Message middleware (4) - ActiveMQ security check

Introduction to ActiveMQ Security Mechanism

The security mechanism generally includes two parts: Authentication and Authorization. In ActiveMQ, authentication refers to the verification of user identity through the visitor's user name and password, and authorization refers to specifying user groups with corresponding permissions for reading, writing, and managing message targets (queues or topics), and assigning permissions to users. The security mechanism of ActiveMQ is implemented based on plugins.

ActiveMQ provides two authentication plugins, namely:

1）Simple authentication plugin-in；

2）JAAS（Java Authentication and Authorization Service）authentication plugin-in。

ActiveMQ provides an authorization plugin: Authorization plugin-in.

1. Simple security authentication (using SimpleAuthenticationPlugin) 
(1) Set the certificate file, put the user name and password: ${activemq.conf}/credentials.properties 

 

activemq.username=system
activemq.password=manager

(2) Configure simpleAuthenticationPlugin, a simple authentication plug-in 

<beans
  xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
  http://www.springframework.org/schema/beans/spring-beans.xsd
  http://activemq.apache.org/schema/core
  http://activemq.apache.org/schema/core/activemq-core.xsd">
	
     <!--Load property configuration file-->
    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="locations">
            <value>file:${activemq.conf}/credentials.properties</value>
        </property>
    </bean>
	
  
  <broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.data}">
	<!--In Broker, configure the plugin-->
	<plugins>
		<simpleAuthenticationPlugin>
			<users>
				<authenticationUser username="${activemq.username}" password="${activemq.password}" groups="users,admins"/>
			</users>
		</simpleAuthenticationPlugin>
	</plugins>

	......
  </broker>
  
</beans>

 

(3), when the ConnectionFactory is initialized

@Bean
 public PooledConnectionFactory PooledConnectionFactory(){
  ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory();
  connectionFactory.setBrokerURL(MQ_URL);
  connectionFactory.setUserName("system"); //Username
  connectionFactory.setPassword("manager"); //password
 
  PooledConnectionFactory PooledConnectionFactory = new PooledConnectionFactory();
  PooledConnectionFactory.setConnectionFactory(connectionFactory);
 
  return PooledConnectionFactory;
 }

 

2. JAAS is too cumbersome 

三、Authorization plugin-in 

It mainly subdivides functions such as queues and topics, which are rarely used in general.

 

#quote article

http://activemq.apache.org/security.html

http://www.uml.org.cn/j2ee/201305033.asp