首页 > 代码库 > activemq 安全连接

activemq 安全连接

一、client连接broker

1.1 simple xml configuration

  activemq.xml配置

<plugins> 
          <simpleAuthenticationPlugin> 
             <users> 
                 <authenticationUser username="admin" password="password"  groups="admins,publishers,consumers"/>
                 <authenticationUser username="publisher" password="password" groups="publishers,consumers"/> 
                 <authenticationUser username="consumer" password="password" groups="consumers"/> 
                 <authenticationUser username="guest" password="password" groups="guests"/> 
             </users> 
          </simpleAuthenticationPlugin> 
</plugins>

  客户端代码

activeMQConnectionFactory.createConnection("admin","password");


1.2 JAAS

 增加login.config文件

activemq {
    org.apache.activemq.jaas.PropertiesLoginModule required
        org.apache.activemq.jaas.properties.user="users.properties"
        org.apache.activemq.jaas.properties.group="groups.properties"
        reload=true;
};

 注:reload设置为true时,用户名和密码在每次请求的时候都会重新加载,即修改之后立即生效。


增加users.properties

system=manager
admin=password
user=password
guest=password
sslclient=CN=localhost, OU=activemq.org, O=activemq.org, L=LA, ST=CA, C=US


增加groups.properties

admins=system,sslclient,client,broker1,broker2
tempDestinationAdmins=system,user,sslclient,client,broker1,broker2
users=system,user,sslclient,client,broker1,broker2
guests=guest


activemq.xml配置

        <plugins> 
           <jaasAuthenticationPlugin configuration="activemq" /> 
           <authorizationPlugin> 
               <map> 
                 <authorizationMap> 
                    <authorizationEntries>
                     <authorizationEntry queue="yyc-test" read="guests" write="users" admin="admins" />
                     <authorizationEntry topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/>
                   </authorizationEntries>
                   <tempDestinationAuthorizationEntry>
                     <tempDestinationAuthorizationEntry read="tmpDestinationAdmins" write="tmpDestinationAdmins" admin="tmpDestinationAdmins"/>
                   </tempDestinationAuthorizationEntry>
                 </authorizationMap> 
           </map> 
           </authorizationPlugin>
        </plugins>

注:

configuration的值要与login.config中的设置名称相匹配,如:activemq;

ActiveMQ.Advisory.>以表达式的方式配置的topic一定要设置。因为连接的时候就是这种类型的主题,如果不配置此项话,连接会报错(没有权限)。


1.3 LDAP

参考地址:http://activemq.apache.org/security.html


二、broker与broker之间的连接

<networkConnectors>
   <networkConnector name="brokerAbridge"
                     userName="user"
                     password="password"
                     uri="static://(tcp://brokerA:61616)"/>
</networkConnectors>


参考地址:http://activemq.apache.org/security.html

本文出自 “旅行者” 博客,请务必保留此出处http://881206524.blog.51cto.com/10315134/1928683

activemq 安全连接