ActiveMQ has default support to authentication and authorization using file based approach (flat or xml) and using JAAS. This example shows how to leverage JWT tokens to authenticate and authorize users. For more details, see blog
This project contains necessary API implementations for basic JWT usage. When building this project, it will create a new ActiveMQ zip file with all required dependencies and classes. This makes it easier to then run and test it.
Build the project with mvn clean install.
In the target/ directory you will find a zip file named apache-activemq-0.0.1-SNAPSHOT.zip.
You can unzip the produce zip file and run ActiveMQ as usual using scripts in bin/ directory.
The code resides in 2 classes
-
JwtAuthenticationPluginto configure the authentication and set up the filter chain -
JwtAuthenticationBrokerwhich is the actualBrokerFilterimplementation
The JwtAuthenticationPlugin allows you to read the configuration in order to instantiate the JwtAuthenticationBroker.
It does not have any logic and it’s rather simple because all configuration is hard coded with constants.
The JwtAuthenticationBroker will get invoked during the lifecyle of the broker and allow authentication to be performed.
This is where the JWT will be extracted and validated in order to read the user principal and its groups.
The authenticate method will extract the username and password. For simplicity, the token is passed in using the username.
It will then use JOSE to configure the public key to validate the signature.
Once done, we can start reading the JWT and extract what we need from it: the username and the groups.