ActiveMQ5.5安全配置分两种:控制台安全配置(即访问127.0.0.1:8161时用户认证)和JMS服务安全配置(程序访问ActiveMQ时的安全设置)
1.控制台安全配置
将property name为authenticate的属性value="false" 改为"true",
控制台的登录用户名密码保存在conf/jetty-realm.properties文件中,内容如下:
用户格式定义: 用户名:密码[,角色...] , 以上配置就是用户名为admin,密码为admin,角色为admin的用户
以上占位引用可在conf/credential.properties中配置
b)在conf目录下增加login.config,groups.properties,users.properties
login.config 内容如下:
activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
groups.properties 内容如下:
#group=userName
admins=system
users.properties 内容如下:
#userName=password
system=manager
以上两种配置方式到conf下activemq-security.xml文件都能看到,看样子这个就是配置安全的配置文件,但是不知道怎么用,本人英文不好看官方的文档看不太懂,英文好的可以看下:
1.控制台安全配置
ActiveMQ使用的是jetty服务器, 打开conf/jetty.xml文件,找到
<bean id="securityConstraint" class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admin" />
<property name="authenticate" value="false" />
</bean>
将property name为authenticate的属性value="false" 改为"true",
控制台的登录用户名密码保存在conf/jetty-realm.properties文件中,内容如下:
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
# Defines users that can access the web (console, demo, etc.)
# username: password [,rolename ...]
admin: admin, admin
用户格式定义: 用户名:密码[,角色...] , 以上配置就是用户名为admin,密码为admin,角色为admin的用户
重启,访问 http://127.0.0.1:8161/admin/ 将弹出:
要求输入用户名密码
2.JMS服务安全配置(生产者和消息者连接时认证)
方法一:简单授权方式
在conf/activemq.xml文件中加入以下内容即可(如配置了systemUsage,应该放到systemUsage前):
<plugins>
<!-- Configure authentication; Username, passwords and groups -->
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="${activemq.password}" groups="users,admins"/>
<authenticationUser username="user" password="${guest.password}" groups="users"/>
<authenticationUser username="guest" password="${guest.password}" groups="guests"/>
</users>
</simpleAuthenticationPlugin>
</plugins>
以上占位引用可在conf/credential.properties中配置
方法二:JAAS授权方式
a)在conf/activemq.xml文件中加上
<plugins>
<!--use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
<jaasAuthenticationPlugin configuration="activemq-domain" />
<!-- lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<!-->表示通配符,例如USERS.>表示以USERS.开头的主题,>表示所有主题,read表示读的权限,write表示写的权限,admin表示角色组-->
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
b)在conf目录下增加login.config,groups.properties,users.properties
login.config 内容如下:
activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
groups.properties 内容如下:
#group=userName
admins=system
users.properties 内容如下:
#userName=password
system=manager
以上两种配置方式到conf下activemq-security.xml文件都能看到,看样子这个就是配置安全的配置文件,但是不知道怎么用,本人英文不好看官方的文档看不太懂,英文好的可以看下:
http://activemq.apache.org/security.html http://activemq.apache.org/encrypted-passwords.html 看明白后也给大家讲解讲解下