Merge pull request #231230 from EldertGrootenboer/service-bus-aad-auth-jms

Added documentation for AAD authentication for Service Bus JMS API

Author: ttorble

articles/service-bus-messaging/jms-developer-guide.md

@@ -9,7 +9,7 @@ ms.date: 02/12/2022
 
 This guide contains detailed information to help you succeed in communicating with Azure Service Bus using the Java Message Service (JMS) 2.0 API.
 
-As a Java developer, if you are new to Azure Service Bus, please consider reading the below articles.
+As a Java developer, if you're new to Azure Service Bus, please consider reading the below articles.
 
 | Getting started | Concepts |
 |----------------|-------|
@@ -51,24 +51,75 @@ The connection factory object is used by the client to connect with the JMS prov
 
 Each connection factory is an instance of `ConnectionFactory`, `QueueConnectionFactory` or `TopicConnectionFactory` interface.
 
-To simplify connecting with Azure Service Bus, these interfaces are implemented through `ServiceBusJmsConnectionFactory`, `ServiceBusJmsQueueConnectionFactory` and `ServiceBusJmsTopicConnectionFactory` respectively. The Connection factory can be instantiated with the below parameters - 
+To simplify connecting with Azure Service Bus, these interfaces are implemented through `ServiceBusJmsConnectionFactory`, `ServiceBusJmsQueueConnectionFactory` and `ServiceBusJmsTopicConnectionFactory` respectively.
+
+> [!IMPORTANT]
+> Java applications leveraging JMS 2.0 API can connect to Azure Service Bus using the connection string, or using a `TokenCredential` for leveraging Azure Active Directory (AAD) backed authentication.
+
+# [System Assigned Managed Identity](#tab/system-assigned-managed-identity-backed-authentication)
+
+Create a [system assigned managed identity](../active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm.md) on Azure, and use this identity to create a `TokenCredential`.
+
+```java
+TokenCredential tokenCredential = new DefaultAzureCredentialBuilder().build();
+```
+
+The Connection factory can then be instantiated with the below parameters.- 
+   * Token credential - Represents a credential capable of providing an OAuth token.
+   * Connection string - the connection string for the Azure Service Bus Premium tier namespace.
+   * ServiceBusJmsConnectionFactorySettings property bag, which contains
+      * connectionIdleTimeoutMS - idle connection timeout in milliseconds.
+      * traceFrames - boolean flag to collect AMQP trace frames for debugging.
+      * *other configuration parameters*
+
+The factory can be created as shown here. The connection string is a required parameter, but the other properties are optional.
+
+```java
+String host = "<YourNamespaceName>.servicebus.windows.net";
+ConnectionFactory factory = new ServiceBusJmsConnectionFactory(tokenCredential, host, null); 
+```
+
+# [User Assigned Managed Identity](#tab/user-assigned-managed-identity-backed-authentication)
+
+Create a [user assigned managed identity](../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity) on Azure, and use this identity to create a `TokenCredential`.
+
+```java
+TokenCredential tokenCredential = new DefaultAzureCredentialBuilder()
+                                                .managedIdentityClientId("<clientIDOfUserAssignedIdentity>")
+                                                .build();
+```
+
+The Connection factory can then be instantiated with the below parameters.- 
+   * Token credential - Represents a credential capable of providing an OAuth token.
+   * Connection string - the connection string for the Azure Service Bus Premium tier namespace.
+   * ServiceBusJmsConnectionFactorySettings property bag, which contains
+      * connectionIdleTimeoutMS - idle connection timeout in milliseconds.
+      * traceFrames - boolean flag to collect AMQP trace frames for debugging.
+      * *other configuration parameters*
+
+The factory can be created as shown here. The connection string is a required parameter, but the other properties are optional.
+
+```java
+String host = "<YourNamespaceName>.servicebus.windows.net";
+ConnectionFactory factory = new ServiceBusJmsConnectionFactory(tokenCredential, host, null); 
+```
+
+# [Connection string authentication](#tab/connection-string-authentication)
+
+The Connection factory can be instantiated with the below parameters - 
    * Connection string - the connection string for the Azure Service Bus Premium tier namespace.
-   * ServiceBusJmsConnectionFactorySettings property bag which contains
+   * ServiceBusJmsConnectionFactorySettings property bag, which contains
       * connectionIdleTimeoutMS - idle connection timeout in milliseconds.
       * traceFrames - boolean flag to collect AMQP trace frames for debugging.
       * *other configuration parameters*
 
-The factory can be created as below. The connection string is a required parameter, but the additional properties are optional.
+The factory can be created as shown here. The connection string is a required parameter, but the other properties are optional.
 
 ```java
 ConnectionFactory factory = new ServiceBusJmsConnectionFactory(SERVICE_BUS_CONNECTION_STRING, null);
 ```
 
-> [!IMPORTANT]
-> Java applications leveraging JMS 2.0 API must connect to Azure Service Bus using the connection string only. Currently, authentication for JMS clients is only supported using the Connection string.
->
-> Azure active directory (AAD) backed authentication is not currently supported.
->
+---
 
 ### JMS destination
 
@@ -78,7 +129,7 @@ Destinations map to entities in Azure Service Bus - queues (in point to point sc
 
 ### Connections
 
-A connection encapsulates a virtual connection with a JMS provider. With Azure Service Bus,this represents a stateful connection between the application and Azure Service Bus over AMQP.
+A connection encapsulates a virtual connection with a JMS provider. With Azure Service Bus, this represents a stateful connection between the application and Azure Service Bus over AMQP.
 
 A connection is created from the connection factory as shown below.
 
@@ -107,7 +158,7 @@ A session can be created with any of the below modes.
 |**Session.DUPS_OK_ACKNOWLEDGE**|This acknowledgment mode instructs the session to lazily acknowledge the delivery of messages.| 
 |**Session.SESSION_TRANSACTED**|This value may be passed as the argument to the method createSession(int sessionMode) on the Connection object to specify that the session should use a local transaction.| 
 
-When the session mode is not specified, the **Session.AUTO_ACKNOWLEDGE** is picked by default.
+When the session mode isn't specified, the **Session.AUTO_ACKNOWLEDGE** is picked by default.
 
 ### JMSContext
 
@@ -129,13 +180,13 @@ Just like the **Session** object, the JMSContext can be created with the same ac
 JMSContext context = connectionFactory.createContext(JMSContext.AUTO_ACKNOWLEDGE);
 ```
 
-When the mode is not specified, the **JMSContext.AUTO_ACKNOWLEDGE** is picked by default.
+When the mode isn't specified, the **JMSContext.AUTO_ACKNOWLEDGE** is picked by default.
 
 ### JMS message producers
 
 A message producer is an object that is created using a JMSContext or a Session and used for sending messages to a destination.
 
-It can be created either as a stand alone object as below - 
+It can be created either as a stand-alone object as below - 
 
 ```java
 JMSProducer producer = context.createProducer();

articles/service-bus-messaging/migrate-jms-activemq-to-servicebus.md

@@ -58,7 +58,7 @@ As part of migrating and modifying your client applications to interact with Azu
 
 #### Authentication and authorization
 
-Azure role-based access control (Azure RBAC), backed by Azure Active Directory, is the preferred authentication mechanism for Service Bus. Because Azure RBAC, or claim-based authentication, isn't currently supported by Apache QPID JMS, however, you should use SAS keys for authentication.
+Azure role-based access control (Azure RBAC), backed by Azure Active Directory, is the preferred authentication mechanism for Service Bus. To enable role-based access control, please follow the steps in the [Azure Service Bus JMS 2.0 developer guide](jms-developer-guide.md).
 
 ## Pre-migration