Blog Post

Messaging on Azure Blog
2 MIN READ

Announcing Azure Active Directory backed authentication for JMS 2.0 API on Azure Service Bus

EldertGrootenboer's avatar
EldertGrootenboer
Icon for Microsoft rankMicrosoft
Mar 20, 2023

We are excited to share that Azure Service Bus now supports Azure Active Directory (AAD) based access control for its JMS 2.0 API. The azure-servicebus-jms library has been updated and is readily available on Maven Central.

 

Although AAD-backed authentication has been an option for Service Bus for some time already, until now, users of the JMS 2.0 API still had to resort to local authentication using Shared Access Signatures (SAS). This new release brings a welcome change as it allows users to leverage AAD-based authentication, using service principals, and system- and user assigned managed identities.

 

If you would like to utilize AAD authentication for the JMS 2.0 API on Service Bus instead of SAS based authentication, ensure that the latest library is added to your project's build path. If you are using Maven, update your application's pom file by adding the following to your dependencies:

 

<dependency>
    <groupId>com.microsoft.azure</groupId>
    <artifactId>azure-servicebus-jms</artifactId>
    <version>1.0.0</version>
</dependency>

 

Create a Managed Identity in Azure and then assign permissions to the Service Bus resource that needs to be accessed. Use this managed identity to create a TokenCredential which will be used for authentication.

 

// If using User assigned Managed Identity
TokenCredential tokenCredential = new DefaultAzureCredentialBuilder()
                                      .managedIdentityClientId("<clientIDOfUserAssignedIdentity>")
                                      .build();

 

OR

 

// If Using System assigned Manged Identity
TokenCredential tokenCredential = new DefaultAzureCredentialBuilder()
                                      .build();

 

If using a service principal, instead use the code below to create your TokenCredential.

 

TokenCredential tokenCredential = new new ClientSecretCredentialBuilder()
                .tenantId("")
                .clientId("")
                .clientSecret("")
                .build();;

 

And finally create the Service Bus JMS Factory.

 

String host = "<YourNamespaceName>.servicebus.windows.net";
ConnectionFactory factory = new ServiceBusJmsConnectionFactory(tokenCredential, host, new ServiceBusJmsConnectionFactorySettings());

 

Please note that the JMS 2.0 API is only supported on the premium SKU of Azure Service Bus. More details can be found in the documentation.

Updated Mar 27, 2023
Version 4.0
azure service bus
  • jarek355's avatar
    jarek355
    Copper Contributor
    Feb 02, 2024

    Hi Eldert,

     

    Do you have a sample git repository with working example?

    Kind regards,

     

    JH