Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Given below is an overview of how some common security concepts are implemented in Apache ActiveMQ.

Security ConceptHow it is Implemented
Authentication Simple authentication and JAAS plugins.
Authorization Built-in authorization mechanism using XML configuration.
Availability Master/Slave configurations using fail-over transport in ActiveMQ (not to be confused with WSO2 ESB EI transports). 
IntegrityWS-Security

...

Simple Authentication: ActiveMQ comes with an authentication plugin, which provides basic authentication between the ActiveMQ JMS and the WSO2 ESBEI. The steps below describe how to configure.  

...

2. Edit <ACTIVEMQ_HOME>/conf/credentials.properties file for plain-text version or <ACTIVEMQ_HOME>/conf/credentials-enc.properties file for encrypted version to define the username and password lists referenced in the configuration above.
 
Th e anonymousAccessAllowed attribute defines whether or not to allow anonymous access. The groups and users defined in step 1 are used to provide authorization schemes. Refer to section Authorization for more information.

3. Ensure that the <transportReceiver> <transportReceiver> element below is added in <ESB<EI_HOME>/repository/conf/axis2/axis2.xml file.

Code Block
languagehtml/xml
<transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
       <parameter name="myTopicConnectionFactory" locked="false">
           <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
           <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
              <parameter name="transport.jms.UserName">system</parameter>
               <parameter name="transport.jms.Password">manager</parameter>
            <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter>
            <parameter name="transport.jms.ConnectionFactoryType" locked="false">topic</parameter>
       </parameter>

       <parameter name="myQueueConnectionFactory" locked="false">
           <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
           <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
               <parameter name="transport.jms.UserName">system</parameter>
               <parameter name="transport.jms.Password">manager</parameter>
           <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
            <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
       </parameter>

       <parameter name="default" locked="false">
           <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
           <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
              <parameter name="transport.jms.UserName">system</parameter>
               <parameter name="transport.jms.Password">manager</parameter>
           <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
            <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
       </parameter>
</transportReceiver>

...

Info
titleInfor

For more advanced authentication schemes that use JAAS which are supported in ActiveMQ, refer to the official ActiveMQ documentation here: http://activemq.apache.org/security.html  

Authorization 
Anchor
Authorization
Authorization

ActiveMQ provides authorization schemes using simple XML configurations, which you can apply to the users defined in the authentication plugin. To setup authorization, ensure you have the following configuration in <ACTIVEMQ_HOME>/conf/activemq-sequrity.xml file.

...

ActiveMQ uses a special URI similar to the following to facilitate fail-over functionality: failover://(tcp://127.0.0.1:61616,tcp://127.0.0.1:61617,tcp://127.0.0.1:61618)?initialReconnectDelay=100. Use this URI inside WSO2 ESB EI for a highly-available JMS solution.

To create proxy services, sequences, endpoints, message stores, processors etc. in ESBWSO2 EI, you can either use the management console or copy the XML configuration to the source view. You can find the source view under menu Manage > Service Bus > Source View in the left navigation pane of the WSO2 ESB EI management console. Alternatively, you can add an XML file  to <ESB <EI_HOME>/repository/deployment/server/synapse-configs/default/proxy-services.

A sample WSO2 ESB EI Proxy service for this setup is given below.    

...

Integrity is part of message-level security, and can be implemented using a standard like WS-Security. Following sample shows the application of WS-Security for message-level encryption where messages are stored in a message store in WSO2 ESBEI.

Code Block
languagehtml/xml
<definitions xmlns="http://ws.apache.org/ns/synapse">
   <localEntry key="sec_policy" src="file:repository/samples/resources/policy/policy_3.xml"/>

   <in>
       <send>
           <endpoint>
        <address uri="jms:/StockQuoteJmsProxy2?transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory&java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&java.naming.provider.url=tcp://localhost:61616">
                 <enableSec policy="sec_policy"/>
                   <enableAddressing/>
               </address>
           </endpoint>
       </send>
   </in>
   <out>
       <header name="wsse:Security" action="remove"      xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
       <send/>
   </out>
</definitions>