ActiveMQ Security Authentication文章分类:Java编程一、简单的安全认证(使用SimpleAuthenticationPlugin)
(1)设置证书文件,放用户名和密码:${activemq.base}/conf/credentials.properties
activemq.username=logcd activemq.password=028cd (2)配置simpleAuthenticationPlugin,简单认证插件
<!--加载属性配置文件--> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <value>file:///${activemq.base}/conf/credentials.properties</value> </property> </bean>
<!--在Broker中,配置插件--> <plugins> <simpleAuthenticationPlugin> <users> <authenticationUser username="${activemq.username}" password="${activemq.password}" groups="users,admins"/> </users> </simpleAuthenticationPlugin> </plugins> (3)在connectionFactory中,使用用户名和密码。
ConnectionFactory cf = new ActiveMQConnectionFactory("logcd", "028cd", "tcp://195.2.199.169:61616")
<bean id="queueConnectionFactory" class="org.apache.activemq.spring.ActiveMQConnectionFactory" > <property name="brokerURL" value="tcp://195.2.199.169:61616" /> <property name="userName" value="logcd" /> <property name="password" value="028cd" /> <property name="useAsyncSend" value="true"/> </bean> 二、ActiveMQ Web Console Security ActiveMQ缺省的管理是通过内置的jetty服务器,只要在浏览器中输入http://[IP]:8161/admin,不需要登录,就可以对队列、主题及消息等进行管理,这很不安全。那么要解决管理控制台的安全性,除了通过修改管理端口号以及应用名称之外,最关键的也是需要进行配置,必须通过身份认证才能登录。 (1)认证信息文件:realm.properties(${activemq.base}/conf/realm.properties)
#admin/test admin: MD5:098f6bcd4621d373cade4e832627b4f6,user,admin (2)将jetty-plus-6.1.9.jar加入到${activemq.base}/lib/web中 (3)login.config(${activemq.base}/webapps/admin/login.config)
adminLoginModule { org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule required debug="true" file="${activemq.base}/conf/realm.properties"; }; (4)在activemq.xml中的jetty配置部分增加userRealms
<userRealms> <jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule"> </jaasUserRealm> </userRealms> (5)在${activemq.base}/webapps/admin/WEB-INF/web.xml文件里添加
<security-constraint> <web-resource-collection> <web-resource-name>adminRealm</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>adminRealm</realm-name> </login-config> (6)通过设置java.security.auth.login.config系统属性来配置login modules的配置文件。${activemq.base}/bin/activemq.bat中的ACTIVEMQ_OPTS增加参数
-Djava.security.auth.login.config="D:/activemq-5.1/webapps/admin/login.config" 问题:使用时一直报个警告信息,还不知道如何解决 WARN log - No CallbackHandler configured: using DefaultCallbackHandler 三、ActiveMQ5.3.0中的配置(conf下有各种配置样例)
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www./schema/beans" xmlns:amq="http://activemq./schema/core" xmlns:xsi="http://www./2001/XMLSchema-instance" xsi:schemaLocation="http://www./schema/beans http://www./schema/beans/spring-beans-2.0.xsd http://activemq./schema/core http://activemq./schema/core/activemq-core.xsd"> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <value>file:${activemq.base}/conf/credentials.properties</value> </property> </bean> <broker useJmx="true" persistent="false" xmlns="http://activemq./schema/core"> <plugins> <!-- Configure authentication; Username, passwords and groups --> <simpleAuthenticationPlugin> <users> <authenticationUser username="system" password="manager" groups="users,admins"/> <authenticationUser username="user" password="password" groups="users"/> <authenticationUser username="guest" password="password" groups="guests"/> </users> </simpleAuthenticationPlugin> <!-- Lets configure a destination based authorization mechanism --> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> <authorizationEntry queue="USERS.>" read="users" write="users" admin="users" /> <authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" /> <authorizationEntry queue="TEST.Q" read="guests" write="guests" /> <authorizationEntry topic=">" read="admins" write="admins" admin="admins" /> <authorizationEntry topic="USERS.>" read="users" write="users" admin="users" /> <authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" /> <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin> </plugins> <persistenceAdapter> <jdbcPersistenceAdapter dataDirectory="${activemq.base}/data" dataSource="#oracle-ds"/> </persistenceAdapter> <transportConnectors> <transportConnector name="myQueue" uri="tcp://195.2.199.169:61616"/> <transportConnector name="myTopic" uri="tcp://195.2.199.169:61617"/> </transportConnectors> </broker> <bean id="oracle-ds" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"> <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/> <property name="url" value="jdbc:oracle:thin:@195.2.199.6:1521:orcl"/> <property name="username" value="activemq"/> <property name="password" value="activemq"/> <property name="maxActive" value="200"/> <property name="poolPreparedStatements" value="true"/> </bean> <!-- Configure command agent to be used in secured broker environment Notice how we used ${activemq.username} and ${activemq.password} configured in credential.properties --> <commandAgent xmlns="http://activemq./schema/core" brokerUrl="vm://localhost" username="${activemq.username}" password="${activemq.password}"/> <!-- Use Web applications and Camel in secured broker environment --> <import resource="jetty.xml"/> <import resource="camel.xml"/> </beans> credentials.properties:
activemq.username=system activemq.password=manager
|
|
评论
http://www./activemq/securing-activemq-531-console.html
<userRealms>
<jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
</jaasUserRealm>
</userRealms>
<userRealms>
<jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
</jaasUserRealm>
</userRealms>
<jaasUserRealm name="adminRealm" loginModuleName="adminLoginModule">
</jaasUserRealm>
</userRealms>
>>WARN log - No CallbackHandler configured: using >>DefaultCallbackHandler
你可以在jaasUserRealm 中加入 callbackHandlerClass="org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler" ,这样就不会报Warn了。
详细如下: