ActiveMQ的JMX监控使用

package easyway.app.activemq.demo3;

import javax.management.ObjectName;

import org.apache.activemq.broker.jmx.BrokerViewMBean;
import org.apache.activemq.web.RemoteJMXBrokerFacade;
import org.apache.activemq.web.config.SystemPropertiesConfiguration;
/**
 * 
 * RemoteJMXBrokerFacade 访问ActiveMQ JMX配置
 * @author   longgangbai   
 *
 */
public class ActiveMQJMX {
	/**
	 *       通过JMX获取ActiveMQ各种信息
	 * @param args
	 */
	public static void main(String[] args) { 
		RemoteJMXBrokerFacade createConnector = new RemoteJMXBrokerFacade(); 
		System.setProperty("webconsole.jmx.url", "service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi"); 
		//System.setProperty("webconsole.jmx.user","controlRole"); 
		//System.setProperty("webconsole.jmx.password","abcd1234"); 
		SystemPropertiesConfiguration configuration = new SystemPropertiesConfiguration(); 
		createConnector.setConfiguration(configuration); 
		try { 
			BrokerViewMBean brokerAdmin = createConnector.getBrokerAdmin(); 
			String brokerName =brokerAdmin.getBrokerName();
			System.out.println("BrokerName ="+brokerName );
			long messages =brokerAdmin.getTotalMessageCount();
			System.out.println("messages ="+messages );
			long consumerCount=brokerAdmin.getTotalConsumerCount();
			System.out.println("consumerCount ="+consumerCount );
			long dequeueCount=brokerAdmin.getTotalDequeueCount();
			System.out.println("dequeueCount ="+dequeueCount );
			long enqueueCount=brokerAdmin.getTotalEnqueueCount();
			System.out.println("enqueueCount ="+enqueueCount );
			
			System.out.println(brokerAdmin.getBrokerName()); 
			//获取Topic相关的ObjectName
			ObjectName[] topicList=brokerAdmin.getTopics();
			System.out.println("topic ="+topicList.length);
			//获取Queue相关的ObjectName
			ObjectName[] queueList=brokerAdmin.getQueues();
			System.out.println("queue ="+queueList.length);
            //根据ObjectName创建相关的JMX对象获取相关的信息。
		} catch (Exception e) { 
			e.printStackTrace(); 
		} 
	}

}

 

ActiveMQ配置安全性

 

监视ActiveMQ的方式有多种，在第一部分中已经说到了Web监视控制台，设置登录用户名和密码，这里再说一下JMX监控。运行了ActiveMQ之后，再运行jdk自带的jconsole即可以看到ActiveMQ的进程，如图：点击连接之后就可以看到ActiveMQ的运行情况。默认情况下是不需要用户名和口令的，修改activemq.bat，找到

 

 

 

 

 

Java

 

1 2 3

SUNJMX = - Dcom . sun . management . jmxremote . port = 1099 - Dcom . sun . management . jmxremote . authenticate = false - Dcom . sun . management . jmxremote . ssl = false

修改成

 

 

 

 

 

Java

 

1 2 3 4 5

SUNJMX = - Dcom . sun . management . jmxremote . port = 1616 - Dcom . sun . management . jmxremote . authenticate = true - Dcom . sun . management . jmxremote . ssl = false - Dcom . sun . management . jmxremote . password . file = % ACTIVEMQ_BASE % / conf / jmx . password - Dcom . sun . management . jmxremote . access . file = % ACTIVEMQ_BASE % / conf / jmx . access

Linux下的找到：

 

 

 

 

 

 

Java

 

1 2 3 4 5

# ACTIVEMQ_SUNJMX_START = "-Dcom.sun.management.jmxremote.port=11099 " # ACTIVEMQ_SUNJMX_START = "$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_CONFIG_DIR}/jmx.password" # ACTIVEMQ_SUNJMX_START = "$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_CONFIG_DIR}/jmx.access" # ACTIVEMQ_SUNJMX_START = "$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.ssl=false" ACTIVEMQ_SUNJMX_START = "$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote"

去掉注释即可。
重启ActiveMQ之后，在用jconsole连接就需要输入用户名和密码，jmx.access文件配置用户的访问权限readonly和readwrite，admin readwrite表示用户admin具有读写权限。Jmx.password文件配置用户的密码，admin activemq 表示admin用户的密码是activemq。

除了监视台可以设置用户名和密码之后，ActiveMQ也可以对各个主题和队列设置用户名和密码，配置如下：

 

 

 

 

 

 

Java

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

<plugins>    < ! -- Configure authentication ; Username , passwords and groups -- >    <simpleAuthenticationPlugin>        <users>            < authenticationUser username = "system" password = "manager" groups = "users,admins" / >            < authenticationUser username = "user" password = "password" groups = "users" / >            < authenticationUser username = "guest" password = "password" groups = "guests" / >            < authenticationUser username = "testUser" password = "123456" groups = "testGroup" / >        < / users >    < / simpleAuthenticationPlugin >      < ! --    Lets configure a destination based authorization mechanism -- >    <authorizationPlugin>      <map>        <authorizationMap>          <authorizationEntries>            < authorizationEntry queue = "queue.group.uum" read = "users" write = "users" admin = "users" / >            < authorizationEntry queue = ">" read = "admins" write = "admins" admin = "admins" / >            < authorizationEntry queue = "USERS.>" read = "users" write = "users" admin = "users" / >            < authorizationEntry queue = "GUEST.>" read = "guests" write = "guests,users" admin = "guests,users" / >              < authorizationEntry queue = "TEST.Q" read = "guests" write = "guests" / >            < authorizationEntry queue = "test" read = " testGroup " write = " testGroup " / >              < authorizationEntry topic = ">" read = "admins" write = "admins" admin = "admins" / >            < authorizationEntry topic = "USERS.>" read = "users" write = "users" admin = "users" / >            < authorizationEntry topic = "GUEST.>" read = "guests" write = "guests,users" admin = "guests,users" / >              < authorizationEntry topic = "ActiveMQ.Advisory.>" read = "guests,users ,testGroup" write = "guests,users ,testGroup " admin = "guests,users ,testGroup " / >          < / authorizationEntries >        < / authorizationMap >      < / map >    < / authorizationPlugin > < / plugins >

simpleAuthenticationPlugin中设置用户名、密码和群组，authorizationPlugin设置主题和队列的访问群组，“>”表示所有的主题或者队列。上面的配置中添加了一个testUser，属于群组testGroup，同时设置test这个队列的访问读写权限为testGroup，当然admins也可以访问的，因为admins是对所有的队列都有访问权限。将第三部分代码中的设置用户名和密码改成刚刚添加的用户testUser，如果密码不正确，将会抛出User name or password is invalid.异常，如果testUser所属的群组不能访问test队列，那么会抛出User guest is not authorized to write to: queue://test异常。需要注意的是所有的群组都需要对以ActiveMQ.Advisory为前缀的主题具有访问权限。