最近现场又发现漏洞,内嵌acitvemq的jmx要用用户名,密码 内嵌比普通的复杂很多。查了很多资料,最后还是硬啃acitvemq官方英文,连蒙带猜整出来了
xml的配置可见这里
https://activemq.apache.org/xml-configuration
服务器端用
BrokerService broker = new BrokerService();
ManagementContext managementContext = new ManagementContext();
managementContext.setCreateConnector(true/*Boolean.parseBoolean(PropertiesUtils.getValue(JMSSERVERCONFIG, "managementContext.createConnector", "false"))*/); //用密码得是false?
managementContext.setConnectorPort(1099/*Integer.valueOf(PropertiesUtils.getValue(JMSSERVERCONFIG, "managementContext.connectorPort", "1099"))*/);
// managementContext.setConnectorHost("127.0.0.1");
java.util.Map env=new HashMap();
env.put("jmx.remote.x.access.file", "config/jmx.access");
env.put("jmx.remote.x.password.file", "config/jmx.password");
managementContext.setEnvironment(env);
broker.setManagementContext(managementContext);
//用户验证
// SimpleAuthenticationPlugin sap = new SimpleAuthenticationPlugin();
// AuthenticationUser au = new AuthenticationUser("admin", "admin","users");
// ArrayList<AuthenticationUser> d = new ArrayList<AuthenticationUser>();
// d.add(au);
// sap.setUsers(d); // 用户验证
// broker.setPlugins(new BrokerPlugin[] { sap });
客户端认证用
url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + ip + ":1099/jmxrmi");
Map<String, Object> credentials = new HashMap<>();
credentials.put(JMXConnector.CREDENTIALS, new String[] {"controlRole","test4321"});
connector = /*connectWithTimeout(url,null);*/JMXConnectorFactory.connect(url, credentials);
connector.connect();
jmx.access内容
monitorRole readonly
controlRole readwrite
jmx.password内容
monitorRole test4321
controlRole test4321