We have a requirement where we want to use different ports for internal and external applications, so that different type of authentication can be used. Internal applications should be able to connect to port 8883 and use basic auth, while external apps/ camera should be able to connect to port 8884 , with combination of username and client certificate. Is it possible to configure broker to listen on 2 ports with different authentication mechanism?
Apache ActiveMQ Artemis support multiple JAAS login modules and multiple acceptors.
You can define multiple JAAS login modules in the etc/login.config file, i.e.
PropertiesLogin {
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
debug=false
org.apache.activemq.jaas.properties.user="artemis-users.properties"
org.apache.activemq.jaas.properties.role="artemis-roles.properties";
};
CertLogin {
org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required
debug=true
org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
};
You can define multiple acceptors in the etc/broker.xml file, i.e.
<acceptor name="mqtt">tcp://0.0.0.0:8883?protocols=MQTT;securityDomain=PropertiesLogin;...
<acceptor name="mqtt">tcp://0.0.0.0:8884?protocols=MQTT;securityDomain=CertLogin;...