Built‑in Authentication (Local Users)

Use MAPS' encrypted local user store for labs, small teams, or bootstrap admin access.

Configuration

1) AuthManager (global)

AuthManager:
  authenticationEnabled: true
  authorizationEnabled: false
  config:
    identityProvider: "Encrypted-Auth"
    passwordHandler: "EncryptedPasswordCipher"
    configDirectory: "{{MAPS_DATA}}/.security"

Stores encrypted users under {{MAPS_DATA}}/.security.

2) JAAS (`jaasAuth.config`)

UsernamePasswordLoginModule {
  io.mapsmessaging.security.jaas.IdentityLoginModule Required
    debug=false
    siteWide="system";
};

3) SecurityManager mapping

SecurityManager:
  - public: UsernamePasswordLoginModule
    default: UsernamePasswordLoginModule

4) Listener example

- name: "MQTT Public"
  url: "tcp://0.0.0.0:1883/"
  protocol: mqtt
  auth: public

Security Note (Built-in Provider)

On first start only, the server will bootstrap local accounts:

Creates two users: admin and user.
Creates two groups: admin and user, and assigns the users accordingly.
Writes a file admin_passwords into the .security directory, containing the initial plaintext passwords.

⚠️ This initialization runs only once.
You must change the generated passwords immediately and delete the admin_passwords file. Leaving it in place is a security risk.

Configuration​

1) AuthManager (global)​

2) JAAS (jaasAuth.config)​

3) SecurityManager mapping​

4) Listener example​

Configuration

1) AuthManager (global)

2) JAAS (`jaasAuth.config`)

3) SecurityManager mapping

4) Listener example