[jboss-cvs] JBoss Messaging SVN: r6756 - in trunk: examples/jms/jaas and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed May 13 04:11:08 EDT 2009
Author: jmesnil
Date: 2009-05-13 04:11:08 -0400 (Wed, 13 May 2009)
New Revision: 6756
Added:
trunk/examples/jms/jaas/readme.html
Modified:
trunk/docs/user-manual/en/modules/security.xml
trunk/examples/jms/jaas/server0/jbm-jboss-beans.xml
Log:
user manual
* security chapter
* added JAAS example readme
Modified: trunk/docs/user-manual/en/modules/security.xml
===================================================================
--- trunk/docs/user-manual/en/modules/security.xml 2009-05-13 08:10:30 UTC (rev 6755)
+++ trunk/docs/user-manual/en/modules/security.xml 2009-05-13 08:11:08 UTC (rev 6756)
@@ -66,14 +66,14 @@
<para>Let's take a simple example, here's a security block from <literal
>jbm-configuration.xml</literal> or <literal>jbm-queues.xml</literal> file:</para>
<programlisting>
-<security match="globalqueues.europe.#">
+<security-setting match="globalqueues.europe.#">
<permission type="createDurableQueue" roles="admin"/>
<permission type="deleteDurableQueue" roles="admin"/>
<permission type="createTempQueue" roles="admin, guest, europe-users"/>
<permission type="deleteTempQueue" roles="admin, guest, europe-users"/>
<permission type="send" roles="admin, europe-users"/>
<permission type="consume" roles="admin, europe-users"/>
-</security>
+</security-setting>
</programlisting>
<para>The '<literal>#</literal>' character signifies "any sequence of words". Words are
delimited by the '<literal>.</literal>' character. For a full description of the
@@ -99,10 +99,10 @@
match takes precedence.</para>
<para>Let's look at an example of that, here's another security block:</para>
<programlisting>
-<security match="globalqueues.europe.orders.#">
+<security-setting match="globalqueues.europe.orders.#">
<permission type="send" roles="europe-users"/>
<permission type="consume" roles="europe-users"/>
-</security>
+</security-setting>
</programlisting>
<para>In this security block the match 'globalqueues.europe.orders.#' is more specific than
the previous match 'globalqueues.europe.#'. So any addresses which match
@@ -199,8 +199,8 @@
<title>JAAS Security Manager</title>
<para>JAAS stands for 'Java Authentication and Authorization Service' and is a standard part
of the Java platform. It provides a common API for security authentication and
- authorization, allowing you to plugin in your pre-built implementations.</para>
- <para>To use the JAAS security manager. Specify the class name <literal
+ authorization, allowing you to plugin your pre-built implementations.</para>
+ <para>To use the JAAS security manager, specify the class name <literal
>org.jboss.messaging.integration.security.JAASSecurityManager</literal> in the
<literal>jbm-jboss-beans.xml</literal> file.</para>
<para>To configure the JAAS security manager to work with your pre-built JAAS infrastructure you need to specify the security manager
@@ -210,19 +210,27 @@
<start ignored="true"/>
<stop ignored="true"/>
- <attribute name="ConfigurationName">MyJAASConfigurationName</attribute>
- <attribute name="CallbackHandler"><inject bean="MyJAASCallbackHandler"/></attribute>
- <attribute name="Configuration"><inject bean="MyJAASConfiguration"/></attribute>
-
+ <property name="ConfigurationName">org.jboss.jms.example.ExampleLoginModule</property>
+ <property name="Configuration">
+ <inject bean="ExampleConfiguration"/>
+ </property>
+ <property name="CallbackHandler">
+ <inject bean="ExampleCallbackHandler"/>
+ </property>
</bean>
</programlisting>
- <para>Note that you need to feed the JAAS security manager with three attributes:</para>
+ <para>Note that you need to feed the JAAS security manager with three properties:</para>
<itemizedlist>
- <listitem><para>ConfigurationName: Jeff please complete</para></listitem>
- <listitem><para>CallbackHandler: Jeff please complete</para></listitem>
- <listitem><para>Configuration: Jeff please complete</para></listitem>
+ <listitem><para>ConfigurationName: the name of the <literal>LoginModule</literal> implementation that JAAS must use</para></listitem>
+ <listitem><para>Configuration: the <literal>Configuration</literal> implementation used by JAAS</para></listitem>
+ <listitem><para>CallbackHandler: the <literal>CallbackHandler</literal> implementation to use if user interaction are required</para></listitem>
</itemizedlist>
- <para>TODO Blah blah Jeff please complete</para>
+
+ <section>
+ <title>Example</title>
+ <para>The <ulink url="../../../../examples/jms/jaas/readme.html">JAAS example</ulink> shows
+ how JBoss Messaging can be configured to use JAAS.</para>
+ </section>
</section>
<section>
<title>JBoss AS Security Manager</title>
Added: trunk/examples/jms/jaas/readme.html
===================================================================
--- trunk/examples/jms/jaas/readme.html (rev 0)
+++ trunk/examples/jms/jaas/readme.html 2009-05-13 08:11:08 UTC (rev 6756)
@@ -0,0 +1,92 @@
+<html>
+ <head>
+ <title>JBoss Messaging JAAS Example</title>
+ <link rel="stylesheet" type="text/css" href="../common/common.css">
+ </head>
+ <body>
+ <h1>JAAS Example</h1>
+
+ <p>This example shows you how to configure JBoss Messaging to use JAAS for security.</p>
+ <p>JBoss Messaging can leverage JAAS to delegate user authentication and authorization to existing security infrastructure.</p>
+
+ <p>
+ The example will show how to configure JBoss Messaging with JAAS in <a href="server0/jbm-jboss-beans.xml">jbm-jboss-beans.xml</a>.
+ It will use a simple <code>LoginModule</code> without any user interaction.
+ The example will create a connection and authenticate the user with this JAAS LoginModule, send a message
+ to a queue and receive it (see the <a href="../queue/readme.html">Queue example</a> for a complete description
+ of the application code)
+ </p>
+ <h2>Example setup</h2>
+ <p>JBoss Messaging can use a JAAS security manager by specifying it in <a href="server0/jbm-jboss-beans.xml">jbm-jboss-beans.xml</a>:</p>
+ <pre>
+ <code>
+ <!-- The security manager using JAAS -->
+ <bean name="JBMSecurityManager" class="org.jboss.messaging.integration.security.JAASSecurityManager">
+ <property name="configurationName">org.jboss.jms.example.ExampleLoginModule</property>
+ <property name="configuration">
+ <inject bean="ExampleConfiguration"/>
+ </property>
+ <property name="callbackHandler">
+ <inject bean="ExampleCallbackHandler" />
+ </property>
+ </bean>
+
+ <!-- JAAS uses a simple LoginModule where the user credentials and roles are
+ specified as options in the constructor -->
+ <bean name="ExampleConfiguration" class="org.jboss.jms.example.ExampleConfiguration">
+ <constructor>
+ <parameter>org.jboss.jms.example.ExampleLoginModule</parameter>
+ <parameter>
+ <map class="java.util.HashMap" keyClass="java.lang.String"
+ valueClass="java.lang.String">
+ <entry>
+ <key>user</key>
+ <value>jboss</value>
+ </entry>
+ <entry>
+ <key>pass</key>
+ <value>redhat</value>
+ </entry>
+ <entry>
+ <key>role</key>
+ <value>guest</value>
+ </entry>
+ </map>
+ </parameter>
+ </constructor>
+ </bean>
+
+ <!-- the CallbackHandler does nothing as we don't have any user interaction -->
+ <bean name="ExampleCallbackHandler" class="org.jboss.jms.example.ExampleCallbackHandler" />
+ </code>
+ </pre>
+
+ <ul>
+ <li>the JBMSecurityManager's <code>configurationName</code> must be the name of the Java class implementing <code>LoginModule</code></li>
+ <li>the <code>callbackHandler</code> property must be an implementation of <code>CallbackHandler</code>. In this example, the ExampleCallbackHandler
+ does nothing since the authentication requires no user interaction</li>
+ <li>the <code>configuration</code> property must be an implementation of <code>Configuration</code>. For simplicity, we pass directly the
+ user credentials as options to the <code>ExampleConfiguration</code> constructor. These options will be passed to an instance
+ of ExampleLoginModule which will check that the only valid user is "jboss" with the password "redhat"
+ and it has the role "guest". </li>
+ </ul>
+
+ <h2>Example step-by-step</h2>
+ <p><i>To run the example, simply type <code>ant</code> from this directory</i></p>
+ <p>The only relevant step with regard to JAAS configuration is step 4 (all the other
+ steps are identical to the <a href="../queue/readme.html">Queue example</a>).
+ <ol start="4">
+ <li>We create a JMS Connection with user "jboss" and password "redhat". Any other
+ combination of name and password won't be valid for the ExampleLoginModule</li>
+ <pre>
+ <code>connection = cf.createConnection("jboss", "redhat");</code>
+ </pre>
+ </ol>
+
+ <h2>More information</h2>
+
+ <ul>
+ <li>User Manual's <a href="../../../docs/user-manual/en/html_single/index.html#security">Security chapter</a></li>
+ </ul>
+ </body>
+</html>
\ No newline at end of file
Modified: trunk/examples/jms/jaas/server0/jbm-jboss-beans.xml
===================================================================
--- trunk/examples/jms/jaas/server0/jbm-jboss-beans.xml 2009-05-13 08:10:30 UTC (rev 6755)
+++ trunk/examples/jms/jaas/server0/jbm-jboss-beans.xml 2009-05-13 08:11:08 UTC (rev 6756)
@@ -35,6 +35,8 @@
</property>
</bean>
+ <!-- JAAS uses a simple LoginModule where the user credentials and roles are
+ specified as options in the constructor -->
<bean name="ExampleConfiguration" class="org.jboss.jms.example.ExampleConfiguration">
<constructor>
<parameter>org.jboss.jms.example.ExampleLoginModule</parameter>
@@ -58,6 +60,7 @@
</constructor>
</bean>
+ <!-- the CallbackHandler does nothing as we don't have any user interaction -->
<bean name="ExampleCallbackHandler" class="org.jboss.jms.example.ExampleCallbackHandler" />
<!-- The core server -->
More information about the jboss-cvs-commits
mailing list