6.4 基于证书的安全授权机制

博客搬家, 更好阅读体验,猛戳:http://www.jack-yin.com/english/translation/activemq-in-action/1525.html

 

6.4 Certificate-based security

6.4 基于证书的安全授权机制

 

Earlier in this chapter, we described ActiveMQ plug-ins used to secure the broker by

authenticating the clients and authorizing the access to destinations. These plug-ins

do their work properly, but they store client credentials using plain user names and

passwords. Though this is sufficient for most users and use cases, some organizations

prefer to implement security using SSL certificates. We’ve already discussed the SSL

transport and how it uses certificates in chapter 4. In this section we’ll expand on that

material and show you how the SSL transport (along with supporting plug-in) can be

used to secure the broker. We’ll see how we can authenticate clients using their

certificates, but also how we can give those clients different access rights based on the

certificate they use to connect to the broker.

 

本章前面部分,我们讨论了使用ActiveMQ插件,通过客户端认证并授权客户端访问消息目的地的方式来保证

代理的安全.这些插件可以正常的工作,但是他们使用明文来存储客户端的用户名和密码等身份信息.

对于大多数用户和大部分场景来说,这种方式已经足够使用,但是一些组织倾向于使用SSL证书来保证安全.

第4章中,我们已经讨论过SSL传输连接器以及如何使用证书.本节中,我们将探讨展开对证书的讨论并且告诉你

如何使用SSL传输连接器(同时支持插件)来保证代理安全.我们将看到如何使用证书认证客户端,同时看到如何

根据他们借以连接到代理的证书来分配不同的访问控制权限.