activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From clebertsuco...@apache.org
Subject [4/5] activemq-artemis git commit: ARTEMIS-300 deprecate basic security manager
Date Wed, 11 Nov 2015 21:35:51 GMT
ARTEMIS-300 deprecate basic security manager

The old property-file based security manager shouldn't be used anymore. Instead
use the JAAS InVMLoginModule for in-vm tests, embedded use-cases, etc. and use
the other JAAS login modules for normal server use-cases.


Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/c40ab128
Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/c40ab128
Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/c40ab128

Branch: refs/heads/master
Commit: c40ab12843302205b743dd91f8d97405f8102b62
Parents: f72c226
Author: jbertram <jbertram@apache.org>
Authored: Thu Nov 5 15:36:17 2015 -0600
Committer: jbertram <jbertram@apache.org>
Committed: Wed Nov 11 14:17:46 2015 -0600

----------------------------------------------------------------------
 .../activemq/artemis/cli/commands/Create.java   |  45 +--
 .../artemis/factory/BasicSecurityHandler.java   |  45 ---
 .../artemis/factory/JaasSecurityHandler.java    |   3 +-
 .../artemis/broker/security/basic-security      |  17 -
 .../commands/etc/artemis-roles-basic.properties |  17 -
 .../commands/etc/artemis-roles-jaas.properties  |  17 -
 .../cli/commands/etc/artemis-roles.properties   |  17 +
 .../etc/basic-broker-security-settings.txt      |   5 -
 .../artemis/cli/commands/etc/bootstrap.xml      |   2 +-
 .../etc/jaas-broker-security-settings.txt       |   2 -
 .../cli/commands/etc/login-with-guest.config    |  28 ++
 .../cli/commands/etc/login-without-guest.config |  23 ++
 .../artemis/cli/commands/etc/login.config       |  22 --
 .../apache/activemq/cli/test/ArtemisTest.java   | 126 +++++---
 .../activemq/cli/test/FileBrokerTest.java       |   6 +-
 .../activemq/cli/test/StreamClassPathTest.java  |   5 +-
 .../activemq/artemis/dto/BasicSecurityDTO.java  |  42 ---
 .../activemq/artemis/dto/JaasSecurityDTO.java   |   4 +-
 .../org/apache/activemq/artemis/dto/jaxb.index  |   1 -
 .../artemis/maven/ArtemisCreatePlugin.java      |   5 +-
 .../artemis/rest/test/EmbeddedTest.java         |  14 +-
 .../src/test/resources/artemis-roles.properties |  17 -
 .../src/test/resources/artemis-users.properties |  17 -
 .../config/impl/FileSecurityConfiguration.java  |   1 +
 .../core/config/impl/SecurityConfiguration.java |  15 +-
 .../artemis/core/server/ActiveMQServers.java    |  19 +-
 .../core/server/embedded/EmbeddedActiveMQ.java  |   4 +-
 .../security/ActiveMQJAASSecurityManager.java   |  35 +-
 .../security/ActiveMQSecurityManagerImpl.java   |   1 +
 .../core/security/jaas/GuestLoginModule.java    |   2 +-
 .../spi/core/security/jaas/InVMLoginModule.java | 149 +++++++++
 .../artemis/tests/util/ActiveMQTestBase.java    |  12 +-
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server1/artemis-roles.properties   |  17 -
 .../activemq/server1/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../artemis/jms/example/EmbeddedExample.java    |  16 +-
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server1/artemis-roles.properties   |  17 -
 .../activemq/server1/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 examples/features/standard/pom.xml              |   1 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../main/resources/activemq/server0/broker.xml  |   7 +-
 .../features/standard/security-jaas/pom.xml     | 111 -------
 .../features/standard/security-jaas/readme.html | 324 -------------------
 .../jms/example/JaasSecurityExample.java        | 282 ----------------
 .../activemq/server0/artemis-roles.properties   |  20 --
 .../activemq/server0/artemis-users.properties   |  20 --
 .../main/resources/activemq/server0/broker.xml  |  81 -----
 .../src/main/resources/jndi.properties          |  22 --
 .../activemq/server0/artemis-roles.properties   |   8 +-
 .../src/main/resources/artemis-roles.properties |  17 -
 .../src/main/resources/artemis-users.properties |  17 -
 .../src/main/resources/spring-jms-beans.xml     |   3 +-
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../main/resources/activemq/server0/broker.xml  |   2 +-
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../activemq/server0/artemis-roles.properties   |   5 +-
 .../activemq/server0/artemis-roles.properties   |  17 -
 .../activemq/server0/artemis-users.properties   |  17 -
 .../client/AutoCreateJmsQueueTest.java          |  17 +-
 .../integration/client/HangConsumerTest.java    |  10 +-
 .../cluster/failover/SecurityFailoverTest.java  |   8 +-
 .../interceptors/InterceptorTest.java           |  11 +-
 .../tests/integration/jms/JMSSecurityTest.java  |   6 +-
 .../jms/server/JMSServerStartStopTest.java      |  25 +-
 ...tyManagementWithConfiguredAdminUserTest.java |   8 +-
 .../management/SecurityNotificationTest.java    |   6 +-
 .../integration/openwire/OpenWireTestBase.java  |  10 +-
 .../ra/ActiveMQMessageHandlerSecurityTest.java  |   7 +-
 .../tests/integration/ra/JMSContextTest.java    |   4 +-
 .../integration/ra/OutgoingConnectionTest.java  |   4 +-
 .../ra/OutgoingConnectionTestJTA.java           |  13 +-
 .../integration/security/LDAPSecurityTest.java  |   3 +-
 .../LegacyLDAPSecuritySettingPluginTest.java    |   3 +-
 .../integration/security/SecurityTest.java      |  79 ++---
 .../tests/tools/container/LocalTestServer.java  |   6 +-
 113 files changed, 521 insertions(+), 2169 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/Create.java
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/Create.java b/artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/Create.java
index a2d7e63..1b4a175 100644
--- a/artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/Create.java
+++ b/artemis-cli/src/main/java/org/apache/activemq/artemis/cli/commands/Create.java
@@ -72,15 +72,11 @@ public class Create extends InputAbstract {
    public static final String ETC_BOOTSTRAP_XML = "etc/bootstrap.xml";
    public static final String ETC_BROKER_XML = "etc/broker.xml";
 
-   // The JAAS PropertiesLogin module uses role=user(s) syntax, but the basic security uses user=role(s) syntax so we need 2 different files here
    public static final String ETC_ARTEMIS_ROLES_PROPERTIES = "etc/artemis-roles.properties";
-   public static final String ETC_ARTEMIS_ROLES_BASIC_PROPERTIES = "etc/artemis-roles-basic.properties";
-   public static final String ETC_ARTEMIS_ROLES_JAAS_PROPERTIES = "etc/artemis-roles-jaas.properties";
-
    public static final String ETC_ARTEMIS_USERS_PROPERTIES = "etc/artemis-users.properties";
-   public static final String ETC_JAAS_BROKER_SECURITY_SETTINGS_TXT = "etc/jaas-broker-security-settings.txt";
-   public static final String ETC_BASIC_BROKER_SECURITY_SETTINGS_TXT = "etc/basic-broker-security-settings.txt";
    public static final String ETC_LOGIN_CONFIG = "etc/login.config";
+   public static final String ETC_LOGIN_CONFIG_WITH_GUEST = "etc/login-with-guest.config";
+   public static final String ETC_LOGIN_CONFIG_WITHOUT_GUEST = "etc/login-without-guest.config";
    public static final String ETC_REPLICATED_SETTINGS_TXT = "etc/replicated-settings.txt";
    public static final String ETC_SHARED_STORE_SETTINGS_TXT = "etc/shared-store-settings.txt";
    public static final String ETC_CLUSTER_SECURITY_SETTINGS_TXT = "etc/cluster-security-settings.txt";
@@ -173,24 +169,10 @@ public class Create extends InputAbstract {
    @Option(name = "--nio", description = "Force nio journal on the configuration regardless of the library being available or not.")
    boolean forceNIO;
 
-   @Option(name = "--broker-security", description = "Use basic, file-based security or JAAS login module for broker security (Default: basic)")
-   String brokerSecurity;
-
    boolean IS_WINDOWS;
 
    boolean IS_CYGWIN;
 
-   public String getBrokerSecurity() {
-      if (brokerSecurity == null) {
-         brokerSecurity = "basic";
-      }
-      return brokerSecurity;
-   }
-
-   public void setBrokerSecurity(String security) {
-      this.brokerSecurity = security;
-   }
-
    public int getMaxHops() {
       return maxHops;
    }
@@ -561,27 +543,16 @@ public class Create extends InputAbstract {
       filters.put("${java-opts}", javaOptions);
 
       if (isAllowAnonymous()) {
-         filters.put("${bootstrap.guest}", "default-user=\"" + getUser() + "\"");
+         write(ETC_LOGIN_CONFIG_WITH_GUEST, filters, false);
+         new File(directory, ETC_LOGIN_CONFIG_WITH_GUEST).renameTo(new File(directory, ETC_LOGIN_CONFIG));
       }
       else {
-         filters.put("${bootstrap.guest}", "");
+         write(ETC_LOGIN_CONFIG_WITHOUT_GUEST, filters, false);
+         new File(directory, ETC_LOGIN_CONFIG_WITHOUT_GUEST).renameTo(new File(directory, ETC_LOGIN_CONFIG));
       }
 
-      if (brokerSecurity != null && brokerSecurity.equalsIgnoreCase("jaas")) {
-         filters.put("${broker-security-settings}", applyFilters(readTextFile(ETC_JAAS_BROKER_SECURITY_SETTINGS_TXT), filters));
-         filters.put("${login-config}", "-Djava.security.auth.login.config=" + path(directory, false) + "/etc/login.config");
-         write(ETC_LOGIN_CONFIG, filters, false);
-         write(ETC_ARTEMIS_ROLES_JAAS_PROPERTIES, filters, false);
-         File file = new File(directory, ETC_ARTEMIS_ROLES_JAAS_PROPERTIES);
-         file.renameTo(new File(directory, ETC_ARTEMIS_ROLES_PROPERTIES));
-      }
-      else {
-         filters.put("${broker-security-settings}", applyFilters(readTextFile(ETC_BASIC_BROKER_SECURITY_SETTINGS_TXT), filters));
-         filters.put("${login-config}", "");
-         write(ETC_ARTEMIS_ROLES_BASIC_PROPERTIES, filters, false);
-         File file = new File(directory, ETC_ARTEMIS_ROLES_BASIC_PROPERTIES);
-         file.renameTo(new File(directory, ETC_ARTEMIS_ROLES_PROPERTIES));
-      }
+      filters.put("${login-config}", "-Djava.security.auth.login.config=" + path(directory, false) + "/etc/login.config");
+      write(ETC_ARTEMIS_ROLES_PROPERTIES, filters, false);
 
       if (IS_WINDOWS) {
          write(BIN_ARTEMIS_CMD, null, false);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/java/org/apache/activemq/artemis/factory/BasicSecurityHandler.java
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/java/org/apache/activemq/artemis/factory/BasicSecurityHandler.java b/artemis-cli/src/main/java/org/apache/activemq/artemis/factory/BasicSecurityHandler.java
deleted file mode 100644
index b8eb2a5..0000000
--- a/artemis-cli/src/main/java/org/apache/activemq/artemis/factory/BasicSecurityHandler.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.activemq.artemis.factory;
-
-import java.io.File;
-
-import org.apache.activemq.artemis.core.config.impl.FileSecurityConfiguration;
-import org.apache.activemq.artemis.dto.BasicSecurityDTO;
-import org.apache.activemq.artemis.dto.SecurityDTO;
-import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
-import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
-
-public class BasicSecurityHandler implements SecurityHandler {
-
-   static String fixupFileURI(String value) {
-      if (value != null && value.startsWith("file:")) {
-         value = value.substring("file:".length());
-         value = new File(value).toURI().toString();
-      }
-      return value;
-   }
-
-   @Override
-   public ActiveMQSecurityManager createSecurityManager(SecurityDTO security) throws Exception {
-      BasicSecurityDTO fileSecurity = (BasicSecurityDTO) security;
-      String home = System.getProperty("activemq.home");
-      FileSecurityConfiguration securityConfiguration = new FileSecurityConfiguration(fixupFileURI(fileSecurity.users), fixupFileURI(fileSecurity.roles), fileSecurity.defaultUser, fileSecurity.maskPassword, fileSecurity.passwordCodec);
-      securityConfiguration.start();
-      return new ActiveMQSecurityManagerImpl(securityConfiguration);
-   }
-}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/java/org/apache/activemq/artemis/factory/JaasSecurityHandler.java
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/java/org/apache/activemq/artemis/factory/JaasSecurityHandler.java b/artemis-cli/src/main/java/org/apache/activemq/artemis/factory/JaasSecurityHandler.java
index 2cd1785..2f45f94 100644
--- a/artemis-cli/src/main/java/org/apache/activemq/artemis/factory/JaasSecurityHandler.java
+++ b/artemis-cli/src/main/java/org/apache/activemq/artemis/factory/JaasSecurityHandler.java
@@ -25,8 +25,7 @@ public class JaasSecurityHandler implements SecurityHandler {
    @Override
    public ActiveMQSecurityManager createSecurityManager(SecurityDTO security) throws Exception {
       JaasSecurityDTO jaasSecurity = (JaasSecurityDTO) security;
-      ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager();
-      securityManager.setConfigurationName(jaasSecurity.loginModule);
+      ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(jaasSecurity.domain);
       return securityManager;
    }
 }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/META-INF/services/org/apache/activemq/artemis/broker/security/basic-security
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/META-INF/services/org/apache/activemq/artemis/broker/security/basic-security b/artemis-cli/src/main/resources/META-INF/services/org/apache/activemq/artemis/broker/security/basic-security
deleted file mode 100644
index 8418fe9..0000000
--- a/artemis-cli/src/main/resources/META-INF/services/org/apache/activemq/artemis/broker/security/basic-security
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements. See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License. You may obtain a copy of the License at
-##
-##     http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-class=org.apache.activemq.artemis.factory.BasicSecurityHandler

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles-basic.properties
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles-basic.properties b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles-basic.properties
deleted file mode 100644
index 04c3c4c..0000000
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles-basic.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements.  See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License.  You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-${user}=${role}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles-jaas.properties
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles-jaas.properties b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles-jaas.properties
deleted file mode 100644
index c9443dd..0000000
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles-jaas.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements.  See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License.  You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-${role}=${user}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles.properties
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles.properties b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles.properties
new file mode 100644
index 0000000..c9443dd
--- /dev/null
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/artemis-roles.properties
@@ -0,0 +1,17 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements.  See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License.  You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+${role}=${user}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/basic-broker-security-settings.txt
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/basic-broker-security-settings.txt b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/basic-broker-security-settings.txt
deleted file mode 100644
index dd0a5f1..0000000
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/basic-broker-security-settings.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-
-   <basic-security
-           users="file:${artemis.instance}/etc/artemis-users.properties"
-           roles="file:${artemis.instance}/etc/artemis-roles.properties"
-           ${bootstrap.guest}/>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/bootstrap.xml
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/bootstrap.xml b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/bootstrap.xml
index fe3f864..ec4a489 100644
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/bootstrap.xml
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/bootstrap.xml
@@ -18,7 +18,7 @@
 
 <broker xmlns="http://activemq.org/schema">
 
-${broker-security-settings}
+   <jaas-security domain="activemq"/>
 
    <server configuration="file:${artemis.instance}/etc/broker.xml"/>
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/jaas-broker-security-settings.txt
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/jaas-broker-security-settings.txt b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/jaas-broker-security-settings.txt
deleted file mode 100644
index 6521bf4..0000000
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/jaas-broker-security-settings.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-
-   <jaas-security login-module="PropertiesLogin"/>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login-with-guest.config
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login-with-guest.config b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login-with-guest.config
new file mode 100644
index 0000000..9f4dfea
--- /dev/null
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login-with-guest.config
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+activemq {
+   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
+       debug=false
+       org.apache.activemq.jaas.properties.user="artemis-users.properties"
+       org.apache.activemq.jaas.properties.role="artemis-roles.properties";
+
+   org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient
+       debug=false
+       org.apache.activemq.jaas.guest.user="${user}"
+       org.apache.activemq.jaas.guest.role="${role}";
+};
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login-without-guest.config
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login-without-guest.config b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login-without-guest.config
new file mode 100644
index 0000000..89facb1
--- /dev/null
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login-without-guest.config
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+activemq {
+   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
+       debug=false
+       org.apache.activemq.jaas.properties.user="artemis-users.properties"
+       org.apache.activemq.jaas.properties.role="artemis-roles.properties";
+};
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login.config
----------------------------------------------------------------------
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login.config b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login.config
deleted file mode 100644
index fe8ca36..0000000
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/login.config
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-PropertiesLogin {
-    org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
-        debug=true
-        org.apache.activemq.jaas.properties.user="artemis-users.properties"
-        org.apache.activemq.jaas.properties.role="artemis-roles.properties";
-};
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java
----------------------------------------------------------------------
diff --git a/artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java b/artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java
index c081790..fd6d114 100644
--- a/artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java
+++ b/artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java
@@ -38,6 +38,7 @@ import org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory;
 import org.apache.activemq.artemis.jms.client.ActiveMQDestination;
 import org.junit.After;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TemporaryFolder;
@@ -50,16 +51,31 @@ public class ArtemisTest {
    @Rule
    public TemporaryFolder temporaryFolder;
 
+   private String original = System.getProperty("java.security.auth.login.config");
+
    public ArtemisTest() {
       File parent = new File("./target/tmp");
       parent.mkdirs();
       temporaryFolder = new TemporaryFolder(parent);
    }
 
+   @Before
+   public void setup() {
+      System.setProperty("java.security.auth.login.config", temporaryFolder.getRoot().getAbsolutePath() + "/etc/login.config");
+   }
+
    @After
    public void cleanup() {
       System.clearProperty("artemis.instance");
       Run.setEmbedded(false);
+
+      if (original == null) {
+         System.clearProperty("java.security.auth.login.config");
+      }
+      else {
+         System.setProperty("java.security.auth.login.config", original);
+      }
+
       Configurable.unlock();
    }
 
@@ -102,66 +118,86 @@ public class ArtemisTest {
    public void testSimpleRun() throws Exception {
       String queues = "q1,t2";
       String topics = "t1,t2";
+
+      // This is usually set when run from the command line via artemis.profile
       Run.setEmbedded(true);
-      Artemis.main("create", temporaryFolder.getRoot().getAbsolutePath(), "--force", "--silent", "--no-web", "--queues", queues, "--topics", topics, "--no-autotune");
+      Artemis.main("create", temporaryFolder.getRoot().getAbsolutePath(), "--force", "--silent", "--no-web", "--queues", queues, "--topics", topics, "--no-autotune", "--require-login");
       System.setProperty("artemis.instance", temporaryFolder.getRoot().getAbsolutePath());
       // Some exceptions may happen on the initialization, but they should be ok on start the basic core protocol
       Artemis.internalExecute("run");
 
-      try (ServerLocator locator = ServerLocatorImpl.newLocator("tcp://localhost:61616");
-           ClientSessionFactory factory = locator.createSessionFactory();
-           ClientSession coreSession = factory.createSession()) {
-         for (String str : queues.split(",")) {
-            ClientSession.QueueQuery queryResult = coreSession.queueQuery(SimpleString.toSimpleString("jms.queue." + str));
-            Assert.assertTrue("Couldn't find queue " + str, queryResult.isExists());
-         }
-         for (String str : topics.split(",")) {
-            ClientSession.QueueQuery queryResult = coreSession.queueQuery(SimpleString.toSimpleString("jms.topic." + str));
-            Assert.assertTrue("Couldn't find topic " + str, queryResult.isExists());
+      try {
+         try (ServerLocator locator = ServerLocatorImpl.newLocator("tcp://localhost:61616");
+              ClientSessionFactory factory = locator.createSessionFactory();
+              ClientSession coreSession = factory.createSession("admin", "admin", false, true, true, false, 0)) {
+            for (String str : queues.split(",")) {
+               ClientSession.QueueQuery queryResult = coreSession.queueQuery(SimpleString.toSimpleString("jms.queue." + str));
+               Assert.assertTrue("Couldn't find queue " + str, queryResult.isExists());
+            }
+            for (String str : topics.split(",")) {
+               ClientSession.QueueQuery queryResult = coreSession.queueQuery(SimpleString.toSimpleString("jms.topic." + str));
+               Assert.assertTrue("Couldn't find topic " + str, queryResult.isExists());
+            }
          }
-      }
-
-      Assert.assertEquals(Integer.valueOf(100), Artemis.internalExecute("producer", "--message-count", "100", "--verbose"));
-      Assert.assertEquals(Integer.valueOf(100), Artemis.internalExecute("consumer", "--verbose", "--break-on-null", "--receive-timeout", "100"));
 
-      ActiveMQConnectionFactory cf = new ActiveMQConnectionFactory("tcp://localhost:61616");
-      Connection connection = cf.createConnection();
-      Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
-      MessageProducer producer = session.createProducer(ActiveMQDestination.createDestination("queue://TEST", ActiveMQDestination.QUEUE_TYPE));
+         Assert.assertEquals(Integer.valueOf(100), Artemis.internalExecute("producer", "--message-count", "100", "--verbose", "--user", "admin", "--password", "admin"));
+         Assert.assertEquals(Integer.valueOf(100), Artemis.internalExecute("consumer", "--verbose", "--break-on-null", "--receive-timeout", "100", "--user", "admin", "--password", "admin"));
 
-      TextMessage message = session.createTextMessage("Banana");
-      message.setStringProperty("fruit", "banana");
-      producer.send(message);
+         ActiveMQConnectionFactory cf = new ActiveMQConnectionFactory("tcp://localhost:61616");
+         Connection connection = cf.createConnection("admin", "admin");
+         Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+         MessageProducer producer = session.createProducer(ActiveMQDestination.createDestination("queue://TEST", ActiveMQDestination.QUEUE_TYPE));
 
-      for (int i = 0; i < 100; i++) {
-         message = session.createTextMessage("orange");
-         message.setStringProperty("fruit", "orange");
+         TextMessage message = session.createTextMessage("Banana");
+         message.setStringProperty("fruit", "banana");
          producer.send(message);
-      }
-      session.commit();
 
-      connection.close();
-      cf.close();
+         for (int i = 0; i < 100; i++) {
+            message = session.createTextMessage("orange");
+            message.setStringProperty("fruit", "orange");
+            producer.send(message);
+         }
+         session.commit();
 
-      Assert.assertEquals(Integer.valueOf(1), Artemis.internalExecute("browser", "--txt-size", "50", "--verbose", "--filter", "fruit='banana'"));
+         connection.close();
+         cf.close();
 
-      Assert.assertEquals(Integer.valueOf(100), Artemis.internalExecute("browser", "--txt-size", "50", "--verbose", "--filter", "fruit='orange'"));
+         Assert.assertEquals(Integer.valueOf(1), Artemis.internalExecute("browser", "--txt-size", "50", "--verbose", "--filter", "fruit='banana'", "--user", "admin", "--password", "admin"));
 
-      Assert.assertEquals(Integer.valueOf(101), Artemis.internalExecute("browser", "--txt-size", "50", "--verbose"));
+         Assert.assertEquals(Integer.valueOf(100), Artemis.internalExecute("browser", "--txt-size", "50", "--verbose", "--filter", "fruit='orange'", "--user", "admin", "--password", "admin"));
 
-      // should only receive 10 messages on browse as I'm setting messageCount=10
-      Assert.assertEquals(Integer.valueOf(10), Artemis.internalExecute("browser", "--txt-size", "50", "--verbose", "--message-count", "10"));
+         Assert.assertEquals(Integer.valueOf(101), Artemis.internalExecute("browser", "--txt-size", "50", "--verbose", "--user", "admin", "--password", "admin"));
 
-      // Nothing was consumed until here as it was only browsing, check it's receiving again
-      Assert.assertEquals(Integer.valueOf(1), Artemis.internalExecute("consumer", "--txt-size", "50", "--verbose", "--break-on-null", "--receive-timeout", "100", "--filter", "fruit='banana'"));
+         // should only receive 10 messages on browse as I'm setting messageCount=10
+         Assert.assertEquals(Integer.valueOf(10), Artemis.internalExecute("browser", "--txt-size", "50", "--verbose", "--message-count", "10", "--user", "admin", "--password", "admin"));
 
-      // Checking it was acked before
-      Assert.assertEquals(Integer.valueOf(100), Artemis.internalExecute("consumer", "--txt-size", "50", "--verbose", "--break-on-null", "--receive-timeout", "100"));
+         // Nothing was consumed until here as it was only browsing, check it's receiving again
+         Assert.assertEquals(Integer.valueOf(1), Artemis.internalExecute("consumer", "--txt-size", "50", "--verbose", "--break-on-null", "--receive-timeout", "100", "--filter", "fruit='banana'", "--user", "admin", "--password", "admin"));
 
-      Artemis.internalExecute("stop");
-      Assert.assertTrue(Run.latchRunning.await(5, TimeUnit.SECONDS));
-      Assert.assertEquals(0, LibaioContext.getTotalMaxIO());
+         // Checking it was acked before
+         Assert.assertEquals(Integer.valueOf(100), Artemis.internalExecute("consumer", "--txt-size", "50", "--verbose", "--break-on-null", "--receive-timeout", "100", "--user", "admin", "--password", "admin"));
+      }
+      finally {
+         stopServer();
+      }
+   }
+
+   @Test
+   public void testAnonymousAutoCreate() throws Exception {
+      // This is usually set when run from the command line via artemis.profile
+
+      Run.setEmbedded(true);
+      Artemis.main("create", temporaryFolder.getRoot().getAbsolutePath(), "--force", "--silent", "--no-web", "--no-autotune", "--allow-anonymous", "--user", "a", "--password", "a", "--role", "a");
+      System.setProperty("artemis.instance", temporaryFolder.getRoot().getAbsolutePath());
+      // Some exceptions may happen on the initialization, but they should be ok on start the basic core protocol
+      Artemis.internalExecute("run");
 
+      try {
+         Assert.assertEquals(Integer.valueOf(100), Artemis.internalExecute("producer", "--message-count", "100"));
+      }
+      finally {
+         stopServer();
+      }
    }
 
    private void testCli(String... args) {
@@ -174,9 +210,15 @@ public class ArtemisTest {
       }
    }
 
-
    public boolean isWindows() {
       return System.getProperty("os.name", "null").toLowerCase().indexOf("win") >= 0;
+   }
 
+   private void stopServer() throws Exception {
+      Artemis.internalExecute("stop");
+      Assert.assertTrue(Run.latchRunning.await(5, TimeUnit.SECONDS));
+      Assert.assertEquals(0, LibaioContext.getTotalMaxIO());
    }
+
+
 }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/test/java/org/apache/activemq/cli/test/FileBrokerTest.java
----------------------------------------------------------------------
diff --git a/artemis-cli/src/test/java/org/apache/activemq/cli/test/FileBrokerTest.java b/artemis-cli/src/test/java/org/apache/activemq/cli/test/FileBrokerTest.java
index c796f3f..0feaf8f 100644
--- a/artemis-cli/src/test/java/org/apache/activemq/cli/test/FileBrokerTest.java
+++ b/artemis-cli/src/test/java/org/apache/activemq/cli/test/FileBrokerTest.java
@@ -20,7 +20,7 @@ import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
 import org.apache.activemq.artemis.dto.ServerDTO;
 import org.apache.activemq.artemis.integration.FileBroker;
 import org.apache.activemq.artemis.jms.server.impl.JMSServerManagerImpl;
-import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
+import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -32,7 +32,7 @@ public class FileBrokerTest {
       serverDTO.configuration = "broker.xml";
       FileBroker broker = null;
       try {
-         broker = new FileBroker(serverDTO, new ActiveMQSecurityManagerImpl());
+         broker = new FileBroker(serverDTO, new ActiveMQJAASSecurityManager());
          broker.start();
          JMSServerManagerImpl jmsServerManager = (JMSServerManagerImpl) broker.getComponents().get("jms");
          Assert.assertNotNull(jmsServerManager);
@@ -57,7 +57,7 @@ public class FileBrokerTest {
       serverDTO.configuration = "broker-nojms.xml";
       FileBroker broker = null;
       try {
-         broker = new FileBroker(serverDTO, new ActiveMQSecurityManagerImpl());
+         broker = new FileBroker(serverDTO, new ActiveMQJAASSecurityManager());
          broker.start();
          JMSServerManagerImpl jmsServerManager = (JMSServerManagerImpl) broker.getComponents().get("jms");
          Assert.assertNull(jmsServerManager);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-cli/src/test/java/org/apache/activemq/cli/test/StreamClassPathTest.java
----------------------------------------------------------------------
diff --git a/artemis-cli/src/test/java/org/apache/activemq/cli/test/StreamClassPathTest.java b/artemis-cli/src/test/java/org/apache/activemq/cli/test/StreamClassPathTest.java
index e1d045d..21579dc 100644
--- a/artemis-cli/src/test/java/org/apache/activemq/cli/test/StreamClassPathTest.java
+++ b/artemis-cli/src/test/java/org/apache/activemq/cli/test/StreamClassPathTest.java
@@ -40,8 +40,7 @@ public class StreamClassPathTest {
       openStream(Create.ETC_LOGGING_PROPERTIES);
       openStream(Create.ETC_BOOTSTRAP_XML);
       openStream(Create.ETC_BROKER_XML);
-      openStream(Create.ETC_ARTEMIS_ROLES_BASIC_PROPERTIES);
-      openStream(Create.ETC_ARTEMIS_ROLES_JAAS_PROPERTIES);
+      openStream(Create.ETC_ARTEMIS_ROLES_PROPERTIES);
       openStream(Create.ETC_ARTEMIS_USERS_PROPERTIES);
       openStream(Create.ETC_REPLICATED_SETTINGS_TXT);
       openStream(Create.ETC_REPLICATED_SETTINGS_TXT);
@@ -51,8 +50,6 @@ public class StreamClassPathTest {
       openStream(Create.ETC_CONNECTOR_SETTINGS_TXT);
       openStream(Create.ETC_BOOTSTRAP_WEB_SETTINGS_TXT);
       openStream(Create.ETC_JOURNAL_BUFFER_SETTINGS);
-      openStream(Create.ETC_JAAS_BROKER_SECURITY_SETTINGS_TXT);
-      openStream(Create.ETC_BASIC_BROKER_SECURITY_SETTINGS_TXT);
    }
 
    private void openStream(String source) throws Exception {

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/BasicSecurityDTO.java
----------------------------------------------------------------------
diff --git a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/BasicSecurityDTO.java b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/BasicSecurityDTO.java
deleted file mode 100644
index cc1ede1..0000000
--- a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/BasicSecurityDTO.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.activemq.artemis.dto;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlRootElement;
-
-@XmlRootElement(name = "basic-security")
-@XmlAccessorType(XmlAccessType.FIELD)
-public class BasicSecurityDTO extends SecurityDTO {
-
-   @XmlAttribute(required = true)
-   public String users;
-
-   @XmlAttribute(required = true)
-   public String roles;
-
-   @XmlAttribute(name = "default-user")
-   public String defaultUser;
-
-   @XmlAttribute(name = "mask-password")
-   public Boolean maskPassword = false;
-
-   @XmlAttribute
-   public String passwordCodec;
-}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/JaasSecurityDTO.java
----------------------------------------------------------------------
diff --git a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/JaasSecurityDTO.java b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/JaasSecurityDTO.java
index 99163cf..a988bff 100644
--- a/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/JaasSecurityDTO.java
+++ b/artemis-dto/src/main/java/org/apache/activemq/artemis/dto/JaasSecurityDTO.java
@@ -25,6 +25,6 @@ import javax.xml.bind.annotation.XmlRootElement;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class JaasSecurityDTO extends SecurityDTO {
 
-   @XmlAttribute(name = "login-module", required = true)
-   public String loginModule;
+   @XmlAttribute(name = "domain", required = true)
+   public String domain;
 }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-dto/src/main/resources/org/apache/activemq/artemis/dto/jaxb.index
----------------------------------------------------------------------
diff --git a/artemis-dto/src/main/resources/org/apache/activemq/artemis/dto/jaxb.index b/artemis-dto/src/main/resources/org/apache/activemq/artemis/dto/jaxb.index
index b0bacd7..94f0b2d 100644
--- a/artemis-dto/src/main/resources/org/apache/activemq/artemis/dto/jaxb.index
+++ b/artemis-dto/src/main/resources/org/apache/activemq/artemis/dto/jaxb.index
@@ -16,6 +16,5 @@
 ## ---------------------------------------------------------------------------
 BrokerDTO
 SecurityDTO
-BasicSecurityDTO
 JaasSecurityDTO
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-maven-plugin/src/main/java/org/apache/activemq/artemis/maven/ArtemisCreatePlugin.java
----------------------------------------------------------------------
diff --git a/artemis-maven-plugin/src/main/java/org/apache/activemq/artemis/maven/ArtemisCreatePlugin.java b/artemis-maven-plugin/src/main/java/org/apache/activemq/artemis/maven/ArtemisCreatePlugin.java
index ba6cb8e..39b6d8e 100644
--- a/artemis-maven-plugin/src/main/java/org/apache/activemq/artemis/maven/ArtemisCreatePlugin.java
+++ b/artemis-maven-plugin/src/main/java/org/apache/activemq/artemis/maven/ArtemisCreatePlugin.java
@@ -113,9 +113,6 @@ public class ArtemisCreatePlugin extends ArtemisAbstractPlugin {
    @Parameter(defaultValue = "ON_DEMAND")
    private String messageLoadBalancing;
 
-   @Parameter(defaultValue = "basic")
-   private String brokerSecurity;
-
    /**
     * For extra stuff not covered by the properties
     */
@@ -203,7 +200,7 @@ public class ArtemisCreatePlugin extends ArtemisAbstractPlugin {
 
       ArrayList<String> listCommands = new ArrayList<>();
 
-      add(listCommands, "create", "--allow-anonymous", "--silent", "--force", "--no-web", "--user", user, "--password", password, "--role", role, "--port-offset", "" + portOffset, "--data", dataFolder, "--broker-security", brokerSecurity);
+      add(listCommands, "create", "--allow-anonymous", "--silent", "--force", "--no-web", "--user", user, "--password", password, "--role", role, "--port-offset", "" + portOffset, "--data", dataFolder);
 
       if (allowAnonymous) {
          add(listCommands, "--allow-anonymous");

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/EmbeddedTest.java
----------------------------------------------------------------------
diff --git a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/EmbeddedTest.java b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/EmbeddedTest.java
index a869daf..91f927c 100644
--- a/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/EmbeddedTest.java
+++ b/artemis-rest/src/test/java/org/apache/activemq/artemis/rest/test/EmbeddedTest.java
@@ -27,11 +27,12 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.activemq.artemis.api.jms.JMSFactoryType;
-import org.apache.activemq.artemis.core.config.impl.FileSecurityConfiguration;
+import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
 import org.apache.activemq.artemis.rest.HttpHeaderProperty;
 import org.apache.activemq.artemis.rest.integration.EmbeddedRestActiveMQJMS;
 import org.apache.activemq.artemis.spi.core.naming.BindingRegistry;
-import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
+import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
+import org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule;
 import org.jboss.resteasy.client.ClientRequest;
 import org.jboss.resteasy.client.ClientResponse;
 import org.jboss.resteasy.spi.Link;
@@ -49,9 +50,12 @@ public class EmbeddedTest {
    public static void startEmbedded() throws Exception {
       server = new EmbeddedRestActiveMQJMS();
       server.getManager().setConfigResourcePath("activemq-rest.xml");
-      FileSecurityConfiguration securityConfiguration = new FileSecurityConfiguration("artemis-users.properties", "artemis-roles.properties", "guest", false, null);
-      securityConfiguration.start();
-      server.getEmbeddedJMS().setSecurityManager(new ActiveMQSecurityManagerImpl(securityConfiguration));
+      SecurityConfiguration securityConfiguration = new SecurityConfiguration();
+      securityConfiguration.addUser("guest", "guest");
+      securityConfiguration.addRole("guest", "guest");
+      securityConfiguration.setDefaultUser("guest");
+      ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), securityConfiguration);
+      server.getEmbeddedJMS().setSecurityManager(securityManager);
       server.start();
       List<String> connectors = new ArrayList<>();
       connectors.add("in-vm");

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-rest/src/test/resources/artemis-roles.properties
----------------------------------------------------------------------
diff --git a/artemis-rest/src/test/resources/artemis-roles.properties b/artemis-rest/src/test/resources/artemis-roles.properties
deleted file mode 100644
index 4e2d44c..0000000
--- a/artemis-rest/src/test/resources/artemis-roles.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements.  See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License.  You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-guest=guest
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-rest/src/test/resources/artemis-users.properties
----------------------------------------------------------------------
diff --git a/artemis-rest/src/test/resources/artemis-users.properties b/artemis-rest/src/test/resources/artemis-users.properties
deleted file mode 100644
index 4e2d44c..0000000
--- a/artemis-rest/src/test/resources/artemis-users.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements.  See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License.  You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-guest=guest
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/FileSecurityConfiguration.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/FileSecurityConfiguration.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/FileSecurityConfiguration.java
index 0dce1da..8fb14c0 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/FileSecurityConfiguration.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/FileSecurityConfiguration.java
@@ -24,6 +24,7 @@ import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
 import org.apache.activemq.artemis.utils.PasswordMaskingUtil;
 import org.apache.activemq.artemis.utils.SensitiveDataCodec;
 
+@Deprecated
 public class FileSecurityConfiguration extends SecurityConfiguration {
 
    private final String usersUrl;

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/SecurityConfiguration.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/SecurityConfiguration.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/SecurityConfiguration.java
index afbbe5e..d647802 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/SecurityConfiguration.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/config/impl/SecurityConfiguration.java
@@ -16,8 +16,12 @@
  */
 package org.apache.activemq.artemis.core.config.impl;
 
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+
 import org.apache.activemq.artemis.core.security.User;
 import org.apache.activemq.artemis.core.server.ActiveMQMessageBundle;
+import org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -25,7 +29,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 
-public class SecurityConfiguration {
+public class SecurityConfiguration extends Configuration {
 
    /**
     * the current valid users
@@ -104,4 +108,13 @@ public class SecurityConfiguration {
    public List<String> getRole(String username) {
       return roles.get(username);
    }
+
+   @Override
+   public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+      Map<String, SecurityConfiguration> map = new HashMap<>();
+      map.put(InVMLoginModule.CONFIG_PROP_NAME, this);
+      AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry(name, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, map);
+
+      return new AppConfigurationEntry[] {appConfigurationEntry};
+   }
 }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServers.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServers.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServers.java
index 1f14833..4bdfd5b 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServers.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServers.java
@@ -16,14 +16,15 @@
  */
 package org.apache.activemq.artemis.core.server;
 
-import java.lang.management.ManagementFactory;
-
 import javax.management.MBeanServer;
+import java.lang.management.ManagementFactory;
 
 import org.apache.activemq.artemis.core.config.Configuration;
+import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
 import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
+import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
-import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
+import org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule;
 
 /**
  * ActiveMQServers is a factory class for instantiating ActiveMQServer instances.
@@ -38,7 +39,7 @@ public final class ActiveMQServers {
    }
 
    public static ActiveMQServer newActiveMQServer(final Configuration config, final boolean enablePersistence) {
-      ActiveMQSecurityManager securityManager = new ActiveMQSecurityManagerImpl();
+      ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
 
       ActiveMQServer server = ActiveMQServers.newActiveMQServer(config, ManagementFactory.getPlatformMBeanServer(), securityManager, enablePersistence);
 
@@ -52,7 +53,7 @@ public final class ActiveMQServers {
    public static ActiveMQServer newActiveMQServer(final Configuration config,
                                                   final MBeanServer mbeanServer,
                                                   final boolean enablePersistence) {
-      ActiveMQSecurityManager securityManager = new ActiveMQSecurityManagerImpl();
+      ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
 
       ActiveMQServer server = ActiveMQServers.newActiveMQServer(config, mbeanServer, securityManager, enablePersistence);
 
@@ -83,7 +84,7 @@ public final class ActiveMQServers {
    }
 
    public static ActiveMQServer newActiveMQServer(Configuration config, String defUser, String defPass) {
-      ActiveMQSecurityManagerImpl securityManager = new ActiveMQSecurityManagerImpl();
+      ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
 
       securityManager.getConfiguration().addUser(defUser, defPass);
 
@@ -97,9 +98,9 @@ public final class ActiveMQServers {
                                                   final boolean enablePersistence,
                                                   String user,
                                                   String password) {
-      ActiveMQSecurityManagerImpl securityManager = new ActiveMQSecurityManagerImpl();
-
-      securityManager.getConfiguration().addUser(user, password);
+      SecurityConfiguration securityConfiguration = new SecurityConfiguration();
+      securityConfiguration.addUser(user, password);
+      ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), securityConfiguration);
 
       ActiveMQServer server = ActiveMQServers.newActiveMQServer(config, mbeanServer, securityManager, enablePersistence);
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/embedded/EmbeddedActiveMQ.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/embedded/EmbeddedActiveMQ.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/embedded/EmbeddedActiveMQ.java
index 86bbe91..fc77bdc 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/embedded/EmbeddedActiveMQ.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/embedded/EmbeddedActiveMQ.java
@@ -23,8 +23,8 @@ import org.apache.activemq.artemis.core.config.FileDeploymentManager;
 import org.apache.activemq.artemis.core.config.impl.FileConfiguration;
 import org.apache.activemq.artemis.core.server.ActiveMQServer;
 import org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl;
+import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
-import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
 
 /**
  * Helper class to simplify bootstrap of ActiveMQ Artemis server.  Bootstraps from classpath-based config files.
@@ -95,7 +95,7 @@ public class EmbeddedActiveMQ {
          configuration = config;
       }
       if (securityManager == null) {
-         securityManager = new ActiveMQSecurityManagerImpl();
+         securityManager = new ActiveMQJAASSecurityManager();
       }
       if (mbeanServer == null) {
          activeMQServer = new ActiveMQServerImpl(configuration, securityManager);

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
index 71f4511..eebc6ab 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
@@ -25,6 +25,7 @@ import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
 
+import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
 import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection;
 import org.apache.activemq.artemis.core.security.CheckType;
 import org.apache.activemq.artemis.core.security.Role;
@@ -45,10 +46,23 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager2 {
    private final boolean trace = ActiveMQServerLogger.LOGGER.isTraceEnabled();
 
    private String configurationName;
+   private SecurityConfiguration configuration;
+
+   public ActiveMQJAASSecurityManager() {
+   }
+
+   public ActiveMQJAASSecurityManager(String configurationName) {
+      this.configurationName = configurationName;
+   }
+
+   public ActiveMQJAASSecurityManager(String configurationName, SecurityConfiguration configuration) {
+      this.configurationName = configurationName;
+      this.configuration = configuration;
+   }
 
    @Override
    public boolean validateUser(String user, String password) {
-      throw new UnsupportedOperationException("Invoke validateUser(String, String, X509Certificate[]) instead");
+      return validateUser(user, password, null);
    }
 
    @Override
@@ -99,9 +113,10 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager2 {
             Iterator<RolePrincipal> rolesForSubjectIter = rolesForSubject.iterator();
             while (!authorized && rolesForSubjectIter.hasNext()) {
                Iterator<RolePrincipal> rolesWithPermissionIter = rolesWithPermission.iterator();
+               Principal subjectRole = rolesForSubjectIter.next();
                while (!authorized && rolesWithPermissionIter.hasNext()) {
-                  Principal role = rolesWithPermissionIter.next();
-                  authorized = rolesForSubjectIter.next().equals(role);
+                  Principal roleWithPermission = rolesWithPermissionIter.next();
+                  authorized = subjectRole.equals(roleWithPermission);
                }
             }
          }
@@ -115,7 +130,7 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager2 {
    }
 
    private Subject getAuthenticatedSubject(final String user, final String password, final X509Certificate[] certificates) throws LoginException {
-      LoginContext lc = new LoginContext(configurationName, new JaasCallbackHandler(user, password, certificates));
+      LoginContext lc = new LoginContext(configurationName, null, new JaasCallbackHandler(user, password, certificates), configuration);
       lc.login();
       return lc.getSubject();
    }
@@ -133,4 +148,16 @@ public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager2 {
    public void setConfigurationName(final String configurationName) {
       this.configurationName = configurationName;
    }
+
+   public void setConfiguration(SecurityConfiguration configuration) {
+      this.configuration = configuration;
+   }
+
+   public SecurityConfiguration getConfiguration() {
+      if (configuration == null) {
+         configuration = new SecurityConfiguration();
+      }
+
+      return configuration;
+   }
 }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java
index a9d4991..b60d8b0 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManagerImpl.java
@@ -29,6 +29,7 @@ import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
  * A basic implementation of the ActiveMQSecurityManager. This can be used within an appserver and be deployed by
  * BasicUserCredentialsDeployer or used standalone or embedded.
  */
+@Deprecated
 public class ActiveMQSecurityManagerImpl implements ActiveMQSecurityManager {
 
    private final SecurityConfiguration configuration;

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/GuestLoginModule.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/GuestLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/GuestLoginModule.java
index dbea86b..22da502 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/GuestLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/GuestLoginModule.java
@@ -106,7 +106,7 @@ public class GuestLoginModule implements LoginModule {
       }
 
       if (debug) {
-         ActiveMQServerLogger.LOGGER.debug("commit");
+         ActiveMQServerLogger.LOGGER.debug("commit: " + loginSucceeded);
       }
       return loginSucceeded;
    }

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/InVMLoginModule.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/InVMLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/InVMLoginModule.java
new file mode 100644
index 0000000..d91d639
--- /dev/null
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/InVMLoginModule.java
@@ -0,0 +1,149 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.spi.core.security.jaas;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
+import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
+
+public class InVMLoginModule implements LoginModule {
+   public static final String CONFIG_PROP_NAME = "org.apache.activemq.jaas.invm.config";
+
+   private SecurityConfiguration configuration;
+   private Subject subject;
+   private String user;
+   private Set<Principal> principals = new HashSet<Principal>();
+   private CallbackHandler callbackHandler;
+   private boolean loginSucceeded;
+
+   @Override
+   public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
+      this.subject = subject;
+      this.callbackHandler = callbackHandler;
+      this.configuration = (SecurityConfiguration) options.get(CONFIG_PROP_NAME);
+   }
+
+   @Override
+   public boolean login() throws LoginException {
+      Callback[] callbacks = new Callback[2];
+
+      callbacks[0] = new NameCallback("Username: ");
+      callbacks[1] = new PasswordCallback("Password: ", false);
+      try {
+         callbackHandler.handle(callbacks);
+      }
+      catch (IOException ioe) {
+         throw new LoginException(ioe.getMessage());
+      }
+      catch (UnsupportedCallbackException uce) {
+         throw new LoginException(uce.getMessage() + " not available to obtain information from user");
+      }
+      user = ((NameCallback) callbacks[0]).getName();
+      char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
+      if (tmpPassword == null) {
+         tmpPassword = new char[0];
+      }
+      if (user == null) {
+         if (configuration.getDefaultUser() == null) {
+            throw new FailedLoginException("Both username and defaultUser are null");
+         }
+         else {
+            user = configuration.getDefaultUser();
+         }
+      }
+      else {
+         String password = configuration.getUser(user) == null ? null : configuration.getUser(user).getPassword();
+
+         if (password == null) {
+            throw new FailedLoginException("User does not exist");
+         }
+         if (!password.equals(new String(tmpPassword))) {
+            throw new FailedLoginException("Password does not match");
+         }
+      }
+      loginSucceeded = true;
+
+      ActiveMQServerLogger.LOGGER.debug("login " + user);
+
+      return loginSucceeded;
+   }
+
+   @Override
+   public boolean commit() throws LoginException {
+      boolean result = loginSucceeded;
+      if (result) {
+         principals.add(new UserPrincipal(user));
+
+         List<String> roles = configuration.getRole(user);
+
+         if (roles != null) {
+            for (String role : roles) {
+               principals.add(new RolePrincipal(role));
+            }
+         }
+
+         subject.getPrincipals().addAll(principals);
+      }
+
+      // will whack loginSucceeded
+      clear();
+
+      ActiveMQServerLogger.LOGGER.debug("commit, result: " + result);
+
+      return result;
+   }
+
+   @Override
+   public boolean abort() throws LoginException {
+      clear();
+
+      ActiveMQServerLogger.LOGGER.debug("abort");
+
+      return true;
+   }
+
+   private void clear() {
+      user = null;
+      loginSucceeded = false;
+   }
+
+   @Override
+   public boolean logout() throws LoginException {
+      subject.getPrincipals().removeAll(principals);
+      principals.clear();
+      clear();
+
+      ActiveMQServerLogger.LOGGER.debug("logout");
+
+      return true;
+   }
+}

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/artemis-server/src/test/java/org/apache/activemq/artemis/tests/util/ActiveMQTestBase.java
----------------------------------------------------------------------
diff --git a/artemis-server/src/test/java/org/apache/activemq/artemis/tests/util/ActiveMQTestBase.java b/artemis-server/src/test/java/org/apache/activemq/artemis/tests/util/ActiveMQTestBase.java
index 76ac5ab..3765e60 100644
--- a/artemis-server/src/test/java/org/apache/activemq/artemis/tests/util/ActiveMQTestBase.java
+++ b/artemis-server/src/test/java/org/apache/activemq/artemis/tests/util/ActiveMQTestBase.java
@@ -79,13 +79,14 @@ import org.apache.activemq.artemis.core.client.impl.TopologyMemberImpl;
 import org.apache.activemq.artemis.core.config.ClusterConnectionConfiguration;
 import org.apache.activemq.artemis.core.config.Configuration;
 import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl;
+import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
+import org.apache.activemq.artemis.core.io.SequentialFileFactory;
+import org.apache.activemq.artemis.core.io.nio.NIOSequentialFileFactory;
 import org.apache.activemq.artemis.core.journal.PreparedTransactionInfo;
 import org.apache.activemq.artemis.core.journal.RecordInfo;
-import org.apache.activemq.artemis.core.io.SequentialFileFactory;
 import org.apache.activemq.artemis.core.journal.impl.JournalFile;
 import org.apache.activemq.artemis.core.journal.impl.JournalImpl;
 import org.apache.activemq.artemis.core.journal.impl.JournalReaderCallback;
-import org.apache.activemq.artemis.core.io.nio.NIOSequentialFileFactory;
 import org.apache.activemq.artemis.core.paging.PagingStore;
 import org.apache.activemq.artemis.core.persistence.impl.journal.OperationContextImpl;
 import org.apache.activemq.artemis.core.postoffice.Binding;
@@ -121,8 +122,9 @@ import org.apache.activemq.artemis.core.settings.impl.AddressFullMessagePolicy;
 import org.apache.activemq.artemis.core.settings.impl.AddressSettings;
 import org.apache.activemq.artemis.core.transaction.impl.XidImpl;
 import org.apache.activemq.artemis.jlibaio.LibaioContext;
+import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
 import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
-import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManagerImpl;
+import org.apache.activemq.artemis.spi.core.security.jaas.InVMLoginModule;
 import org.apache.activemq.artemis.utils.OrderedExecutorFactory;
 import org.apache.activemq.artemis.utils.UUIDGenerator;
 import org.junit.After;
@@ -1412,7 +1414,7 @@ public abstract class ActiveMQTestBase extends Assert {
                                                      NodeManager nodeManager,
                                                      final int id) {
       ActiveMQServer server;
-      ActiveMQSecurityManager securityManager = new ActiveMQSecurityManagerImpl();
+      ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
       configuration.setPersistenceEnabled(realFiles);
       server = addServer(new InVMNodeManagerServer(configuration, ManagementFactory.getPlatformMBeanServer(), securityManager, nodeManager));
 
@@ -1453,7 +1455,7 @@ public abstract class ActiveMQTestBase extends Assert {
                                                               NodeManager backupNodeManager,
                                                               final int id) {
       ActiveMQServer server;
-      ActiveMQSecurityManager securityManager = new ActiveMQSecurityManagerImpl();
+      ActiveMQSecurityManager securityManager = new ActiveMQJAASSecurityManager(InVMLoginModule.class.getName(), new SecurityConfiguration());
       configuration.setPersistenceEnabled(realFiles);
       server = new ColocatedActiveMQServer(configuration, ManagementFactory.getPlatformMBeanServer(), securityManager, liveNodeManager, backupNodeManager);
 

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/examples/features/standard/dead-letter/src/main/resources/activemq/server0/artemis-roles.properties
----------------------------------------------------------------------
diff --git a/examples/features/standard/dead-letter/src/main/resources/activemq/server0/artemis-roles.properties b/examples/features/standard/dead-letter/src/main/resources/activemq/server0/artemis-roles.properties
deleted file mode 100644
index 4e2d44c..0000000
--- a/examples/features/standard/dead-letter/src/main/resources/activemq/server0/artemis-roles.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements.  See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License.  You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-guest=guest
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/examples/features/standard/dead-letter/src/main/resources/activemq/server0/artemis-users.properties
----------------------------------------------------------------------
diff --git a/examples/features/standard/dead-letter/src/main/resources/activemq/server0/artemis-users.properties b/examples/features/standard/dead-letter/src/main/resources/activemq/server0/artemis-users.properties
deleted file mode 100644
index 4e2d44c..0000000
--- a/examples/features/standard/dead-letter/src/main/resources/activemq/server0/artemis-users.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements.  See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License.  You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-guest=guest
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/examples/features/standard/delayed-redelivery/src/main/resources/activemq/server0/artemis-roles.properties
----------------------------------------------------------------------
diff --git a/examples/features/standard/delayed-redelivery/src/main/resources/activemq/server0/artemis-roles.properties b/examples/features/standard/delayed-redelivery/src/main/resources/activemq/server0/artemis-roles.properties
deleted file mode 100644
index 4e2d44c..0000000
--- a/examples/features/standard/delayed-redelivery/src/main/resources/activemq/server0/artemis-roles.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements.  See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License.  You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-guest=guest
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/examples/features/standard/delayed-redelivery/src/main/resources/activemq/server0/artemis-users.properties
----------------------------------------------------------------------
diff --git a/examples/features/standard/delayed-redelivery/src/main/resources/activemq/server0/artemis-users.properties b/examples/features/standard/delayed-redelivery/src/main/resources/activemq/server0/artemis-users.properties
deleted file mode 100644
index 4e2d44c..0000000
--- a/examples/features/standard/delayed-redelivery/src/main/resources/activemq/server0/artemis-users.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements.  See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License.  You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-guest=guest
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/c40ab128/examples/features/standard/divert/src/main/resources/activemq/server0/artemis-roles.properties
----------------------------------------------------------------------
diff --git a/examples/features/standard/divert/src/main/resources/activemq/server0/artemis-roles.properties b/examples/features/standard/divert/src/main/resources/activemq/server0/artemis-roles.properties
deleted file mode 100644
index 4e2d44c..0000000
--- a/examples/features/standard/divert/src/main/resources/activemq/server0/artemis-roles.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-## ---------------------------------------------------------------------------
-## Licensed to the Apache Software Foundation (ASF) under one or more
-## contributor license agreements.  See the NOTICE file distributed with
-## this work for additional information regarding copyright ownership.
-## The ASF licenses this file to You under the Apache License, Version 2.0
-## (the "License"); you may not use this file except in compliance with
-## the License.  You may obtain a copy of the License at
-##
-## http://www.apache.org/licenses/LICENSE-2.0
-##
-## Unless required by applicable law or agreed to in writing, software
-## distributed under the License is distributed on an "AS IS" BASIS,
-## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-## See the License for the specific language governing permissions and
-## limitations under the License.
-## ---------------------------------------------------------------------------
-guest=guest
\ No newline at end of file


Mime
View raw message