ActiveMQ的安全配置(九)
生活随笔
收集整理的這篇文章主要介紹了
ActiveMQ的安全配置(九)
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
安全權(quán)限有三種
read You can browse and consume from the destinationwrite You can send messages to the destinationadmin You can lazily create the destination if it does not yet exist. This allows you fine grained control over which new destinations can be dynamically created in what part of the queue/topic hierarchyadmin是我們?cè)趯懳覀冏约嚎蛻舳顺绦蛟L問(wèn)activeMQ時(shí)候,如果隊(duì)列/主題不存在.則admin就可指定該”角色”是否有權(quán)限建立這個(gè)隊(duì)列(沒(méi)錯(cuò),不像weblogic的jms那樣,隊(duì)列/主題沒(méi)有從后臺(tái)建立,則客戶端無(wú)法訪問(wèn)
第一種方式:Simple Authentication(簡(jiǎn)單的身份驗(yàn)證)
在conf/activemq.xml文件中加入以下內(nèi)容即可(如配置了systemUsage,應(yīng)該放到systemUsage前,否則出bug):
<plugins> <!-- Configure authentication; Username, passwords and groups --> <simpleAuthenticationPlugin> <users> <authenticationUser username="system" password="${activemq.password}" groups="users,admins"/> <authenticationUser username="user" password="${guest.password}" groups="users"/> <authenticationUser username="guest" password="${guest.password}" groups="guests"/> </users> </simpleAuthenticationPlugin> </plugins>引用在conf/credential.properties中配置
activemq.username=system activemq.password=manager guest.password=password創(chuàng)建1個(gè)簡(jiǎn)單的生產(chǎn)者消費(fèi)者
package com.tgb.activemq;import javax.jms.Connection; import javax.jms.ConnectionFactory; import javax.jms.Destination; import javax.jms.JMSException; import javax.jms.MessageConsumer; import javax.jms.Session; import javax.jms.TextMessage;import org.apache.activemq.ActiveMQConnection; import org.apache.activemq.ActiveMQConnectionFactory; /*** 消息的消費(fèi)者(接受者)* @author liang**/ public class JMSConsumer {private static final String USERNAME = "system";private static final String PASSWORD = "manager";private static final String BROKEURL = ActiveMQConnection.DEFAULT_BROKER_URL;//默認(rèn)連接地址,一般是localhost:61616,也是在activemq.xml中配置public static void main(String[] args) {ConnectionFactory connectionFactory;//連接工廠Connection connection = null;//連接Session session;//會(huì)話 接受或者發(fā)送消息的線程Destination destination;//消息的目的地MessageConsumer messageConsumer;//消息的消費(fèi)者//實(shí)例化連接工廠connectionFactory = new ActiveMQConnectionFactory(JMSConsumer.USERNAME, JMSConsumer.PASSWORD, JMSConsumer.BROKEURL);try {//通過(guò)連接工廠獲取連接connection = connectionFactory.createConnection();//啟動(dòng)連接connection.start();//創(chuàng)建sessionsession = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);//創(chuàng)建一個(gè)連接HelloWorld的消息隊(duì)列destination = session.createQueue("HelloWorld");//創(chuàng)建消息消費(fèi)者 messageConsumer = session.createConsumer(destination);while (true) {TextMessage textMessage = (TextMessage) messageConsumer.receive(100000);if(textMessage != null){System.out.println("收到的消息:" + textMessage.getText());}else {break;}}} catch (JMSException e) {e.printStackTrace();}} } package com.tgb.activemq;import javax.jms.Connection; import javax.jms.ConnectionFactory; import javax.jms.Destination; import javax.jms.JMSException; import javax.jms.MessageProducer; import javax.jms.Session; import javax.jms.TextMessage;import org.apache.activemq.ActiveMQConnection; import org.apache.activemq.ActiveMQConnectionFactory; /*** 消息的生產(chǎn)者(發(fā)送者) * @author liang**/ public class JMSProducer {//默認(rèn)連接用戶名private static final String USERNAME = "system";//默認(rèn)連接密碼private static final String PASSWORD = "manager";//默認(rèn)連接地址private static final String BROKEURL = ActiveMQConnection.DEFAULT_BROKER_URL;//發(fā)送的消息數(shù)量private static final int SENDNUM = 10;public static void main(String[] args) {//連接工廠ConnectionFactory connectionFactory;//連接Connection connection = null;//會(huì)話 接受或者發(fā)送消息的線程Session session;//消息的目的地Destination destination;//消息生產(chǎn)者MessageProducer messageProducer;//實(shí)例化連接工廠connectionFactory = new ActiveMQConnectionFactory(JMSProducer.USERNAME, JMSProducer.PASSWORD, JMSProducer.BROKEURL);try {//通過(guò)連接工廠獲取連接connection = connectionFactory.createConnection();//啟動(dòng)連接connection.start();//創(chuàng)建sessionsession = connection.createSession(true, Session.AUTO_ACKNOWLEDGE);//創(chuàng)建一個(gè)名稱為HelloWorld的消息隊(duì)列destination = session.createQueue("HelloWorld");//創(chuàng)建消息生產(chǎn)者messageProducer = session.createProducer(destination);//發(fā)送消息sendMessage(session, messageProducer);session.commit();} catch (Exception e) {e.printStackTrace();}finally{if(connection != null){try {connection.close();} catch (JMSException e) {e.printStackTrace();}}}}/*** 發(fā)送消息* @param session* @param messageProducer 消息生產(chǎn)者* @throws Exception*/public static void sendMessage(Session session,MessageProducer messageProducer) throws Exception{for (int i = 0; i < JMSProducer.SENDNUM; i++) {//創(chuàng)建一條文本消息 TextMessage message = session.createTextMessage("ActiveMQ 發(fā)送消息" +i);System.out.println("發(fā)送消息:Activemq 發(fā)送消息" + i);//通過(guò)消息生產(chǎn)者發(fā)出消息 messageProducer.send(message);}} }結(jié)果
INFO | Successfully connected to tcp://localhost:61616 收到的消息:ActiveMQ 發(fā)送消息0 收到的消息:ActiveMQ 發(fā)送消息1 收到的消息:ActiveMQ 發(fā)送消息2 收到的消息:ActiveMQ 發(fā)送消息3 收到的消息:ActiveMQ 發(fā)送消息4 收到的消息:ActiveMQ 發(fā)送消息5 收到的消息:ActiveMQ 發(fā)送消息6 收到的消息:ActiveMQ 發(fā)送消息7如果用戶名或密碼不正確
INFO | Successfully connected to tcp://localhost:61616 javax.jms.JMSSecurityException: User name [system] or password is invalid.at 。。。。。。。。。。第二種方式:JAAS authentication(JAAS身份驗(yàn)證)
- 在conf/activemq.xml文件中加上
<plugins> <!--use JAAS to authenticate using the login.config file on the classpath to configure JAAS --> <jaasAuthenticationPlugin configuration="activemq-domain" /> <!-- lets configure a destination based authorization mechanism --> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <!-- USERS.>表示以USERS.開(kāi)頭的主題;>表示所有主題,read表示讀的權(quán)限,write表示寫的權(quán)限,admin表示角色組 --> <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> <authorizationEntry topic=">" read="admins" write="admins" admin="admins" /> <authorizationEntry queue="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" /> <authorizationEntry topic="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" /> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin> </plugins>- 在conf目錄下的login.config,groups.properties,users.properties
login.config
activemq {org.apache.activemq.jaas.PropertiesLoginModule requiredorg.apache.activemq.jaas.properties.user="users.properties"org.apache.activemq.jaas.properties.group="groups.properties"; };groups.properties
#group=userName admins=systemusers.properties
#userName=password system=manager使用方式與簡(jiǎn)單身份驗(yàn)證相似。
但是這只是broker-level的驗(yàn)證和授權(quán),即只有在客戶端對(duì)broker發(fā)起連接時(shí)才會(huì)發(fā)揮做用,但是有的時(shí)候我們授權(quán)特定的message才能到達(dá)destination,這個(gè)時(shí)候我們就需要Message-level身份驗(yàn)證
下面這個(gè)例子實(shí)現(xiàn)了消費(fèi)者和broker在同一個(gè)主機(jī)上message才能到達(dá)destination的例子
public class AuthorizationPolicy implements MessageAuthorizationPolicy {private static final Log LOG =LogFactory.getLog(AuthorizationPolicy.class);public boolean isAllowedToConsume(ConnectionContext context, Message message) { LOG.info(context.getConnection().getRemoteAddress());String remoteAddress = context.getConnection().getRemoteAddress();if (remoteAddress.startsWith("/127.0.0.1")) {LOG.info("Permission to consume granted");return true;} else {LOG.info("Permission to consume denied");return false;}} }很簡(jiǎn)單,只需要實(shí)現(xiàn)isAllowedToConsume方法,然后把AuthorizationPolicy用類似spring的方式寫入到配置文件中
<messageAuthorizationPolicy><bean class="org.apache.activemq.book.ch6.AuthorizationPolicy"xmlns="http://www.springframework.org/schema/beans" /> </messageAuthorizationPolicy>注意,要想注入成功必須用mvn clean install把項(xiàng)目打包,然后在class中寫上正確的路徑,不然很容易啟動(dòng)失敗。activemq有時(shí)候很坑爹,寫著activemq is running at pid:XXXX實(shí)際上運(yùn)行失敗。。
查看activemq是否成功啟動(dòng)的方法:
1####.查看data/log文件,從日志查看啟動(dòng)結(jié)果最穩(wěn)妥
2.在終端查看端口 16161是否被占用
3.直接在網(wǎng)頁(yè)訪問(wèn) http://localhost:8161/
推薦第一種方法
上面介紹了兩種安全插件還有配置message-level的像過(guò)濾器一樣的bean,下面一節(jié)將介紹自定義插件和ssl方式的安全配置。
總結(jié)
以上是生活随笔為你收集整理的ActiveMQ的安全配置(九)的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: ActiveMQ的消息存储(八)
- 下一篇: ActiveMQ的自定义安全插件(十)