ActiveMQ5.5安全配置

ActiveMQ5.5安全配置分两种：控制台安全配置(即访问127.0.0.1:8161时用户认证)和JMS服务安全配置(程序访问ActiveMQ时的安全设置)

1.控制台安全配置

ActiveMQ使用的是jetty服务器, 打开conf/jetty.xml文件，找到

<bean id="securityConstraint" class="org.eclipse.jetty.http.security.Constraint"> <property name="name" value="BASIC" /> <property name="roles" value="admin" /> <property name="authenticate" value="false" /> </bean>
将property name为authenticate的属性value="false" 改为"true"，
控制台的登录用户名密码保存在conf/jetty-realm.properties文件中,内容如下:

## --------------------------------------------------------------------------- ## Licensed to the Apache Software Foundation (ASF) under one or more ## contributor license agreements. See the NOTICE file distributed with ## this work for additional information regarding copyright ownership. ## The ASF licenses this file to You under the Apache License, Version 2.0 ## (the "License"); you may not use this file except in compliance with ## the License. You may obtain a copy of the License at ## ## http://www.apache.org/licenses/LICENSE-2.0 ## ## Unless required by applicable law or agreed to in writing, software ## distributed under the License is distributed on an "AS IS" BASIS, ## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ## See the License for the specific language governing permissions and ## limitations under the License. ## --------------------------------------------------------------------------- # Defines users that can access the web (console, demo, etc.) # username: password [,rolename ...] admin: admin, admin
用户格式定义: 用户名:密码[,角色...] , 以上配置就是用户名为admin，密码为admin，角色为admin的用户

重启,访问　http://127.0.0.1:8161/admin/　将弹出:

要求输入用户名密码

2.JMS服务安全配置(生产者和消息者连接时认证)

　方法一：简单授权方式

在conf/activemq.xml文件中加入以下内容即可(如配置了systemUsage，应该放到systemUsage前)：

<plugins> <!-- Configure authentication; Username, passwords and groups --> <simpleAuthenticationPlugin> <users> <authenticationUser username="system" password="${activemq.password}" groups="users,admins"/> <authenticationUser username="user" password="${guest.password}" groups="users"/> <authenticationUser username="guest" password="${guest.password}" groups="guests"/> </users> </simpleAuthenticationPlugin> </plugins>
以上占位引用可在conf/credential.properties中配置

方法二:JAAS授权方式
a）在conf/activemq.xml文件中加上

<plugins> <!--use JAAS to authenticate using the login.config file on the classpath to configure JAAS --> <jaasAuthenticationPlugin configuration="activemq-domain" /> <!-- lets configure a destination based authorization mechanism --> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <!-->表示通配符,例如USERS.>表示以USERS.开头的主题,>表示所有主题,read表示读的权限,write表示写的权限，admin表示角色组--> <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> <authorizationEntry topic=">" read="admins" write="admins" admin="admins" /> <authorizationEntry queue="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" /> <authorizationEntry topic="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" /> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin> </plugins>
b）在conf目录下增加login.config，groups.properties，users.properties

login.config 内容如下：

activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};

groups.properties 内容如下：

#group=userName
admins=system

users.properties 内容如下：

#userName=password
system=manager

以上两种配置方式到conf下activemq-security.xml文件都能看到，看样子这个就是配置安全的配置文件，但是不知道怎么用，本人英文不好看官方的文档看不太懂，英文好的可以看下:

http://activemq.apache.org/security.htmlhttp://activemq.apache.org/encrypted-passwords.html 看明白后也给大家讲解讲解下