Skip to content

Overview

Concepts and Principles

Development

Overview

IDEs

API Explorer

Releases

Release Notes

TORO Integrate

Coder Studio

Coder Cloud

Bug Reports

Search

Configuring Remote ActiveMQ with Authentication and Authorization

ActiveMQ is the messaging broker used by TORO Integrate. It is a Message Oriented Middleware (MOM) used to send messages between two applications.

TORO Integrate is shipped with an embedded instance of ActiveMQ but it is possible to use a standalone instance of ActiveMQ. You can check this page out if you haven't been able to configure TORO Integrate with a remote ActiveMQ instance. TORO Integrate supports an attribute called jms.prefix to authenticate and authorize the application to remote brokers.

This section covers the configuration of a authentication and authorization for remote ActiveMQ instance used by TORO Integrate.

Step-by-Step Configuration for ActiveMQ

Step 1: ActiveMQ configuration directory

Proceed to ActiveMQ's configuration directory.

1
cd <activemq_home>/conf

Step 2: XML configurations

Open the activemq.xml file and add the following plugin that will authenticate users:

1
2
3
4
<plugins>
    <runtimeConfigurationPlugin checkPeriod="1000" />
    <jaasAuthenticationPlugin configuration="activemq-domain" />
</plugins>

You may add this just underneath the <managementContext> ... </managementContext> section.

Save and exit.

Step 3: Declare jaasAuthentication plugin

Open the login.config file and paste the following to declare the jaasAuthentication plugin and make use of JAVA property files that defines users and groups.

1
2
3
4
5
6
activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
};

Reload

The reload attribute set to true will compromise with the runtime configuration plugin set earlier and will give the broker the privilege to update the broker setting on the fly.

Save your configurations once you are done.

Step 4: JAVA Property files

Create or modify two JAVA Property files named users.properties and groups.properties. Start editing and follow the formatting below.

Content and formatting for users.properties:

1
username=password

Content and formatting for groups.properties:

1
groupname=username(s)

Step 5: Authorization Plugin Configuration

Authorization is controlled by groups. It will restrict the users from reading, writing, and creating a transaction for a specific topic/queue name of the broker. The prefix referred to at the start of this document will be used in this part of the configuration.

ActiveMQ Topics

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
<plugins>
    ...
    <authorizationPlugin>
    <map>
        <authorizationMap>
            <authorizationEntries>
                <!--To make security on every topic, the application needs be to configured to have their unique identifier on their topic name-->
                <authorizationEntry topic="jmsPrefix.statistics.>" read="$yourGroup" write="$yourGroup" admin="$yourGroup" />
                <authorizationEntry topic="jmsPrefix.io.toro.integrate.>" read="$yourGroup" write="$yourGroup" admin="$yourGroup" />
                <authorizationEntry queue="jmsPrefix.io.toro.integrate.>" read="$yourGroup" write="$yourGroup" admin="$yourGroup" />
                <authorizationEntry topic="ActiveMQ.Advisory.>"
                     read="$yourGroup"
                     write="$yourGroup"
                     admin="$yourGroup"/>

            </authorizationEntries>
        </authorizationMap>
    </map>
    </authorizationPlugin>
</plugins>

Save your configurations once you are done.

Wildcards

The wildcards used are ".", to separate names in a path, and ">", to recursively match topics/queues using the beginning from the name defined in the configuration (e.g jmsPrefix.io.toro.integrate.>).

JMS Prefix

The jmsPrefix defined above (jmsPrefix.io.toro.integrate) is a value that is declared in your override.properties file or Integrate Properties file. Proceed to the lower portion of this documentation for a step-by-step guide on how to configure the your override.properties or your Integrate Properties for your Server Edition instance.

Step 6: Restart ActiveMQ

Go to <$activemq_home>/bin directory to restart your ActiveMQ instance.

Run ActiveMQ on a separate terminal, either by start or console to check through the logs easily.

Start:

1
<$activemq_home>/bin/activemq start

Console:

1
<$activemq_home>/bin/activemq console

Step 7: Verify

Your modifications to the XML file should look similar to this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<!--
    The managementContext is used to configure how ActiveMQ is exposed in
    JMX. By default, ActiveMQ uses the MBean server that is started by
    the JVM. For more information, see:

    http://activemq.apache.org/jmx.html
-->
<managementContext>
    <managementContext createConnector="false"/>
</managementContext>

<plugins>
    <jaasAuthenticationPlugin configuration="activemq-domain" />
    <runtimeConfigurationPlugin checkPeriod="1000" />
<authorizationPlugin>
<map>
    <authorizationMap>
        <authorizationEntries>
            <!--To make security on every topic, the application needs be to configured to have their unique identifier on their topic name-->
            <authorizationEntry topic="jmsPrefix.statistics.>" read="admins" write="admins" admin="admins" />
            <authorizationEntry topic="jmsPrefix.io.toro.integrate.>" read="admins" write="admins" admin="admins" />
            <authorizationEntry queue="jmsPrefix.io.toro.integrate.>" read="admins" write="admins" admin="admins" />
            <authorizationEntry topic="ActiveMQ.Advisory.>"
                 read="admins"
                 write="admins"
                 admin="admins"/>

        </authorizationEntries>
    </authorizationMap>
</map>
</authorizationPlugin>
</plugins>

<!--
    Configure message persistence for the broker. The default persistence
    mechanism is the KahaDB store (identified by the KahaDB tag).
    For more information, see:

    http://activemq.apache.org/persistence.html
-->

Step-by-Step Configuration for Override Properties File

The Desktop Edition of TORO Integrate does not include a web UI for modifying the application properties. In which case you can apply your configurations by modifying the override.properties file in your data folder. Server Edition users also have the option to login to the web UI and update the application properties there.

Step 1: Switch to data folder

Go to your data folder.

1
cd <TORO_INTEGRATE_HOME>/data

Step 2: Modify override.properties file

Open the override.properties file in the data folder, then add the ActiveMQ username and password below the configurations made when setting up a remote ActiveMQ instance.

1
2
activemq.username=admin
activemq.password=admin

Your override.properties file should now have these following configurations:

1
2
3
4
5
6
jms.file=remote-activemq
jms.clientId=toro-integrate
jms.url=tcp://<activemq-ip-address>:61616?closeAsync=true
jms.prefix=your-prefix
activemq.username=admin
activemq.password=admin

Save once you are done and restart your TORO Integrate instance.

TORO Integrate Properties

If you have the Server Edition, you can also achieve this by configuring your Integrate Properties file.

Step 1: Login to TORO Integrate

Login to your TORO Integrate Server Edition instance.

Step 2: Navigate to Integrate Properties

Proceed to CONFIGURATION on the far left side of the interface and select Integrate Properties.

Integrate Properties Menu

Integrate Properties

Step 3: Make your changes

Configure a basic connection setup and look for jms.prefix. It is recommended that you make the prefix match the username inputted earlier in the users.properties file. You can also add the authentication values like the ActiveMQ username and password in this file.

1
2
3
4
5
6
jms.file=remote-activemq
jms.clientId=toro-integrate
jms.url=tcp://<activemq-ip-address>:61616?closeAsync=true
jms.prefix=your-prefix
activemq.username=admin
activemq.password=admin

Click save and restart the TORO Integrate instance.

Check logs if necessary.

Step 4: Login to ActiveMQ

Proceed to the web console of ActiveMQ and login using the admin account.

Step 5: Verify

After logging in, go to Topic panel and check if the topics were digested by the broker.

That's it! You have successfully configured authentication and authorization for a remote ActiveMQ instance for TORO Integrate. To test your configurations, try invoking another service while checking ActiveMQ's web console or logs, you'll notice that the enqueued messages will increase.