ActiveMQ5.5安全配置分两种:控制台安全配置(即访问127.0.0.1:8161时用户认证)和JMS服务安全配置(程序访问ActiveMQ时的安全设置)
1.控制台安全配置
将property name为authenticate的属性value="false" 改为"true",
控制台的登录用户名密码保存在conf/jetty-realm.properties文件中,内容如下: ## --------------------------------------------------------------------------- ## Licensed to the Apache Software Foundation (ASF) under one or more ## contributor license agreements. See the NOTICE file distributed with ## this work for additional information regarding copyright ownership. ## The ASF licenses this file to You under the Apache License, Version 2.0 ## (the "License"); you may not use this file except in compliance with ## the License. You may obtain a copy of the License at ## ## http://www.apache.org/licenses/LICENSE-2.0 ## ## Unless required by applicable law or agreed to in writing, software ## distributed under the License is distributed on an "AS IS" BASIS, ## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ## See the License for the specific language governing permissions and ## limitations under the License. ## --------------------------------------------------------------------------- # Defines users that can access the web (console, demo, etc.) # username: password [,rolename ...] admin: admin, admin
用户格式定义: 用户名:密码[,角色...] , 以上配置就是用户名为admin,密码为admin,角色为admin的用户
以上占位引用可在conf/credential.properties中配置
b)在conf目录下增加login.config,groups.properties,users.properties
login.config 内容如下:
activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
groups.properties 内容如下:
#group=userName
admins=system
users.properties 内容如下:
#userName=password
system=manager
以上两种配置方式到conf下activemq-security.xml文件都能看到,看样子这个就是配置安全的配置文件,但是不知道怎么用,本人英文不好看官方的文档看不太懂,英文好的可以看下:
1.控制台安全配置
ActiveMQ使用的是jetty服务器, 打开conf/jetty.xml文件,找到
<bean id="securityConstraint" class="org.eclipse.jetty.http.security.Constraint"> <property name="name" value="BASIC" /> <property name="roles" value="admin" /> <property name="authenticate" value="false" /> </bean>将property name为authenticate的属性value="false" 改为"true",
控制台的登录用户名密码保存在conf/jetty-realm.properties文件中,内容如下: ## --------------------------------------------------------------------------- ## Licensed to the Apache Software Foundation (ASF) under one or more ## contributor license agreements. See the NOTICE file distributed with ## this work for additional information regarding copyright ownership. ## The ASF licenses this file to You under the Apache License, Version 2.0 ## (the "License"); you may not use this file except in compliance with ## the License. You may obtain a copy of the License at ## ## http://www.apache.org/licenses/LICENSE-2.0 ## ## Unless required by applicable law or agreed to in writing, software ## distributed under the License is distributed on an "AS IS" BASIS, ## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ## See the License for the specific language governing permissions and ## limitations under the License. ## --------------------------------------------------------------------------- # Defines users that can access the web (console, demo, etc.) # username: password [,rolename ...] admin: admin, admin
用户格式定义: 用户名:密码[,角色...] , 以上配置就是用户名为admin,密码为admin,角色为admin的用户
重启,访问 http://127.0.0.1:8161/admin/ 将弹出:
要求输入用户名密码
2.JMS服务安全配置(生产者和消息者连接时认证)
方法一:简单授权方式
在conf/activemq.xml文件中加入以下内容即可(如配置了systemUsage,应该放到systemUsage前):
<plugins> <!-- Configure authentication; Username, passwords and groups --> <simpleAuthenticationPlugin> <users> <authenticationUser username="system" password="${activemq.password}" groups="users,admins"/> <authenticationUser username="user" password="${guest.password}" groups="users"/> <authenticationUser username="guest" password="${guest.password}" groups="guests"/> </users> </simpleAuthenticationPlugin> </plugins>
以上占位引用可在conf/credential.properties中配置
方法二:JAAS授权方式
a)在conf/activemq.xml文件中加上
b)在conf目录下增加login.config,groups.properties,users.properties
login.config 内容如下:
activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
groups.properties 内容如下:
#group=userName
admins=system
users.properties 内容如下:
#userName=password
system=manager
以上两种配置方式到conf下activemq-security.xml文件都能看到,看样子这个就是配置安全的配置文件,但是不知道怎么用,本人英文不好看官方的文档看不太懂,英文好的可以看下:
http://activemq.apache.org/security.htmlhttp://activemq.apache.org/encrypted-passwords.html 看明白后也给大家讲解讲解下