JAAS authorization with JBoss Fuse

The customer I was working with had a need for JAAS Authorization for the ActiveMQ broker in his JBoss Fuse install. I thought I did it by the book. But it was at the end not enough. I had done this configuration for a FuseSource installation version 7.1.x but it didn’t work for a 7.2.x (JBoss Fuse 6.0.0.redhat-024). For the current, at this writing, version of JBoss Fuse you have to do it like this:

Add or change the plugins settings of etc/activemq.xml into:

<plugins>
<jaasAuthenticationPlugin configuration=”karaf”/>
<authorizationPlugin>
<map>
<authorizationMap groupClass=”org.apache.karaf.jaas.boot.principal.RolePrincipal”><authorizationEntries><authorizationEntry queue=”>” read=”admin,broker” write=”admin,broker” admin=”admin,broker”/>

<authorizationEntry topic=”>” read=”admin,broker” write=”admin,broker” admin=”admin,broker”/>
<authorizationEntry topic=”ActiveMQ.Advisory.>” read=”admin,broker” write=”admin,broker” admin=”admin,broker”/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
It is all about the ‘groupClass’ attribute inside the ‘authorizationMap’ element.
You can read more about this at https://community.jboss.org/thread/233546.