You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by bu...@apache.org on 2013/06/16 08:22:20 UTC
svn commit: r865799 - in /websites/production/activemq/content:
cache/main.pageCache shiro.html
Author: buildbot
Date: Sun Jun 16 06:22:20 2013
New Revision: 865799
Log:
Production update by buildbot for activemq
Added:
websites/production/activemq/content/shiro.html
Modified:
websites/production/activemq/content/cache/main.pageCache
Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Added: websites/production/activemq/content/shiro.html
==============================================================================
--- websites/production/activemq/content/shiro.html (added)
+++ websites/production/activemq/content/shiro.html Sun Jun 16 06:22:20 2013
@@ -0,0 +1,890 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+<head>
+ <link href="http://activemq.apache.org/styles/site.css" rel="stylesheet" type="text/css"/>
+ <link href="http://activemq.apache.org/styles/type-settings.css" rel="stylesheet" type="text/css"/>
+ <script src="http://activemq.apache.org/styles/prototype.js" type="text/javascript"></script>
+ <script src="http://activemq.apache.org/styles/rico.js" type="text/javascript"></script>
+ <script src="http://activemq.apache.org/styles/site.js" type="text/javascript"></script>
+ <style type="text/css">
+ .maincontent { overflow:hidden; }
+ </style>
+ <!--[if IE]>
+ <style type="text/css">
+ .maincontent { width:100%; }
+ </style>
+ <![endif]-->
+
+ <title>
+ Apache ActiveMQ ™ -- Shiro
+ </title>
+</head>
+<body>
+<div class="white_box">
+<div class="header">
+ <div class="header_l">
+ <div class="header_r">
+ </div>
+ </div>
+</div>
+<div class="content">
+ <div class="content_l">
+ <div class="content_r">
+ <div>
+
+<!-- Banner -->
+
+ <div id="asf_logo">
+ <div id="activemq_logo">
+ <a shape="rect" style="float:left; width:280px;display:block;text-indent:-5000px;text-decoration:none;line-height:60px; margin-top:10px; margin-left:100px;" href="http://activemq.apache.org" title="The most popular and powerful open source Message Broker">ActiveMQ</a> ™
+ <a shape="rect" style="float:right; width:210px;display:block;text-indent:-5000px;text-decoration:none;line-height:60px; margin-top:15px; margin-right:10px;" href="http://www.apache.org" title="The Apache Software Foundation">ASF</a>
+ </div>
+ </div>
+
+ <div class="top_red_bar">
+ <div id="site-breadcrumbs">
+<a href="features.html">Features</a> > <a href="security.html">Security</a> > <a href="shiro.html">Shiro</a>
+ </div>
+ <div id="site-quicklinks">
+<p><a shape="rect" href="download.html" title="Download">Download</a> | <a shape="rect" class="external-link" href="http://activemq.apache.org/maven/5.8.0/apidocs/index.html">JavaDocs</a> <a shape="rect" href="javadocs.html" title="JavaDocs">More...</a> | <a shape="rect" href="source.html" title="Source">Source</a> | <a shape="rect" href="discussion-forums.html" title="Discussion Forums">Forums</a> | <a shape="rect" href="support.html" title="Support">Support</a></p>
+ </div>
+ </div>
+
+ <table border="0">
+ <tbody>
+ <tr>
+ <td valign="top" width="100%">
+ <div class="wiki-content maincontent">
+<p>ActiveMQ 5.9 and later provides a fully customizable security experience using <a shape="rect" class="external-link" href="http://shiro.apache.org">Apache Shiro</a>.</p>
+
+<p>The ActiveMQ Shiro plugin can secure all aspects of ActiveMQ, from authenticating transport connections to authorizing behavior with topics and queues and everything in between.</p>
+
+<h2><a shape="rect" name="Shiro-Overview"></a>Overview</h2>
+
+<p>The Shiro plugin is a <a shape="rect" class="external-link" href="http://activemq.apache.org/maven/apidocs/org/apache/activemq/broker/BrokerPlugin.html">BrokerPlugin</a> that inserts 3 <a shape="rect" class="external-link" href="http://activemq.apache.org/maven/apidocs/org/apache/activemq/broker/BrokerFilter.html">BrokerFilter</a>s in the broker filter chain: the <tt>SubjectFilter</tt>, the <tt>AuthenticationFilter</tt> and the <tt>AuthorizationFilter</tt></p>
+
+<p><b>SubjectFilter</b></p>
+
+<p>The <tt>SubjectFilter</tt> exists before all other Shiro-related broker filters in the broker filter chain. It constructs a Shiro <a shape="rect" class="external-link" href="http://shiro.apache.org/subject.html">Subject</a> instance reflecting the broker client and ensures the <tt>Subject</tt> instance is available for all downstream broker filters that may need to use the <tt>Subject</tt> to perform security operations.</p>
+
+<p><b>AuthenticationFilter</b></p>
+
+<p>The <tt>AuthenticationFilter</tt> exists immediately after the <tt>SubjectFilter</tt> in the broker filter chain. It ensures that the broker client <tt>Subject</tt> is authenticated if necessary before allowing the chain to continue. If authentication is required and the <tt>Subject</tt> is not authenticated, the broker filter chain will not be executed, ensuring only verified identities may perform further behavior.</p>
+
+<p><b>AuthorizationFilter</b></p>
+
+<p>The <tt>AuthorizationFilter</tt> exists immediately after the <tt>AuthenticationFilter</tt> in the broker filter chain. It ensures that the <tt>Subject</tt> associated with the filter chain is authorized (permitted) to perform the action being attempted before allowing the action to execute. </p>
+
+<p>For example, it would ensure that the <tt>Subject</tt> is allowed to send a message to a particular topic before allowing the send operation to execute. If authorization is enabled and the <tt>Subject</tt> is not authorized to perform the desired action, the broker filter chain will not be executed.</p>
+
+<h2><a shape="rect" name="Shiro-Configuration"></a>Configuration</h2>
+
+<p>The ActiveMQ Shiro plugin can be configured in a number of ways. For example, with Java:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+BrokerService brokerService = <span class="code-keyword">new</span> BrokerService();
+
+ShiroPlugin shiroPlugin = <span class="code-keyword">new</span> ShiroPlugin();
+<span class="code-comment">//configure shiroPlugin via getters/setters here
+</span>
+broker.setPlugins(<span class="code-keyword">new</span> BrokerPlugin[]{shiroPlugin});
+<span class="code-comment">//<span class="code-keyword">continue</span> configuring the brokerService as necessary ...</span>
+</pre>
+</div></div>
+
+<p>Or, if using traditional ActiveMQ xml, as a Spring bean in the <tt>broker</tt> <tt>plugins</tt> section. For example:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<beans xmlns=<span class="code-quote">"http:<span class="code-comment">//www.springframework.org/schema/beans"</span>
+</span> xmlns:amq=<span class="code-quote">"http:<span class="code-comment">//activemq.apache.org/schema/core"</span>
+</span> xmlns:xsi=<span class="code-quote">"http:<span class="code-comment">//www.w3.org/2001/XMLSchema-instance"</span>
+</span> xsi:schemaLocation="
+ http:<span class="code-comment">//www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+</span> http:<span class="code-comment">//activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+</span>
+ <broker xmlns=<span class="code-quote">"http:<span class="code-comment">//activemq.apache.org/schema/core"</span> ... other attributes here ...>
+</span>
+ <plugins>
+
+ <bean id=<span class="code-quote">"shiroPlugin"</span> class=<span class="code-quote">"org.apache.activemq.shiro.ShiroPlugin"</span> xmlns=<span class="code-quote">"http:<span class="code-comment">//www.springframework.org/schema/beans"</span>>
+</span> <!-- Config properties via getters/setters as necessary: -->
+ </bean>
+
+ </plugins>
+
+ </broker>
+</beans>
+</pre>
+</div></div>
+
+<p>The remaining configuration examples on this page will be shown as bean XML, but know that the same configuration can be done in Java as standard JavaBeans-compatible getter and setter methods.</p>
+
+<h3><a shape="rect" name="Shiro-ShiroEnvironment"></a>Shiro Environment</h3>
+
+<p>The <tt>shiroPlugin</tt> requires a Shiro <a shape="rect" class="external-link" href="http://shiro.apache.org/static/current/apidocs/org/apache/shiro/env/Environment.html">Environment</a> to function. You must either configure the plugin with:</p>
+<ul><li>an <tt>Environment</tt> instance (or a Shiro <tt>SecurityManager</tt> instance) that you instantiate and configure elsewhere - e.g. in Java code or elsewhere in the Spring XML config, or</li><li>specify some Shiro <a shape="rect" class="external-link" href="http://shiro.apache.org/configuration.html">.ini configuration</a>, either as a direct String, an <a shape="rect" class="external-link" href="http://shiro.apache.org/static/current/apidocs/org/apache/shiro/config/Ini.html">Ini</a> instance, or a <a shape="rect" class="external-link" href="http://shiro.apache.org/static/current/apidocs/org/apache/shiro/io/ResourceUtils.html#getInputStreamForPath(java.lang.String)">resource path</a> where your <tt>shiro.ini</tt> file is located. The plugin will load the ini config and create an <tt>Environment</tt> automatically.</li></ul>
+
+
+<h4><a shape="rect" name="Shiro-CustomEnvironment"></a>Custom Environment</h4>
+
+<p>A Shiro <tt>Environment</tt> object contains everything that Shiro needs to operate, and this encapsulates the Shiro <tt>SecurityManager</tt> as well. If you want to construct and configure an Environment instance yourself:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<beans ...>
+ <broker ...>
+ <plugins>
+
+ <bean id=<span class="code-quote">"shiroPlugin"</span> class=<span class="code-quote">"org.apache.activemq.shiro.ShiroPlugin"</span> xmlns=<span class="code-quote">"http:<span class="code-comment">//www.springframework.org/schema/beans"</span>>
+</span> <property name=<span class="code-quote">"environment"</span> ref=<span class="code-quote">"shiroEnvironment"</span>/>
+ </bean>
+
+ </plugins>
+ </broker>
+
+ <bean id=<span class="code-quote">"shiroEnvironment"</span> class=<span class="code-quote">".."</span>>
+ ... config here ...
+ </bean>
+ <bean class=<span class="code-quote">"org.apache.shiro.spring.LifecycleBeanPostProcessor"</span>/>
+
+</beans>
+</pre>
+</div></div>
+
+<h4><a shape="rect" name="Shiro-CustomSecurityManager"></a>Custom SecurityManager</h4>
+
+<p>Instead of configuring an <tt>Environment</tt> instance, you can construct a <tt>SecurityManager</tt> instead:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<beans ...>
+ <broker ...>
+ <plugins>
+
+ <bean id=<span class="code-quote">"shiroPlugin"</span> class=<span class="code-quote">"org.apache.activemq.shiro.ShiroPlugin"</span> xmlns=<span class="code-quote">"http:<span class="code-comment">//www.springframework.org/schema/beans"</span>>
+</span> <property name=<span class="code-quote">"securityManager"</span> ref=<span class="code-quote">"shiroSecurityManager"</span>/>
+ </bean>
+
+ </plugins>
+ </broker>
+
+ <bean id=<span class="code-quote">"shiroSecurityManager"</span> class=<span class="code-quote">"org.apache.shiro.mgt.DefaultSecurityManager"</span>>
+ <property name=<span class="code-quote">"realms"</span>>
+ <list>
+ <bean id=<span class="code-quote">"myRealm"</span> class=<span class="code-quote">"..."</span>>
+ ...
+ </bean>
+ ... maybe more Realm beans ...
+ </list>
+ </property>
+ </bean>
+ <bean class=<span class="code-quote">"org.apache.shiro.spring.LifecycleBeanPostProcessor"</span>/>
+
+</beans>
+</pre>
+</div></div>
+
+<p>If specifying a <tt>SecurityManager</tt> instead of the <tt>Environment</tt> property, an <tt>Environment</tt> will be created automatically that wraps the configured <tt>SecurityManager</tt>.</p>
+
+<h4><a shape="rect" name="Shiro-shiro.iniFile"></a>shiro.ini File</h4>
+
+<p>If you don't want to construct a <tt>SecurityManager</tt> or <tt>Environment</tt> in code or xml, you can easily specify a <a shape="rect" class="external-link" href="http://shiro.apache.org/configuration.html">shiro.ini</a> file instead and an Environment/SecurityManager will automatically be created based on that:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<beans ...>
+ <broker ...>
+ <plugins>
+
+ <bean id=<span class="code-quote">"shiroPlugin"</span> class=<span class="code-quote">"org.apache.activemq.shiro.ShiroPlugin"</span> xmlns=<span class="code-quote">"http:<span class="code-comment">//www.springframework.org/schema/beans"</span>>
+</span> <property name=<span class="code-quote">"iniResourcePath"</span> value=<span class="code-quote">"classpath:myshiro.ini"</span>/>
+ </bean>
+
+ </plugins>
+ </broker>
+</beans>
+</pre>
+</div></div>
+
+<p>This allows you to keep your Shiro config separate from your ActiveMQ broker configuration if you prefer.</p>
+
+<h4><a shape="rect" name="Shiro-shiro.iniEmbedded"></a>shiro.ini Embedded</h4>
+
+<p>If you want to use ini configuration and you would prefer to have all configuration in one place, you can embed the ini config instead:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<beans ...>
+ <broker ...>
+ <plugins ...>
+
+ <bean id=<span class="code-quote">"shiroPlugin"</span> class=<span class="code-quote">"org.apache.activemq.shiro.ShiroPlugin"</span> xmlns=<span class="code-quote">"http:<span class="code-comment">//www.springframework.org/schema/beans"</span>>
+</span> <property name=<span class="code-quote">"iniConfig"</span>>
+ <value>
+ [main]
+
+ # Shiro object graph configuration here <span class="code-keyword">if</span> desired/necessary
+
+ [users]
+ system = manager, system
+
+ [roles]
+ system = *
+ advisory = topic:ActiveMQ.Advisory*
+ </value>
+ </property>
+ </bean>
+
+ </plugins>
+ </broker>
+</beans>
+</pre>
+</div></div>
+
+<h2><a shape="rect" name="Shiro-TheShiroSubject"></a>The Shiro Subject</h2>
+
+
+<h3><a shape="rect" name="Shiro-Authentication"></a>Authentication</h3>
+
+<p>The default <a shape="rect" class="external-link" href="http://java.sun.com/products/jaas/" rel="nofollow">JAAS</a> plugin relies on the standard JAAS mechanism for authentication. Refer to the <a shape="rect" class="external-link" href="http://java.sun.com/products/jaas/reference/docs/index.html" rel="nofollow">documentation</a> for more detail.</p>
+
+<p>Typically you configure JAAS using a config file like <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/login.config">this one</a> and set the <b>java.security.auth.login.config</b> system property to point to it. If no system property is specified then by default the ActiveMQ JAAS plugin will look for <b>login.config</b> on the classpath and use that.</p>
+
+<h4><a shape="rect" name="Shiro-AuthenticationExample"></a>Authentication Example</h4>
+
+<p>Here is an example <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/login.config">login.config</a> which then points to these files</p>
+<ul><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/users.properties">users.properties</a></li><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/groups.properties">groups.properties</a></li></ul>
+
+
+<h4><a shape="rect" name="Shiro-SimpleAuthenticationPlugin"></a>Simple Authentication Plugin</h4>
+
+<p>If you have modest authentication requirements (or just want to quickly set up your testing environment) you can use SimpleAuthenticationPlugin. With this plugin you can define users and groups directly in the broker's XML configuration. Take a look at the following snippet for example:</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><simpleAuthenticationPlugin></span>
+ <span class="code-tag"><users></span>
+ <authenticationUser username=<span class="code-quote">"system"</span> password=<span class="code-quote">"manager"</span>
+ groups=<span class="code-quote">"users,admins"</span>/>
+ <authenticationUser username=<span class="code-quote">"user"</span> password=<span class="code-quote">"password"</span>
+ groups=<span class="code-quote">"users"</span>/>
+ <span class="code-tag"><authenticationUser username=<span class="code-quote">"guest"</span> password=<span class="code-quote">"password"</span> groups=<span class="code-quote">"guests"</span>/></span>
+ <span class="code-tag"></users></span>
+<span class="code-tag"></simpleAuthenticationPlugin></span>
+</pre>
+</div></div>
+<p>Users and groups defined in this way can be later used with the appropriate authorization plugin.</p>
+
+<h5><a shape="rect" name="Shiro-Anonymousaccess"></a>Anonymous access</h5>
+
+<p>From version 5.4.0 onwards, you can configure simple authentication plugin to allow anonymous access to the broker.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><simpleAuthenticationPlugin anonymousAccessAllowed=<span class="code-quote">"true"</span>></span>
+ <span class="code-tag"><users></span>
+ <authenticationUser username=<span class="code-quote">"system"</span> password=<span class="code-quote">"manager"</span>
+ groups=<span class="code-quote">"users,admins"</span>/>
+ <authenticationUser username=<span class="code-quote">"user"</span> password=<span class="code-quote">"password"</span>
+ groups=<span class="code-quote">"users"</span>/>
+ <span class="code-tag"><authenticationUser username=<span class="code-quote">"guest"</span> password=<span class="code-quote">"password"</span> groups=<span class="code-quote">"guests"</span>/></span>
+ <span class="code-tag"></users></span>
+<span class="code-tag"></simpleAuthenticationPlugin></span>
+</pre>
+</div></div>
+
+<p>To allow anonymous access to the broker, use <tt>anonymousAccessAllowed</tt> attribute and set it to <tt>true</tt> as shown above. Now, when the client connects without username and password provided, a default username (<tt>anonymous</tt>) and group (<tt>anonymous</tt>) will be assigned to its security context. You can use this username and password to authorize client's access to appropriate broker resources (see the next section). You can also change username and group that will be assigned to <em>anonymous</em> users by using <tt>anonymousUser</tt> and <tt>anonymousGroup</tt> attributes.</p>
+
+<h3><a shape="rect" name="Shiro-Authorization"></a>Authorization</h3>
+
+<p>In ActiveMQ we use a number of operations which you can associate with user roles and either individual queues or topics or you can use wildcards to attach to hierarchies of topics and queues.</p>
+<div class="table-wrap">
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"> Operation </th><th colspan="1" rowspan="1" class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> read </td><td colspan="1" rowspan="1" class="confluenceTd"> You can browse and consume from the destination </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> write </td><td colspan="1" rowspan="1" class="confluenceTd"> You can send messages to the destination </td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> admin </td><td colspan="1" rowspan="1" class="confluenceTd"> You can lazily create the destination if it does not yet exist. This allows you fine grained control over which new destinations can be dynamically created in what part of the queue/topic hierarchy </td></tr></tbody></table>
+</div>
+
+<p>Queues/Topics can specified using the ActiveMQ <a shape="rect" href="wildcards.html" title="Wildcards">Wildcards</a> syntax.</p>
+
+
+<h4><a shape="rect" name="Shiro-AuthorizationExample"></a>Authorization Example</h4>
+
+<p>The following <a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/test/resources/org/apache/activemq/security/jaas-broker.xml">example</a> shows these 2 plugins in operation. Though note its very easy to write your own plugin.</p>
+<div class="error"><span class="error">Error formatting macro: snippet: java.lang.IndexOutOfBoundsException: Index: 20, Size: 20</span> </div>
+
+<p><b>Note</b> that full access rights should generally be given to the ActiveMQ.Advisory destinations because by default an ActiveMQConnection uses destination advisories to get early knowledge of temp destination creation and deletion. In addition, dynamic network connectors use advisories to determine consumer demand.<br clear="none">
+If necessary, the use of advisories in this manner can be disabled via the <em>watchTopicAdvisories</em> boolean attribute of ActiveMQConnectionFactory and for a networkConnector, via the network connector <em>staticBridge</em>(5.6) boolean attribute.</p>
+
+<h3><a shape="rect" name="Shiro-BrokertoBrokerAuthenticationandAuthorization"></a>Broker-to-Broker Authentication and Authorization</h3>
+
+<p>If you have enabled authentication for a particular message broker, then other brokers that wish to connect to that broker must provide the proper authentication credentials via their <networkConnector> element. For example, suppose that we have a network of brokers with the following configuration:</p>
+<ul class="alternate" type="square"><li>The network of brokers comprises two brokers (BrokerA and BrokerB)</li><li>Authentication for BrokerA has been enabled via the example <simpleAuthenticationPlugin> element.</li><li>Authentication for BrokerB has not been enabled.</li><li>BrokerA only listens for connections. In other words, BrokerA has a <transportConnector> element, but no <networkConnector> elements.</li></ul>
+
+
+<p>In order for BrokerB to connect to BrokerA, the corresponding <networkConnector> element in BrokerB's XML configuration file must be set up as follows.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><networkConnectors></span>
+ <networkConnector name=<span class="code-quote">"brokerAbridge"</span>
+ userName=<span class="code-quote">"user"</span>
+ password=<span class="code-quote">"password"</span>
+ uri=<span class="code-quote">"static://(tcp://brokerA:61616)"</span>/>
+ <span class="code-tag"></networkConnectors></span>
+</pre>
+</div></div>
+<p>Note how BrokerB's <networkConnector> element must provide the proper credentials in order to connect to BrokerA. If authorization has been enabled on BrokerA, then the userName assigned to the <networkConnector> element must also have the proper authorization credentials. Messages cannot be forwarded from BrokerB to BrokerA if BrokerA has authorization enabled and BrokerB's corresponding <networkConnector> element's userName has not been given the proper authorization credentials.</p>
+
+<p>Also, if BrokerA is given a <networkConnector> element so that it can initiate a connection to BrokerB, then that <networkConnector> must be given a userName/password combination that is defined in the <simpleAuthenticationPlugin> element; this is required even though BrokerB does not have authentication services enabled.</p>
+
+<h3><a shape="rect" name="Shiro-ControllingAccessToTemporaryDestinations"></a>Controlling Access To Temporary Destinations</h3>
+
+<p>To control access to temporary destinations, you will need to add a <tempDestinationAuthorizationEntry> element to the authorizationMap. Through this element, you control access to all temporary destinations. If this element is not present, read, write, and admin privileges for temporary destinations will be granted to all. In the example below, read, write, and admin privileges for temporary destinations are only granted to those clients that have been assigned to the 'admin' group.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><broker></span>
+ ..
+ <span class="code-tag"><plugins></span>
+ ..
+ <span class="code-tag"><authorizationPlugin></span>
+ <span class="code-tag"><map></span>
+ <span class="code-tag"><authorizationMap></span>
+ <span class="code-tag"><authorizationEntries></span>
+ <span class="code-tag"><authorizationEntry queue=<span class="code-quote">"TEST.Q"</span> read=<span class="code-quote">"users"</span> write=<span class="code-quote">"users"</span> admin=<span class="code-quote">"users"</span> /></span>
+ <span class="code-tag"><authorizationEntry topic=<span class="code-quote">"ActiveMQ.Advisory.></span>"</span> read=<span class="code-quote">"all"</span> write=<span class="code-quote">"all"</span> admin=<span class="code-quote">"all"</span>/>
+ <span class="code-tag"></authorizationEntries></span>
+ <span class="code-tag"><tempDestinationAuthorizationEntry></span>
+ <span class="code-tag"><tempDestinationAuthorizationEntry read=<span class="code-quote">"admin"</span> write=<span class="code-quote">"admin"</span> admin=<span class="code-quote">"admin"</span>/></span>
+ <span class="code-tag"></tempDestinationAuthorizationEntry></span>
+ <span class="code-tag"></authorizationMap></span>
+ <span class="code-tag"></map></span>
+ <span class="code-tag"></authorizationPlugin></span>
+ ..
+ <span class="code-tag"></plugins></span>
+ ..
+<span class="code-tag"></broker></span>
+</pre>
+</div></div>
+
+<h3><a shape="rect" name="Shiro-LDAPAuthenticationUsingtheJAASPlugin"></a>LDAP Authentication Using the JAAS Plugin </h3>
+
+<div class="panelMacro"><table class="infoMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif" width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1">A new/better ldap authorization module is available since 5.6. See <a shape="rect" href="cached-ldap-authorization-module.html" title="Cached LDAP Authorization Module">Cached LDAP Authorization Module</a> for more info.</td></tr></table></div>
+
+<p>1. Configure the JAAS LDAPLoginModule and the LDAPAuthorizationMap in activemq.xml: </p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+ <span class="code-tag"><plugins></span>
+ <span class="code-tag"><span class="code-comment"><!-- use JAAS to authenticate using the login.config file on the classpath to configure JAAS --></span></span>
+ <span class="code-tag"><jaasAuthenticationPlugin configuration=<span class="code-quote">"LdapConfiguration"</span> /></span>
+ <span class="code-tag"><span class="code-comment"><!-- lets configure a destination based role/group authorization mechanism --></span></span>
+ <span class="code-tag"><authorizationPlugin></span>
+ <span class="code-tag"><map></span>
+ <bean xmlns=<span class="code-quote">"http://www.springframework.org/schema/beans"</span> id=<span class="code-quote">"lDAPAuthorizationMap"</span>
+ class=<span class="code-quote">"org.apache.activemq.security.LDAPAuthorizationMap"</span>>
+ <span class="code-tag"><property name=<span class="code-quote">"initialContextFactory"</span> value=<span class="code-quote">"com.sun.jndi.ldap.LdapCtxFactory"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"connectionURL"</span> value=<span class="code-quote">"ldap://ldap.acme.com:389"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"authentication"</span> value=<span class="code-quote">"simple"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"connectionUsername"</span> value=<span class="code-quote">"cn=mqbroker,ou=Services,dc=acme,dc=com"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"connectionPassword"</span> value=<span class="code-quote">"password"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"connectionProtocol"</span> value=<span class="code-quote">"s"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"topicSearchMatching"</span> value=<span class="code-quote">"cn={0},ou=Topic,ou=Destination,ou=ActiveMQ,ou=systems,dc=acme,dc=com"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"topicSearchSubtreeBool"</span> value=<span class="code-quote">"true"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"queueSearchMatching"</span> value=<span class="code-quote">"cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=systems,dc=acme,dc=com"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"queueSearchSubtreeBool"</span> value=<span class="code-quote">"true"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"adminBase"</span> value=<span class="code-quote">"(cn=admin)"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"adminAttribute"</span> value=<span class="code-quote">"member"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"adminAttributePrefix"</span> value=<span class="code-quote">"cn="</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"readBase"</span> value=<span class="code-quote">"(cn=read)"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"readAttribute"</span> value=<span class="code-quote">"member"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"readAttributePrefix"</span> value=<span class="code-quote">"cn="</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"writeBase"</span> value=<span class="code-quote">"(cn=write)"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"writeAttribute"</span> value=<span class="code-quote">"member"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"writeAttributePrefix"</span> value=<span class="code-quote">"cn="</span>/></span>
+ <span class="code-tag"></bean></span>
+ <span class="code-tag"></map></span>
+ <span class="code-tag"></authorizationPlugin></span>
+ <span class="code-tag"></plugins></span>
+</pre>
+</div></div>
+
+<p>2. Configure the JAAS login.config (I haven't de-duplicated the config yet): </p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+LdapConfiguration {
+ org.apache.activemq.jaas.LDAPLoginModule required
+ debug=<span class="code-keyword">true</span>
+ initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+ connectionURL=<span class="code-quote">"ldap:<span class="code-comment">//ldap.acme.com:389"</span>
+</span> connectionUsername=<span class="code-quote">"cn=mqbroker,ou=Services,dc=acme,dc=com"</span>
+ connectionPassword=password
+ connectionProtocol=s
+ authentication=simple
+ userBase=<span class="code-quote">"ou=User,ou=ActiveMQ,ou=systems,dc=acme,dc=com"</span>
+ userRoleName=dummyUserRoleName
+ userSearchMatching=<span class="code-quote">"(uid={0})"</span>
+ userSearchSubtree=<span class="code-keyword">false</span>
+ roleBase=<span class="code-quote">"ou=Group,ou=ActiveMQ,ou=systems,dc=acme,dc=com"</span>
+ roleName=cn
+ roleSearchMatching=<span class="code-quote">"(member:=uid={1})"</span>
+ roleSearchSubtree=<span class="code-keyword">true</span>
+ ;
+};
+</pre>
+</div></div>
+
+<p>3. Import the following LDIF file into the LDAP server: </p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+version: 1
+
+#
+# Sample LDIF <span class="code-keyword">for</span> ActiveMQ LDAP authentication and authorisation
+# Passwords are defaulted to <span class="code-quote">"password"</span> - it is your responsibility to change them!
+#
+# Sets up:
+# 1. Bind user
+# 2. A sample queue with admin,read,write permission assignments
+# 3. ActiveMQ advisory topics
+# 4. Two groups - admin and webapp
+# 5. Two users - admin and webapp
+# 6. Role assignments - admin->admin, webapp->webapp
+#
+# (c) Robin Bramley 2008
+# Provided as is without any warranty of any kind
+#
+
+dn: dc=acme,dc=com
+dc: acme
+objectClass: domain
+objectClass: top
+
+dn: ou=Services,dc=acme,dc=com
+ou: Services
+objectClass: organizationalUnit
+objectClass: top
+
+dn: cn=mqbroker,ou=Services,dc=acme,dc=com
+cn: mqbroker
+objectClass: organizationalRole
+objectClass: top
+objectClass: simpleSecurityObject
+userPassword: {SSHA}j0NpveEO0YD5rgI5kY8OxSRiN5KQ/kE4
+description: Bind user <span class="code-keyword">for</span> MQ broker
+
+dn: ou=systems,dc=acme,dc=com
+ou: systems
+objectClass: organizationalUnit
+objectClass: top
+
+dn: ou=ActiveMQ,ou=systems,dc=acme,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: ActiveMQ
+
+dn: ou=Destination,ou=ActiveMQ,ou=systems,dc=acme,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: Destination
+
+dn: ou=Queue,ou=Destination,ou=ActiveMQ,ou=systems,dc=acme,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: Queue
+
+dn: cn=com.acme.myfirstrealqueue,ou=Queue,ou=Destination,ou=ActiveMQ,ou=syst
+ ems,dc=acme,dc=com
+cn: com.acme.myfirstrealqueue
+description: A queue
+objectClass: applicationProcess
+objectClass: top
+
+dn: cn=admin,cn=com.acme.myfirstrealqueue,ou=Queue,ou=Destination,ou=ActiveM
+ Q,ou=systems,dc=acme,dc=com
+cn: admin
+description: Admin privilege group, members are roles
+member: cn=admin
+member: cn=webapp
+objectClass: groupOfNames
+objectClass: top
+
+dn: cn=read,cn=com.acme.myfirstrealqueue,ou=Queue,ou=Destination,ou=ActiveMQ
+ ,ou=systems,dc=acme,dc=com
+cn: read
+member: cn=webapp
+objectClass: groupOfNames
+objectClass: top
+
+dn: cn=write,cn=com.acme.myfirstrealqueue,ou=Queue,ou=Destination,ou=ActiveM
+ Q,ou=systems,dc=acme,dc=com
+cn: write
+objectClass: groupOfNames
+objectClass: top
+member: cn=webapp
+
+dn: ou=Topic,ou=Destination,ou=ActiveMQ,ou=systems,dc=acme,dc=co
+ m
+objectClass: organizationalUnit
+objectClass: top
+ou: Topic
+
+dn: cn=ActiveMQ.Advisory.Consumer,ou=Topic,ou=Destination,ou=ActiveMQ,ou=sys
+ tems,dc=acme,dc=com
+cn: ActiveMQ.Advisory.Consumer
+objectClass: applicationProcess
+objectClass: top
+description: Advisory topic about consumers
+
+dn: cn=read,cn=ActiveMQ.Advisory.Consumer,ou=Topic,ou=Destination,ou=ActiveM
+ Q,ou=systems,dc=acme,dc=com
+cn: read
+member: cn=webapp
+objectClass: groupOfNames
+objectClass: top
+
+dn: cn=ActiveMQ.Advisory.TempQueue,ou=Topic,ou=Destination,ou=ActiveMQ,ou=sy
+ stems,dc=acme,dc=com
+cn: ActiveMQ.Advisory.TempQueue
+description: Advisory topic about temporary queues
+objectClass: applicationProcess
+objectClass: top
+
+dn: cn=read,cn=ActiveMQ.Advisory.TempQueue,ou=Topic,ou=Destination,ou=Active
+ MQ,ou=systems,dc=acme,dc=com
+cn: read
+member: cn=webapp
+objectClass: groupOfNames
+objectClass: top
+
+dn: cn=ActiveMQ.Advisory.TempTopic,ou=Topic,ou=Destination,ou=ActiveMQ,ou=sy
+ stems,dc=acme,dc=com
+cn: ActiveMQ.Advisory.TempTopic
+objectClass: applicationProcess
+objectClass: top
+description: Advisory topic about temporary topics
+
+dn: cn=read,cn=ActiveMQ.Advisory.TempTopic,ou=Topic,ou=Destination,ou=Active
+ MQ,ou=systems,dc=acme,dc=com
+cn: read
+member: cn=webapp
+objectClass: groupOfNames
+objectClass: top
+
+dn: ou=Group,ou=ActiveMQ,ou=systems,dc=acme,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: Group
+
+dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=acme,dc=com
+cn: admin
+member: uid=admin
+objectClass: groupOfNames
+objectClass: top
+
+dn: cn=webapp,ou=Group,ou=ActiveMQ,ou=systems,dc=acme,dc=com
+cn: webapp
+member: uid=webapp
+objectClass: groupOfNames
+objectClass: top
+
+dn: ou=User,ou=ActiveMQ,ou=systems,dc=acme,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: User
+
+dn: uid=admin,ou=User,ou=ActiveMQ,ou=systems,dc=acme,dc=com
+uid: admin
+userPassword: {SSHA}j0NpveEO0YD5rgI5kY8OxSRiN5KQ/kE4
+objectClass: account
+objectClass: simpleSecurityObject
+objectClass: top
+
+dn: uid=webapp,ou=User,ou=ActiveMQ,ou=systems,dc=acme,dc=com
+uid: webapp
+userPassword: {SSHA}j0NpveEO0YD5rgI5kY8OxSRiN5KQ/kE4
+objectClass: account
+objectClass: simpleSecurityObject
+objectClass: top
+</pre>
+</div></div>
+
+<p>4. Start up ActiveMQ </p>
+
+<p>5. Test it out</p>
+
+
+<h3><a shape="rect" name="Shiro-SecurityandActiveMQComponents"></a>Security and ActiveMQ Components</h3>
+
+<p>Along with the message broker, you can optionally execute several additional "components", such as Camel and/or the Web console. These components establish connections with the broker; therefore, if you have secured your broker (i.e., enabled authentication), you will have to configure these components in order to have them provide the required security credentials (username, password) when they connect to the broker. </p>
+
+<h4><a shape="rect" name="Shiro-Camel"></a>Camel</h4>
+
+<p>You may have the following Camel context defined in your broker's XML configuration file.</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<!--
+ ** Lets deploy some Enterprise Integration Patterns inside the ActiveMQ Message Broker
+ ** For more details see
+ **
+ ** http://activemq.apache.org/enterprise-integration-patterns.html -->
+
+ <span class="code-tag"><camelContext id=<span class="code-quote">"camel"</span> xmlns=<span class="code-quote">"http://activemq.apache.org/camel/schema/spring"</span>></span>
+ <span class="code-tag"><package></span>org.foo.bar<span class="code-tag"></package></span>
+ <span class="code-tag"><route></span>
+ <span class="code-tag"><from uri=<span class="code-quote">"activemq:example.A"</span>/></span>
+ <span class="code-tag"><to uri=<span class="code-quote">"activemq:example.B"</span>/></span>
+ <span class="code-tag"></route></span>
+ <span class="code-tag"></camelContext></span>
+</pre>
+</div></div>
+<p>The above configuration is not set up to work within a secure environment.</p>
+
+<p>If the application is running in an OSGi container, add the following line before the CamelContext definition:</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><osgi:reference id=<span class="code-quote">"activemq"</span> interface=<span class="code-quote">"org.apache.camel.Component"</span> /></span>
+</pre>
+</div></div>
+<p>This allows any pre-configured instance of the ActiveMQComponent deployed in the container to take precedence on the default ActiveMQComponent.</p>
+
+<p>That is, with the above configuration, Camel will establish a connection with ActiveMQ, but will not provide a username and password. Therefore, when ActiveMQ security is enabled, the above configuration results in a security exception. The exception will be thrown multiple times, because Camel will continue to retry the connection. If you're not using Camel, comment out the above XML code. If you are using Camel, add the following bean definition to your broker's XML configuration:</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><span class="code-comment"><!-- configure the camel activemq component to use the current broker --></span></span>
+ <span class="code-tag"><bean id=<span class="code-quote">"activemq"</span> class=<span class="code-quote">"org.apache.activemq.camel.component.ActiveMQComponent"</span> ></span>
+ <span class="code-tag"><property name=<span class="code-quote">"connectionFactory"</span>></span>
+ <span class="code-tag"><bean class=<span class="code-quote">"org.apache.activemq.ActiveMQConnectionFactory"</span>></span>
+ <span class="code-tag"><property name=<span class="code-quote">"brokerURL"</span> value=<span class="code-quote">"vm://localhost?create=false&amp;waitForStart=10000"</span> /></span>
+ <span class="code-tag"><property name=<span class="code-quote">"userName"</span> value=<span class="code-quote">"system"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"password"</span> value=<span class="code-quote">"manager"</span>/></span>
+ <span class="code-tag"></bean></span>
+ <span class="code-tag"></property></span>
+ <span class="code-tag"></bean></span>
+</pre>
+</div></div>
+
+<p>With the above bean definition, Camel will pass the specified security credentials when it connects to the broker. </p>
+
+<p>If the broker is running in an OSGi container, add the following line after the ActiveMQComponent bean definition:</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><service ref=<span class="code-quote">"activemq"</span> interface=<span class="code-quote">"org.apache.camel.Component"</span>/></span>
+</pre>
+</div></div>
+
+<h4><a shape="rect" name="Shiro-WebConsole"></a>Web Console</h4>
+
+<p>If you want to use the Web Console with a secured broker, you have to change <tt>connectionFactory</tt> bean in your <tt>webapps/admin/WEB-INF/webconsole-embeded.xml</tt> to something like this:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><bean id=<span class="code-quote">"connectionFactory"</span> class=<span class="code-quote">"org.apache.activemq.ActiveMQConnectionFactory"</span>></span>
+ <span class="code-tag"><property name=<span class="code-quote">"brokerURL"</span> value=<span class="code-quote">"vm://localhost"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"userName"</span> value=<span class="code-quote">"system"</span>/></span>
+ <span class="code-tag"><property name=<span class="code-quote">"password"</span> value=<span class="code-quote">"manager"</span>/></span>
+ <span class="code-tag"></bean></span>
+</pre>
+</div></div>
+
+<h4><a shape="rect" name="Shiro-CommandAgent"></a>Command Agent</h4>
+
+<p>Starting with version 5.3, the Command Agent can be configured to communicate with a secured broker. Simply, assign the <tt>username</tt> and <tt>password</tt> attributes to your command agent definition tag:</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><commandAgent xmlns=<span class="code-quote">"http://activemq.apache.org/schema/core"</span> brokerUrl=<span class="code-quote">"vm://localhost"</span> username=<span class="code-quote">"system"</span> password=<span class="code-quote">"manager"</span>/></span>
+</pre>
+</div></div>
+<p>and you are ready to go.</p>
+
+<h4><a shape="rect" name="Shiro-DefaultCredentials"></a>Default Credentials</h4>
+
+<p>Starting with version 5.3, all of the above configuration details are included in the default ActiveMQ configuration. Also, there is a central place where you can set credentials that these components will use to connect to the broker. Just set your desired username and password in the <tt>conf/credentials.properties</tt> file, which by default looks like this:</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+activemq.username=system
+activemq.password=manager
+</pre>
+</div></div>
+
+<h4><a shape="rect" name="Shiro-EncryptedPasswords"></a>Encrypted Passwords</h4>
+
+<p>As of version 5.4.1 you can also use <a shape="rect" href="encrypted-passwords.html" title="Encrypted passwords">Encrypted passwords</a> with your broker</p>
+
+<h3><a shape="rect" name="Shiro-MessagelevelAuthorization"></a>Message level Authorization</h3>
+
+<p>We have a configurable MessageAuthorizationPolicy to allow you to authorize each message using some content based authorization policy of your choosing. To enable this policy configure on the broker directly using the * messageAuthorizationPolicy* property or add it to the XML as follows</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-xml">
+<span class="code-tag"><broker></span>
+ ..
+ <span class="code-tag"><messageAuthorizationPolicy></span>
+ <span class="code-tag"><bean class=<span class="code-quote">"com.acme.MyMessageAuthorizationPolicy"</span> xmlns=""/></span>
+ <span class="code-tag"></messageAuthorizationPolicy></span>
+ ..
+<span class="code-tag"></broker></span>
+</pre>
+</div></div>
+
+<h2><a shape="rect" name="Shiro-ImplementingyourowncustomSecurityPlugin"></a>Implementing your own custom Security Plugin</h2>
+
+<p>All of the various security implementations are implemented as <a shape="rect" href="interceptors.html" title="Interceptors">Interceptors</a> so its very easy to add your own custom implementation. Its probably easier to start with one of the <a shape="rect" class="external-link" href="http://activemq.apache.org/maven/activemq-core/apidocs/org/apache/activemq/security/package-summary.html">simple implementations</a> though if you are using JAAS you could derive from the <a shape="rect" class="external-link" href="http://activemq.apache.org/maven/activemq-jaas/apidocs/">JAAS implementation</a>.</p>
+
+<h3><a shape="rect" name="Shiro-ThirdPartyTools"></a>Third Party Tools </h3>
+
+<ul><li><a shape="rect" class="external-link" href="http://www.ttmsolutions.com/Apache_Software/ActiveMQ_LDAP_JDBC_Security_Plugins.php" rel="nofollow">ActiveMQ LDAP and JDBC Security Plugins from TTM Solutions</a></li></ul>
+
+ </div>
+ </td>
+ <td valign="top">
+ <div class="navigation">
+ <div class="navigation_top">
+ <div class="navigation_bottom">
+<h3><a shape="rect" name="Navigation-Overview"></a><a shape="rect" href="overview.html" title="Overview">Overview</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="index.html" title="Index">Index</a></li><li><a shape="rect" href="news.html" title="News">News</a></li><li><a shape="rect" href="new-features.html" title="New Features">New Features</a></li><li><a shape="rect" href="getting-started.html" title="Getting Started">Getting Started</a></li><li><a shape="rect" href="faq.html" title="FAQ">FAQ</a></li><li><a shape="rect" href="articles.html" title="Articles">Articles</a></li><li><a shape="rect" href="books.html" title="Books">Books</a></li><li><a shape="rect" href="download.html" title="Download">Download</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/licenses/">License</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Search"></a>Search</h3>
+
+
+<div>
+<form enctype="application/x-www-form-urlencoded" method="get" action="http://www.google.com/search" style="font-size: 10px;">
+<input type="hidden" name="ie" value="UTF-8">
+<input type="hidden" name="oe" value="UTF-8">
+ <input maxlength="255" type="text" name="q" size="15" value="value"><br clear="none">
+ <input type="submit" name="btnG" value="Search">
+ <input type="hidden" name="domains" value="activemq.apache.org">
+ <input type="hidden" name="sitesearch" value="activemq.apache.org">
+</form>
+</div>
+
+
+<h3><a shape="rect" name="Navigation-SubProjects"></a>Sub Projects</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" class="external-link" href="http://activemq.apache.org/apollo" title="ActiveMQ Apollo">Apollo</a></li><li><a shape="rect" class="external-link" href="http://activemq.apache.org/cms/" title="The C++ API for Messaging">CMS</a></li><li><a shape="rect" class="external-link" href="http://activemq.apache.org/nms/" title="NMS is the .Net Messaging API">NMS</a></li><li><a shape="rect" class="external-link" href="http://camel.apache.org/" title="POJO based Enterprise Integration Patterns with a typesafe Java DSL">Camel</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Community"></a><a shape="rect" href="community.html" title="Community">Community</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="support.html" title="Support">Support</a></li><li><a shape="rect" href="contributing.html" title="Contributing">Contributing</a></li><li><a shape="rect" href="discussion-forums.html" title="Discussion Forums">Discussion Forums</a></li><li><a shape="rect" href="mailing-lists.html" title="Mailing Lists">Mailing Lists</a></li><li><a shape="rect" class="external-link" href="irc://irc.codehaus.org/activemq" rel="nofollow">IRC</a></li><li><a shape="rect" class="external-link" href="http://servlet.uwyn.com/drone/log/hausbot/activemq" rel="nofollow">IRC Log</a></li><li><a shape="rect" href="site.html" title="Site">Site</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li><li><a shape="rect" href="projects-using-activemq.html" title="Projects Using ActiveMQ">Projects Using ActiveMQ</a></li><li><a shape="rect" href="users.html" title="Users">Users</a>
</li><li><a shape="rect" href="team.html" title="Team">Team</a></li><li><a shape="rect" class="external-link" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Features"></a><a shape="rect" href="features.html" title="Features">Features</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="advisory-message.html" title="Advisory Message">Advisory Message</a></li><li><a shape="rect" href="clustering.html" title="Clustering">Clustering</a></li><li><a shape="rect" href="cross-language-clients.html" title="Cross Language Clients">Cross Language Clients</a></li><li><a shape="rect" href="enterprise-integration-patterns.html" title="Enterprise Integration Patterns">Enterprise Integration Patterns</a></li><li><a shape="rect" href="jmx.html" title="JMX">JMX</a></li><li><a shape="rect" href="jms-to-jms-bridge.html" title="JMS to JMS Bridge">JMS to JMS Bridge</a></li><li><a shape="rect" href="masterslave.html" title="MasterSlave">MasterSlave</a></li><li><a shape="rect" href="message-groups.html" title="Message Groups">Message Groups</a></li><li><a shape="rect" href="networks-of-brokers.html" title="Networks of Brokers">Networks of Brokers</a></li><li><a shape="rect" href="performance.html" title="Performance">P
erformance</a></li><li><a shape="rect" href="persistence.html" title="Persistence">Persistence</a></li><li><a shape="rect" href="security.html" title="Security">Security</a></li><li><a shape="rect" href="virtual-destinations.html" title="Virtual Destinations">Virtual Destinations</a></li><li><a shape="rect" href="visualisation.html" title="Visualisation">Visualisation</a></li><li><a shape="rect" href="features.html" title="Features">More ...</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Connectivity"></a><a shape="rect" href="connectivity.html" title="Connectivity">Connectivity</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="ajax.html" title="Ajax">Ajax</a></li><li><a shape="rect" href="amqp.html" title="AMQP">AMQP</a></li><li><a shape="rect" href="axis-and-cxf-support.html" title="Axis and CXF Support">Axis and CXF Support</a></li><li><a shape="rect" href="c-integration.html" title="C Integration">C Integration</a></li><li><a shape="rect" href="activemq-c-clients.html" title="ActiveMQ C++ Clients">C++</a></li><li><a shape="rect" class="external-link" href="http://activemq.apache.org/nms/">C# and .Net Integration</a></li><li><a shape="rect" class="external-link" href="http://activemq.apache.org/cms/">CMS</a></li><li><a shape="rect" href="j2ee.html" title="J2EE">J2EE</a></li><li><a shape="rect" href="jboss-integration.html" title="JBoss Integration">JBoss Integration</a></li><li><a shape="rect" class="external-link" href="http://docs.codehaus.org/display/JETTY/Integrating+with+ActiveMQ" rel="nofollow">Jetty</a></li><li><a shape="rect"
href="jndi-support.html" title="JNDI Support">JNDI Support</a></li><li><a shape="rect" class="external-link" href="http://activemq.apache.org/nms/" title="NMS is the .Net Messaging API">NMS</a></li><li><a shape="rect" href="rest.html" title="REST">REST</a></li><li><a shape="rect" href="rss-and-atom.html" title="RSS and Atom">RSS and Atom</a></li><li><a shape="rect" href="spring-support.html" title="Spring Support">Spring Support</a></li><li><a shape="rect" href="stomp.html" title="Stomp">Stomp</a></li><li><a shape="rect" href="tomcat.html" title="Tomcat">Tomcat</a></li><li><a shape="rect" href="unix-service.html" title="Unix Service">Unix Service</a></li><li><a shape="rect" href="weblogic-integration.html" title="WebLogic Integration">WebLogic Integration</a></li><li><a shape="rect" href="xmpp.html" title="XMPP">XMPP</a></li><li><a shape="rect" href="connectivity.html" title="Connectivity">More ...</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-UsingActiveMQ5UsingActiveMQ5"></a><a shape="rect" href="using-activemq-5.html" title="Using ActiveMQ 5">Using ActiveMQ 5</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="version-5-getting-started.html" title="Version 5 Getting Started">Getting Started</a></li><li><a shape="rect" href="version-5-initial-configuration.html" title="Version 5 Initial Configuration">Initial Configuration</a></li><li><a shape="rect" href="version-5-run-broker.html" title="Version 5 Run Broker">Running a Broker</a></li><li><a shape="rect" href="how-do-i-embed-a-broker-inside-a-connection.html" title="How do I embed a Broker inside a Connection">Embedded Brokers</a></li><li><a shape="rect" href="activemq-command-line-tools-reference.html" title="ActiveMQ Command Line Tools Reference">Command Line Tools</a></li><li><a shape="rect" href="configuring-version-5-transports.html" title="Configuring Version 5 Transports">Configuring Transports</a></li><li><a shape="rect" href="version-5-examples.html" title="Version 5 Examples">Examples</a></li><li><a shape="rect" href="version-5-web-samples.html" title="Version
5 Web Samples">Web Samples</a></li><li><a shape="rect" href="how-can-i-monitor-activemq.html" title="How can I monitor ActiveMQ">Monitoring the Broker</a></li><li><a shape="rect" href="version-5-xml-configuration.html" title="Version 5 XML Configuration">Xml Configuration</a></li><li><a shape="rect" href="xml-reference.html" title="Xml Reference">Xml Reference</a></li><li><a shape="rect" href="using-activemq-5.html" title="Using ActiveMQ 5">More ...</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-UsingActiveMQ4UsingActiveMQ"></a><a shape="rect" href="using-activemq.html" title="Using ActiveMQ">Using ActiveMQ 4</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="getting-started.html" title="Getting Started">Getting Started</a></li><li><a shape="rect" href="initial-configuration.html" title="Initial Configuration">Initial Configuration</a></li><li><a shape="rect" href="run-broker.html" title="Run Broker">Running a Broker</a></li><li><a shape="rect" href="how-do-i-embed-a-broker-inside-a-connection.html" title="How do I embed a Broker inside a Connection">Embedded Brokers</a></li><li><a shape="rect" href="activemq-command-line-tools-reference.html" title="ActiveMQ Command Line Tools Reference">Command Line Tools</a></li><li><a shape="rect" href="configuring-transports.html" title="Configuring Transports">Configuring Transports</a></li><li><a shape="rect" href="examples.html" title="Examples">Examples</a></li><li><a shape="rect" href="web-samples.html" title="Web Samples">Web Samples</a></li><li><a shape="rect" href="how-can-i-monitor-activemq.html" title="How can I monitor
ActiveMQ">Monitoring the Broker</a></li><li><a shape="rect" href="xml-configuration.html" title="Xml Configuration">Xml Configuration</a></li><li><a shape="rect" href="xml-reference.html" title="Xml Reference">Xml Reference</a></li><li><a shape="rect" href="using-activemq.html" title="Using ActiveMQ">More ...</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Tools"></a><a shape="rect" href="tools.html" title="Tools">Tools</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="web-console.html" title="Web Console">Web Console</a></li><li><a shape="rect" href="activemq-performance-module-users-manual.html" title="ActiveMQ Performance Module Users Manual">Maven2 Performance Plugin</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-ExternalToolsTools"></a><a shape="rect" href="tools.html" title="Tools">External Tools</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" class="external-link" href="http://hawt.io" title="HTML5 console for monitoring Apache ActiveMQ and Apache Camel" rel="nofollow">hawtio</a></li><li><a shape="rect" href="hermes-jms.html" title="Hermes Jms">Hermes Jms</a></li><li><a shape="rect" class="external-link" href="http://jakarta.apache.org/jmeter">JMeter</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Support"></a><a shape="rect" href="support.html" title="Support">Support</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" class="external-link" href="http://issues.apache.org/jira/browse/AMQ">Issues</a></li><li><a shape="rect" class="external-link" href="http://issues.apache.org/activemq/browse/AMQ?report=com.atlassian.jira.plugin.system.project:roadmap-panel">Roadmap</a></li><li><a shape="rect" class="external-link" href="http://issues.apache.org/activemq/browse/AMQ?report=com.atlassian.jira.plugin.system.project:changelog-panel">Change log</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-RelatedProjects"></a>Related Projects</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" class="external-link" href="http://incubator.apache.org/servicemix/" title="Distributed Enterprise Service Bus based on JBI">Apache ServiceMix</a></li><li><a shape="rect" class="external-link" href="http://lingo.codehaus.org/" title="POJO Remoting using JMS" rel="nofollow">Lingo</a></li><li><a shape="rect" class="external-link" href="http://jencks.codehaus.org/" title="Message Driven POJOs and pooling for JMS and JDBC" rel="nofollow">Jencks</a></li><li><a shape="rect" class="external-link" href="http://stomp.codehaus.org/" title="A simple protocol for messaging middleware interop and the easy development of custom clients" rel="nofollow">Stomp</a></li><li><a shape="rect" class="external-link" href="http://www.springframework.org/" rel="nofollow">Spring</a></li><li><a shape="rect" class="external-link" href="http://openejb.apache.org">OpenEJB</a></li><li><a shape="rect" class="external-link" href="http://geronimo.apache.
org/">Geronimo</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Developers"></a><a shape="rect" href="developers.html" title="Developers">Developers</a></h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="source.html" title="Source">Source</a></li><li><a shape="rect" href="building.html" title="Building">Building</a></li><li><a shape="rect" href="developer-guide.html" title="Developer Guide">Developer Guide</a></li><li><a shape="rect" href="becoming-a-committer.html" title="Becoming a committer">Becoming a committer</a></li><li><a shape="rect" href="code-overview.html" title="Code Overview">Code Overview</a></li><li><a shape="rect" href="wire-protocol.html" title="Wire Protocol">Wire Protocol</a></li><li><a shape="rect" href="release-guide.html" title="Release Guide">Release Guide</a></li></ul>
+
+
+<h3><a shape="rect" name="Navigation-Tests"></a>Tests</h3>
+
+<ul class="alternate" type="square"><li><a shape="rect" href="activemq-performance-module-users-manual.html" title="ActiveMQ Performance Module Users Manual">Maven2 Performance Plugin</a></li><li><a shape="rect" href="benchmark-tests.html" title="Benchmark Tests">Benchmark Tests</a></li><li><a shape="rect" href="jmeter-system-tests.html" title="JMeter System Tests">JMeter System Tests</a></li><li><a shape="rect" href="jmeter-performance-tests.html" title="JMeter Performance Tests">JMeter Performance Tests</a></li><li><a shape="rect" href="integration-tests.html" title="Integration Tests">Integration Tests</a></li></ul>
+
+
+
+<h3><a shape="rect" name="Navigation-ProjectReports"></a>Project Reports</h3>
+<ul class="alternate" type="square"><li><a shape="rect" href="junit-reports.html" title="JUnit Reports">JUnit Reports</a></li><li><a shape="rect" href="source-xref.html" title="Source XRef">Source XRef</a></li><li><a shape="rect" href="test-source-xref.html" title="Test Source XRef">Test Source XRef</a></li><li><a shape="rect" href="xml-reference.html" title="Xml Reference">Xml Reference</a></li></ul>
+
+ </div>
+ </div>
+ </div>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ <div class="bottom_red_bar"></div>
+ </div>
+ </div>
+ </div>
+</div>
+<div class="black_box">
+<div class="footer">
+ <div class="footer_l">
+ <div class="footer_r">
+ <div>
+ <a href="http://activemq.apache.org/privacy-policy.html">Privacy Policy</a> -
+ (<a href="https://cwiki.apache.org/confluence/pages/editpage.action?pageId=31824899">edit this page</a>)
+ </div>
+ </div>
+ </div>
+</div>
+</div>
+</div>
+<div class="design_attribution">
+© 2004-2011 The Apache Software Foundation.
+<br/>
+Apache ActiveMQ, ActiveMQ, Apache, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+<br/>
+<a href="http://hiramchirino.com">Graphic Design By Hiram</a>
+</div>
+
+<!-- delay the loading of large javascript files to the end so that they don't interfere with the loading of page content -->
+<span style="display: none">
+ <script type="text/javascript">
+ var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
+ document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
+ </script>
+ <script type="text/javascript">
+ var pageTracker = _gat._getTracker("UA-1347593-1");
+ pageTracker._initData();
+ pageTracker._trackPageview();
+ </script>
+</span>
+</body>
+</html>