ActiveMQ Security Authentication

最新推荐文章于 2023-10-16 09:14:34 发布

log_cd

最新推荐文章于 2023-10-16 09:14:34 发布

阅读量145

点赞数

分类专栏： ActiveMQ/JBossRules 文章标签： ActiveMQ Security 配置管理 XML Web

本文链接：https://blog.csdn.net/log_cd/article/details/83553385

版权

ActiveMQ/JBossRules 专栏收录该内容

7 篇文章 0 订阅

订阅专栏

[b]一、简单的安全认证(使用SimpleAuthenticationPlugin)[/b]
[b](1)设置证书文件，放用户名和密码：${activemq.base}/conf/credentials.properties[/b]


activemq.username=logcd
activemq.password=028cd

[b](2)配置simpleAuthenticationPlugin，简单认证插件[/b]


<!--加载属性配置文件-->
  <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
	 <property name="locations">
		<value>file:///${activemq.base}/conf/credentials.properties</value>
	 </property>      
  </bean>


<!--在Broker中，配置插件-->
	<plugins> 
		<simpleAuthenticationPlugin> 
			<users> 
				<authenticationUser username="${activemq.username}" password="${activemq.password}" groups="users,admins"/> 
			</users> 
		</simpleAuthenticationPlugin> 
	</plugins>

[b](3)在connectionFactory中，使用用户名和密码。[/b]


ConnectionFactory cf = new ActiveMQConnectionFactory("logcd", "028cd", "tcp://195.2.199.169:61616")


<bean id="queueConnectionFactory"
        class="org.apache.activemq.spring.ActiveMQConnectionFactory" >
        <property name="brokerURL" value="tcp://195.2.199.169:61616" />
		<property name="userName" value="logcd" /> 
		<property name="password" value="028cd" /> 
		<property name="useAsyncSend" value="true"/>
</bean>

[b]二、ActiveMQ Web Console Security [/b]
ActiveMQ缺省的管理是通过内置的jetty服务器，只要在浏览器中输入http://[IP]:8161/admin，不需要登录，就可以对队列、主题及消息等进行管理，这很不安全。那么要解决管理控制台的安全性，除了通过修改管理端口号以及应用名称之外，最关键的也是需要进行配置，必须通过身份认证才能登录。
[b](1)认证信息文件：realm.properties(${activemq.base}/conf/realm.properties)[/b]


#admin/test
admin: MD5:098f6bcd4621d373cade4e832627b4f6,user,admin

[b](2)将jetty-plus-6.1.9.jar加入到${activemq.base}/lib/web中[/b]
[b](3)login.config(${activemq.base}/webapps/admin/login.config)[/b]


adminLoginModule { 
      org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule required 
      debug="true" 
      file="${activemq.base}/conf/realm.properties"; 
};

[b](4)在activemq.xml中的jetty配置部分增加userRealms[/b]


<userRealms>
   <jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
   </jaasUserRealm>
</userRealms>

[b](5)在${activemq.base}/webapps/admin/WEB-INF/web.xml文件里添加[/b]


<security-constraint>
 <web-resource-collection>
 <web-resource-name>adminRealm</web-resource-name>
   <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
     <role-name>admin</role-name>
     <role-name>user</role-name>
   </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>adminRealm</realm-name>
</login-config>

[b](6)通过设置java.security.auth.login.config系统属性来配置login modules的配置文件。${activemq.base}/bin/activemq.bat中的ACTIVEMQ_OPTS增加参数[/b]


-Djava.security.auth.login.config="D:/activemq-5.1/webapps/admin/login.config"

问题：使用时一直报个警告信息，还不知道如何解决
[color=brown]WARN log - No CallbackHandler configured: using DefaultCallbackHandler[/color]
[b]三、ActiveMQ5.3.0中的配置(conf下有各种配置样例)[/b]


<?xml version="1.0" encoding="UTF-8"?>
<beans
  xmlns="http://www.springframework.org/schema/beans"
  xmlns:amq="http://activemq.apache.org/schema/core"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">

  <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
      <property name="locations">
          <value>file:${activemq.base}/conf/credentials.properties</value>
      </property>      
  </bean>

  <broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core">

    <plugins>
        <!-- Configure authentication; Username, passwords and groups -->
        <simpleAuthenticationPlugin>
            <users>
                <authenticationUser username="system" password="manager"
                    groups="users,admins"/>
                <authenticationUser username="user" password="password"
                    groups="users"/>
                <authenticationUser username="guest" password="password" groups="guests"/>
            </users>
        </simpleAuthenticationPlugin>


      <!--  Lets configure a destination based authorization mechanism -->
      <authorizationPlugin>
        <map>
          <authorizationMap>
            <authorizationEntries>
              <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
              <authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />
              <authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" />

              <authorizationEntry queue="TEST.Q" read="guests" write="guests" />

              <authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
              <authorizationEntry topic="USERS.>" read="users" write="users" admin="users" />
              <authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" />

              <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
            </authorizationEntries>
          </authorizationMap>
        </map>
      </authorizationPlugin>
    </plugins>

	<persistenceAdapter>
       <jdbcPersistenceAdapter dataDirectory="${activemq.base}/data" dataSource="#oracle-ds"/>
    </persistenceAdapter>

    <transportConnectors>
       <transportConnector name="myQueue" uri="tcp://195.2.199.169:61616"/>
       <transportConnector name="myTopic" uri="tcp://195.2.199.169:61617"/>
	</transportConnectors>

  </broker>

  <bean id="oracle-ds" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
    <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
    <property name="url" value="jdbc:oracle:thin:@195.2.199.6:1521:orcl"/>
    <property name="username" value="activemq"/>
    <property name="password" value="activemq"/>
    <property name="maxActive" value="200"/>
    <property name="poolPreparedStatements" value="true"/>
  </bean>

  <!-- 
      Configure command agent to be used in secured broker environment
      Notice how we used ${activemq.username} and ${activemq.password} configured in credential.properties
  -->
  <commandAgent xmlns="http://activemq.apache.org/schema/core" brokerUrl="vm://localhost" username="${activemq.username}" password="${activemq.password}"/>

  <!-- Use Web applications and Camel in secured broker environment -->
  <import resource="jetty.xml"/>
  <import resource="camel.xml"/>

</beans>

credentials.properties：


activemq.username=system
activemq.password=manager

log_cd

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
ActiveMQ Security Authentication

[b]一、简单的安全认证(使用SimpleAuthenticationPlugin)[/b][b](1)设置证书文件，放用户名和密码：${activemq.base}/conf/credentials.properties[/b][code="html"]activemq.username=logcdactivemq.password=028cd[/code][b](2)配...
复制链接

扫一扫

专栏目录