activemq版本:5.14.3
一.conf/activemq.xml中增加如下配置,实现消息授权:
<broker >
...
<plugins>
<jaasAuthenticationPlugin configuration="activemq" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry topic=">" read="admins,consumers" write="admins,publishers" admin="admins"/>
<authorizationEntry queue=">" read="admins,consumers" write="admins,publishers" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
...
<broker />
该配置指定了:
1.<jaasAuthenticationPlugin configuration="activemq" />
指定了实用JAAS插件管理权限, "activemq" 一定要与login.config文件中的配置对应
2.<authorizationEntry topic=">" read="admins,consumers" write="admins,publishers" admin="admins"/>
指定了具体的Topic与用户组的授权关系
3.<authorizationEntry queue=">" read="admins,consumers" write="admins,publishers" admin="admins" />
指定了具体的Queue与用户组的授权关系
二.基于JAAS机制,conf目录下增加3个文件,实现登录认证和用户组:
login.config,内容如下,无需修改:
activemq {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
三.users.properties,内容格式username=password,根据实际情况修改:
#userName=password
admin=admin
publisher=publisher
consumer=consumer
四.groups.properties,内容格式groupname=username1,username2,username3,根据实际情况修改:
#groupName=UserName1,UserName2
admins=admin
publishers=admin,publisher,sslpublisher
consumers=admin,publisher,consumer,sslconsumer