 		&lt;authenticationUser username=&quot;system&quot; password=&quot;manager&quot;
 			groups=&quot;users,admins&quot;/&gt;
@@ -116,16 +94,8 @@
 	&lt;/users&gt;
 &lt;/simpleAuthenticationPlugin&gt;
 ]]></script>
-</div></div>
-<p>Users and groups defined in this way can be later used with the appropriate authorization
plugin.</p>
-
-<h5 id="Security-Anonymousaccess">Anonymous access</h5>
-
-<p>From version 5.4.0 onwards, you can configure simple authentication plugin to allow
anonymous access to the broker.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;simpleAuthenticationPlugin anonymousAccessAllowed=&quot;true&quot;&gt;
+</div></div><p>Users and groups defined in this way can be later used with
the appropriate authorization plugin.</p><h5 id="Security-Anonymousaccess">Anonymous
access</h5><p>From version 5.4.0 onwards, you can configure simple authentication
plugin to allow anonymous access to the broker.</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;simpleAuthenticationPlugin
anonymousAccessAllowed=&quot;true&quot;&gt;
     &lt;users&gt;
         &lt;authenticationUser username=&quot;system&quot; password=&quot;manager&quot;
             groups=&quot;users,admins&quot;/&gt;
@@ -135,22 +105,7 @@
     &lt;/users&gt;
 &lt;/simpleAuthenticationPlugin&gt;
 ]]></script>
-</div></div>
-
-<p>To allow anonymous access to the broker, use <code>anonymousAccessAllowed</code>
attribute and set it to <code>true</code> as shown above. Now, when the client
connects without username and password provided, a default username (<code>anonymous</code>)
and group (<code>anonymous</code>) will be assigned to its security context. You
can use this username and password to authorize client's access to appropriate broker resources
(see the next section). You can also change username and group that will be assigned to <em>anonymous</em>
users by using <code>anonymousUser</code> and <code>anonymousGroup</code>
attributes.</p>
-
-<h3 id="Security-Authorization">Authorization</h3>
-
-<p>In ActiveMQ we use a number of operations which you can associate with user roles
and either individual queues or topics or you can use wildcards to attach to hierarchies of
topics and queues.</p>
-<div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh"><p> Operation </p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p> Description </p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p> read </p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p> You can browse and consume from
the destination </p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>
write </p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>
You can send messages to the destination </p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p> admin </p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p> You can lazily create the destination
if it does not yet exist. This allows you fine grained control over which new destinations
can be dynamically created in what part of the queue/topic hierarchy </p></td></tr></tbody></table></div>
-
-<p>Queues/Topics can specified using the ActiveMQ <a shape="rect" href="wildcards.html">wildcards</a>
syntax.</p>
-
-
-<h4 id="Security-AuthorizationExample">Authorization Example</h4>
-
-<p>The following <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/org/apache/activemq/security/jaas-broker.xml">example</a>
shows these 2 plugins in operation. Though note its very easy to write your own plugin.</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p>To allow anonymous access to the broker, use <code>anonymousAccessAllowed</code>
attribute and set it to <code>true</code> as shown above. Now, when the client
connects without username and password provided, a default username (<code>anonymous</code>)
and group (<code>anonymous</code>) will be assigned to its security context. You
can use this username and password to authorize client's access to appropriate broker resources
(see the next section). You can also change username and group that will be assigned to <em>anonymous</em>
users by using <code>anonymousUser</code> and <code>anonymousGroup</code>
attributes.</p><h3 id="Security-Authorization">Authorization</h3><p>In
ActiveMQ we use a number of operations which you can associate with user roles and either
individual queues or topics or you can use wildcards to attach to hierarchies of topics and
queues.</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="conflu
 enceTh"><p>Operation</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>read</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>You can browse and consume from the destination</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>write</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>You can send messages to the destination</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>admin</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>You can lazily create the destination
if it does not yet exist. This allows you fine grained control over which new destinations
can be dynamically created in what part of the queue/topic hierarchy</p></td></tr></tbody></table></div><p>Queues/Topics
can specified using the ActiveMQ <a shape="rect" href="wildcards.html">Wildcards</a>
syntax.</p><h4 id="Security-AuthorizationExample">Authorization Example</h4>
 <p>The following <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/resources/org/apache/activemq/security/jaas-broker.xml">example</a>
shows these 2 plugins in operation. Though note its very easy to write your own plugin.</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
 &lt;beans
   xmlns=&quot;http://www.springframework.org/schema/beans&quot;
@@ -195,38 +150,16 @@
 
 &lt;/beans&gt;
 ]]></script>
-</div></div>
-
-<p><strong>Note</strong> that full access rights should generally be given
to the ActiveMQ.Advisory destinations because by default an ActiveMQConnection uses destination
advisories to get early knowledge of temp destination creation and deletion. In addition,
dynamic network connectors use advisories to determine consumer demand.<br clear="none">
-If necessary, the use of advisories in this manner can be disabled via the <em>watchTopicAdvisories</em>
boolean attribute of ActiveMQConnectionFactory and for a networkConnector, via the network
connector <em>staticBridge</em>(5.6) boolean attribute.</p>
-
-<h3 id="Security-Broker-to-BrokerAuthenticationandAuthorization">Broker-to-Broker Authentication
and Authorization</h3>
-
-<p>If you have enabled authentication for a particular message broker, then other brokers
that wish to connect to that broker must provide the proper authentication credentials via
their &lt;networkConnector&gt; element. For example, suppose that we have a network
of brokers with the following configuration:</p>
-<ul class="alternate"><li>The network of brokers  comprises two brokers (BrokerA
and BrokerB)</li><li>Authentication for BrokerA has been enabled via the example
&lt;simpleAuthenticationPlugin&gt; element.</li><li>Authentication for
BrokerB has not been enabled.</li><li>BrokerA only listens for connections. In
other words, BrokerA has a &lt;transportConnector&gt; element, but no &lt;networkConnector&gt;
elements.</li></ul>
-
-
-<p>In order for BrokerB to connect to BrokerA, the corresponding &lt;networkConnector&gt;
element in BrokerB's XML configuration file must be set up as follows.</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;networkConnectors&gt;
+</div></div><p><strong>Note</strong> that full access rights
should generally be given to the ActiveMQ.Advisory destinations because by default an ActiveMQConnection
uses destination advisories to get early knowledge of temp destination creation and deletion.
In addition, dynamic network connectors use advisories to determine consumer demand.<br
clear="none"> If necessary, the use of advisories in this manner can be disabled via the
<em>watchTopicAdvisories</em> boolean attribute of ActiveMQConnectionFactory and
for a networkConnector, via the network connector <em>staticBridge</em>(5.6) boolean
attribute.</p><h3 id="Security-Broker-to-BrokerAuthenticationandAuthorization">Broker-to-Broker
Authentication and Authorization</h3><p>If you have enabled authentication for
a particular message broker, then other brokers that wish to connect to that broker must provide
the proper authentication credentials via their &lt;networkConnector&gt; element.
For example, suppose that we have a netw
 ork of brokers with the following configuration:</p><ul class="alternate"><li>The
network of brokers comprises two brokers (BrokerA and BrokerB)</li><li>Authentication
for BrokerA has been enabled via the example &lt;simpleAuthenticationPlugin&gt; element.</li><li>Authentication
for BrokerB has not been enabled.</li><li>BrokerA only listens for connections.
In other words, BrokerA has a &lt;transportConnector&gt; element, but no &lt;networkConnector&gt;
elements.</li></ul><p>In order for BrokerB to connect to BrokerA, the corresponding
&lt;networkConnector&gt; element in BrokerB's XML configuration file must be set up
as follows.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;networkConnectors&gt;
    &lt;networkConnector name=&quot;brokerAbridge&quot;
                      userName=&quot;user&quot;
                      password=&quot;password&quot;
                      uri=&quot;static://(tcp://brokerA:61616)&quot;/&gt;
    &lt;/networkConnectors&gt;
 ]]></script>
-</div></div>
-<p>Note how BrokerB's &lt;networkConnector&gt; element must provide the proper
credentials in order to connect to BrokerA. If authorization has been enabled on BrokerA,
then the userName assigned to the &lt;networkConnector&gt; element must also have
the proper authorization credentials. Messages cannot be forwarded from BrokerB to BrokerA
if BrokerA has authorization enabled and BrokerB's corresponding &lt;networkConnector&gt;
element's userName has not been given the proper authorization credentials.</p>
-
-<p>Also, if BrokerA is given a &lt;networkConnector&gt; element so that it
can initiate a connection to BrokerB, then that &lt;networkConnector&gt; must be given
a userName/password combination that is defined in the &lt;simpleAuthenticationPlugin&gt;
element; this is required even though BrokerB does not have authentication services enabled.</p>
-
-<h3 id="Security-ControllingAccessToTemporaryDestinations">Controlling Access To Temporary
Destinations</h3>
-
-<p>To control access to temporary destinations, you will need to add a &lt;tempDestinationAuthorizationEntry&gt;
element to the authorizationMap.  Through this element, you control access to all temporary
destinations. If this element is not present, read, write, and admin privileges for temporary
destinations will be granted to all. In the example below,  read, write, and admin privileges
for temporary destinations are only granted to those clients that have been assigned to the
'admin' group.</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;broker&gt;
+</div></div><p>Note how BrokerB's &lt;networkConnector&gt; element
must provide the proper credentials in order to connect to BrokerA. If authorization has been
enabled on BrokerA, then the userName assigned to the &lt;networkConnector&gt; element
must also have the proper authorization credentials. Messages cannot be forwarded from BrokerB
to BrokerA if BrokerA has authorization enabled and BrokerB's corresponding &lt;networkConnector&gt;
element's userName has not been given the proper authorization credentials.</p><p>Also,
if BrokerA is given a &lt;networkConnector&gt; element so that it can initiate a connection
to BrokerB, then that &lt;networkConnector&gt; must be given a userName/password combination
that is defined in the &lt;simpleAuthenticationPlugin&gt; element; this is required
even though BrokerB does not have authentication services enabled.</p><h3 id="Security-ControllingAccessToTemporaryDestinations">Controlling
Access To Temporary Destinations</h3><p>To control acce
 ss to temporary destinations, you will need to add a &lt;tempDestinationAuthorizationEntry&gt;
element to the authorizationMap. Through this element, you control access to all temporary
destinations. If this element is not present, read, write, and admin privileges for temporary
destinations will be granted to all. In the example below, read, write, and admin privileges
for temporary destinations are only granted to those clients that have been assigned to the
'admin' group.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;broker&gt;
   ..
    &lt;plugins&gt;
       ..
@@ -248,24 +181,14 @@ If necessary, the use of advisories in t
   ..
 &lt;/broker&gt;
 ]]></script>
-</div></div>
-
-<h3 id="Security-LDAPAuthenticationUsingtheJAASPlugin">LDAP Authentication Using the
JAAS Plugin </h3>
-
-    <div class="aui-message hint shadowed information-macro">
+</div></div><h3 id="Security-LDAPAuthenticationUsingtheJAASPlugin">LDAP
Authentication Using the JAAS Plugin</h3>    <div class="aui-message hint shadowed
information-macro">
                             <span class="aui-icon icon-hint">Icon</span>
                 <div class="message-content">
-                            
-<p>A new/better ldap authorization module is available since 5.6. See <a shape="rect"
href="cached-ldap-authorization-module.html">Cached LDAP Authorization Module</a>
for more info.</p>
+                            <p>A new/better ldap authorization module is available
since 5.6. See <a shape="rect" href="cached-ldap-authorization-module.html">Cached LDAP
Authorization Module</a> for more info.</p>
                     </div>
     </div>
-
-
-<p>1. Configure the JAAS LDAPLoginModule and the LDAPAuthorizationMap in activemq.xml:
</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-    &lt;plugins&gt; 
+<p>1. Configure the JAAS LDAPLoginModule and the LDAPAuthorizationMap in activemq.xml:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
   &lt;plugins&gt; 
       &lt;!--  use JAAS to authenticate using the login.config file on the classpath
to configure JAAS --&gt; 
       &lt;jaasAuthenticationPlugin configuration=&quot;LdapConfiguration&quot;
/&gt; 
       &lt;!--  lets configure a destination based role/group authorization mechanism
--&gt; 
@@ -297,11 +220,7 @@ If necessary, the use of advisories in t
       &lt;/authorizationPlugin&gt; 
     &lt;/plugins&gt; 
 ]]></script>
-</div></div> 
-
-<p>2. Configure the JAAS login.config (I haven't de-duplicated the config yet): </p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p>2. Configure the JAAS login.config (I haven't de-duplicated
the config yet):</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[

 LdapConfiguration { 
    org.apache.activemq.jaas.LDAPLoginModule required 
@@ -323,13 +242,8 @@ LdapConfiguration { 
        ; 
 }; 
 ]]></script>
-</div></div> 
-
-<p>3. Import the following LDIF file into the LDAP server: </p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-version: 1
+</div></div><p>3. Import the following LDIF file into the LDAP server:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[version:
1
 
 #
 # Sample LDIF for ActiveMQ LDAP authentication and authorisation
@@ -499,23 +413,8 @@ objectClass: account
 objectClass: simpleSecurityObject
 objectClass: top
 ]]></script>
-</div></div> 
-
-<p>4. Start up ActiveMQ </p>
-
-<p>5. Test it out</p>
-
-
-<h3 id="Security-SecurityandActiveMQComponents">Security and ActiveMQ Components</h3>
-
-<p>Along with the message broker, you can optionally execute several additional "components",
such as Camel and/or the Web console. These components establish connections with the broker;
therefore, if you have secured your broker (i.e., enabled authentication), you will have to
configure these components in order to have them provide the required security credentials
(username, password) when they connect to the broker. </p>
-
-<h4 id="Security-Camel">Camel</h4>
-
-<p>You may have the following Camel context defined in your broker's XML configuration
file.</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;!--
+</div></div><p>4. Start up ActiveMQ</p><p>5. Test it out</p><h3
id="Security-SecurityandActiveMQComponents">Security and ActiveMQ Components</h3><p>Along
with the message broker, you can optionally execute several additional "components", such
as Camel and/or the Web console. These components establish connections with the broker; therefore,
if you have secured your broker (i.e., enabled authentication), you will have to configure
these components in order to have them provide the required security credentials (username,
password) when they connect to the broker.</p><h4 id="Security-Camel">Camel</h4><p>You
may have the following Camel context defined in your broker's XML configuration file.</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;!--
   ** Lets deploy some Enterprise Integration Patterns inside the ActiveMQ Message Broker
   ** For more details see
   **
@@ -529,21 +428,11 @@ objectClass: top
         &lt;/route&gt;
   &lt;/camelContext&gt;
 ]]></script>
-</div></div>
-<p>The above configuration is not set up to work within a secure environment.</p>
-
-<p>If the application is running in an OSGi container, add the following line before
the CamelContext definition:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;osgi:reference id=&quot;activemq&quot; interface=&quot;org.apache.camel.Component&quot;
/&gt;
+</div></div><p>The above configuration is not set up to work within a secure
environment.</p><p>If the application is running in an OSGi container, add the
following line before the CamelContext definition:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;osgi:reference
id=&quot;activemq&quot; interface=&quot;org.apache.camel.Component&quot; /&gt;
 ]]></script>
-</div></div>
-<p>This allows any pre-configured instance of the ActiveMQComponent deployed in the
container to take precedence on the default ActiveMQComponent.</p>
-
-<p>That is, with the above configuration, Camel will establish a connection with ActiveMQ,
but will not provide a username and password. Therefore, when ActiveMQ security is enabled,
the above configuration results in a security exception. The exception will be thrown multiple
times, because Camel will continue to retry the connection. If you're not using Camel, comment
out the above XML code. If you are using Camel, add the following bean definition to your
broker's XML configuration:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;!-- configure the camel activemq component to use the current broker --&gt;
+</div></div><p>This allows any pre-configured instance of the ActiveMQComponent
deployed in the container to take precedence on the default ActiveMQComponent.</p><p>That
is, with the above configuration, Camel will establish a connection with ActiveMQ, but will
not provide a username and password. Therefore, when ActiveMQ security is enabled, the above
configuration results in a security exception. The exception will be thrown multiple times,
because Camel will continue to retry the connection. If you're not using Camel, comment out
the above XML code. If you are using Camel, add the following bean definition to your broker's
XML configuration:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;!--
configure the camel activemq component to use the current broker --&gt;
     &lt;bean id=&quot;activemq&quot; class=&quot;org.apache.activemq.camel.component.ActiveMQComponent&quot;
&gt;
         &lt;property name=&quot;connectionFactory&quot;&gt;
           &lt;bean class=&quot;org.apache.activemq.ActiveMQConnectionFactory&quot;&gt;
@@ -554,52 +443,22 @@ objectClass: top
         &lt;/property&gt;
     &lt;/bean&gt;
 ]]></script>
-</div></div>
-
-<p>With the above bean definition, Camel will pass the specified security credentials
when it connects to the broker. </p>
-
-<p>If the broker is running in an OSGi container, add the following line after the
ActiveMQComponent bean definition:</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;service ref=&quot;activemq&quot; interface=&quot;org.apache.camel.Component&quot;/&gt;
+</div></div><p>With the above bean definition, Camel will pass the specified
security credentials when it connects to the broker.</p><p>If the broker is running
in an OSGi container, add the following line after the ActiveMQComponent bean definition:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;service
ref=&quot;activemq&quot; interface=&quot;org.apache.camel.Component&quot;/&gt;
 ]]></script>
-</div></div>
-
-<h4 id="Security-WebConsole">Web Console</h4>
-
-<p>If you want to use the Web Console with a secured broker, you have to change <code>connectionFactory</code>
bean in your <code>webapps/admin/WEB-INF/webconsole-embeded.xml</code> to something
like this:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;bean id=&quot;connectionFactory&quot; class=&quot;org.apache.activemq.ActiveMQConnectionFactory&quot;&gt;
+</div></div><h4 id="Security-WebConsole">Web Console</h4><p>If
you want to use the Web Console with a secured broker, you have to change <code>connectionFactory</code>
bean in your <code>webapps/admin/WEB-INF/webconsole-embeded.xml</code> to something
like this:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;bean
id=&quot;connectionFactory&quot; class=&quot;org.apache.activemq.ActiveMQConnectionFactory&quot;&gt;
     &lt;property name=&quot;brokerURL&quot; value=&quot;vm://localhost&quot;/&gt;
     &lt;property name=&quot;userName&quot; value=&quot;system&quot;/&gt;
     &lt;property name=&quot;password&quot; value=&quot;manager&quot;/&gt;
   &lt;/bean&gt;
 ]]></script>
-</div></div>
-
-<h4 id="Security-DefaultCredentials">Default Credentials</h4>
-
-<p>Starting with version 5.3, all of the above configuration details are included in
the default ActiveMQ configuration. Also, there is a central place where you can set credentials
that these components will use to connect to the broker. Just set your desired username and
password in the <code>conf/credentials.properties</code> file, which by default
looks like this:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
-activemq.username=system
+</div></div><h4 id="Security-DefaultCredentials">Default Credentials</h4><p>Starting
with version 5.3, all of the above configuration details are included in the default ActiveMQ
configuration. Also, there is a central place where you can set credentials that these components
will use to connect to the broker. Just set your desired username and password in the <code>conf/credentials.properties</code>
file, which by default looks like this:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[activemq.username=system
 activemq.password=manager
 ]]></script>
-</div></div>
-
-<h4 id="Security-EncryptedPasswords">Encrypted Passwords</h4>
-
-<p>As of version 5.4.1 you can also use <a shape="rect" href="encrypted-passwords.html">Encrypted
Passwords</a> with your broker</p>
-
-<h3 id="Security-MessagelevelAuthorization">Message level Authorization</h3>
-
-<p>We have a configurable MessageAuthorizationPolicy to allow you to authorize each
message using some content based authorization policy of your choosing. To enable this policy
configure on the broker directly using the * messageAuthorizationPolicy* property or add it
to the XML as follows</p>
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-&lt;broker&gt;
+</div></div><h4 id="Security-EncryptedPasswords">Encrypted Passwords</h4><p>As
of version 5.4.1 you can also use <a shape="rect" href="encrypted-passwords.html">Encrypted
passwords</a> with your broker</p><h3 id="Security-MessagelevelAuthorization">Message
level Authorization</h3><p>We have a configurable MessageAuthorizationPolicy to
allow you to authorize each message using some content based authorization policy of your
choosing. To enable this policy configure on the broker directly using the * messageAuthorizationPolicy*
property or add it to the XML as follows</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;broker&gt;
   ..
   &lt;messageAuthorizationPolicy&gt;
     &lt;bean class=&quot;com.acme.MyMessageAuthorizationPolicy&quot; xmlns=&quot;&quot;/&gt;
@@ -607,15 +466,7 @@ activemq.password=manager
   ..
 &lt;/broker&gt;
 ]]></script>
-</div></div>
-
-<h2 id="Security-ImplementingyourowncustomSecurityPlugin">Implementing your own custom
Security Plugin</h2>
-
-<p>All of the various security implementations are implemented as <a shape="rect"
href="interceptors.html">Interceptors</a> so its very easy to add your own custom
implementation. Its probably easier to start with one of the <a shape="rect" class="external-link"
href="http://activemq.apache.org/maven/activemq-core/apidocs/org/apache/activemq/security/package-summary.html">simple
implementations</a> though if you are using JAAS you could derive from the <a shape="rect"
class="external-link" href="http://activemq.apache.org/maven/activemq-jaas/apidocs/">JAAS
implementation</a>.</p>
-
-<h3 id="Security-ThirdPartyTools">Third Party Tools </h3>
-
-<ul><li><a shape="rect" class="external-link" href="http://www.ttmsolutions.com/Apache_Software/ActiveMQ_LDAP_JDBC_Security_Plugins.php"
rel="nofollow">ActiveMQ LDAP and JDBC Security Plugins from TTM Solutions</a></li></ul></div>
+</div></div><h2 id="Security-ImplementingyourowncustomSecurityPlugin">Implementing
your own custom Security Plugin</h2><p>All of the various security implementations
are implemented as <a shape="rect" href="interceptors.html">Interceptors</a> so
its very easy to add your own custom implementation. Its probably easier to start with one
of the <a shape="rect" class="external-link" href="http://activemq.apache.org/maven/activemq-core/apidocs/org/apache/activemq/security/package-summary.html">simple
implementations</a> though if you are using JAAS you could derive from the <a shape="rect"
class="external-link" href="http://activemq.apache.org/maven/activemq-jaas/apidocs/">JAAS
implementation</a>.</p><h3 id="Security-ThirdPartyTools">Third Party Tools</h3><ul><li><a
shape="rect" class="external-link" href="http://www.ttmsolutions.com/Apache_Software/ActiveMQ_LDAP_JDBC_Security_Plugins.php"
rel="nofollow">ActiveMQ LDAP and JDBC Security Plugins from TTM Solutions</a></li></ul></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message