原文地址:http://blog.csdn.net/ichsonx/article/details/8540004
http://log-cd.iteye.com/blog/585616
http://blog.csdn.net/scorpio3k/article/details/5860433
----------------------------------------------------------------------------------------------------------------------------------
AMQ的安全配置分为:AMQ Broker(连接服务安全配置)和AMQ Console(控制台安全配置)两部分;
----------------------------------------------------------------------------------------------------------------------------------
1.控制台安全配置
ActiveMQ使用的是jetty服务器, 打开conf/jetty.xml文件,找到
- <bean id="securityConstraint" class="org.eclipse.jetty.http.security.Constraint">
- <property name="name" value="BASIC" />
- <property name="roles" value="admin" />
- <property name="authenticate" value="false" />
- </bean>
将property name为authenticate的属性value="false" 改为"true",设置成使用登录密码。
控制台的登录用户名密码保存在conf/jetty-realm.properties文件中。
用户格式定义: 用户名:密码[角色] 用户名为admin,密码为admin,角色为admin的用户
控制台访问地址: http://127.0.0.1:8161/admin/
----------------------------------------------------------------------------------------------------------------------------------
2.JMS服务安全配置 ------分为两种 :简单的证书文件安全认证和 JASS认证
2.1 、简单的安全认证(使用SimpleAuthenticationPlugin)
(1)设置证书文件,conf/credentials.properties 文件中设置用户名和密码:
- activemq.username=logcd
- activemq.password=028cd
(2)配置simpleAuthenticationPlugin,简单认证插件
- <!--加载属性配置文件-->
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
- <property name="locations">
- <value>file:///${activemq.base}/conf/credentials.properties</value>
- </property>
- </bean>
注意 :plugins标签 加在 broker标签中
- <!--在Broker中,配置插件-->
- <plugins>
- <simpleAuthenticationPlugin>
- <users>
- <authenticationUser username="${activemq.username}" password="${activemq.password}" groups="users,admins"/>
- </users>
- </simpleAuthenticationPlugin>
- </plugins>
(3)在connectionFactory中,使用用户名和密码。
- ConnectionFactory cf = new ActiveMQConnectionFactory("logcd", "028cd", "tcp://195.2.199.169:61616")
- <bean id="queueConnectionFactory"
- class="org.apache.activemq.spring.ActiveMQConnectionFactory" >
- <property name="brokerURL" value="tcp://195.2.199.169:61616" />
- <property name="userName" value="logcd" />
- <property name="password" value="028cd" />
- <property name="useAsyncSend" value="true"/>
- </bean>
2.2 JAAS身份验证
2.2.1 .在conf/activemq.xml文件 borker 标签中加入 配置使用JAAS策略,并定义配置模块为activemq-domain.
- <plugins>
- <!--use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
- <jaasAuthenticationPlugin configuration="activemq-domain" />
- <!-- lets configure a destination based authorization mechanism -->
- <authorizationPlugin>
- <map>
- <authorizationMap>
- <authorizationEntries>
- <!-->表示通配符,例如USERS.>表示以USERS.开头的主题,>表示所有主题,read表示读的权限,write表示写的权限,admin表示角色组-->
- <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
- <authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
- <authorizationEntry queue="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" />
- <authorizationEntry topic="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" />
- </authorizationEntries>
- </authorizationMap>
- </map>
- </authorizationPlugin>
- </plugins>
login.config 内容如下:
- activemq-domain {
- org.apache.activemq.jaas.PropertiesLoginModule required
- debug=true
- org.apache.activemq.jaas.properties.user="users.properties"
- org.apache.activemq.jaas.properties.group="groups.properties";
- };
- #group=userName
- admins=system
- #userName=password
- system=manager