ActiveMQ5.5安全配置

ActiveMQ5.5安全配置分两种：控制台安全配置(即访问127.0.0.1:8161时用户认证)和JMS服务安全配置(程序访问ActiveMQ时的安全设置)

1.控制台安全配置

ActiveMQ使用的是jetty服务器, 打开conf/jetty.xml文件，找到

<bean id="securityConstraint" class="org.eclipse.jetty.http.security.Constraint">
        <property name="name" value="BASIC" />
        <property name="roles" value="admin" />
        <property name="authenticate" value="false" />
</bean>

将property name为authenticate的属性value="false" 改为"true"，
控制台的登录用户名密码保存在conf/jetty-realm.properties文件中,内容如下:

## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements.  See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License.  You may obtain a copy of the License at
## 
## http://www.apache.org/licenses/LICENSE-2.0
## 
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------

# Defines users that can access the web (console, demo, etc.)
# username: password [,rolename ...]
admin: admin, admin

用户格式定义: 用户名:密码[,角色...] , 以上配置就是用户名为admin，密码为admin，角色为admin的用户

重启,访问　http://127.0.0.1:8161/admin/　将弹出:

要求输入用户名密码

2.JMS服务安全配置(生产者和消息者连接时认证)

　方法一：简单授权方式

    在conf/activemq.xml文件中加入以下内容即可(如配置了systemUsage，应该放到systemUsage前)：

  

	<plugins>
	<!-- Configure authentication; Username, passwords and groups -->
		<simpleAuthenticationPlugin>
			<users>
				<authenticationUser username="system" password="${activemq.password}"   groups="users,admins"/>
				<authenticationUser username="user" password="${guest.password}"  groups="users"/>
				<authenticationUser username="guest" password="${guest.password}" groups="guests"/>
			</users>
		</simpleAuthenticationPlugin>
	</plugins>

以上占位引用可在conf/credential.properties中配置

    方法二:JAAS授权方式
     a）在conf/activemq.xml文件中加上

	<plugins>
		<!--use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
		<jaasAuthenticationPlugin configuration="activemq-domain" />
		<!--  lets configure a destination based authorization mechanism -->
		<authorizationPlugin>
			<map>
				<authorizationMap>
					<authorizationEntries>

					<!-->表示通配符,例如USERS.>表示以USERS.开头的主题,>表示所有主题,read表示读的权限,write表示写的权限，admin表示角色组-->
						<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
						<authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
						<authorizationEntry queue="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" />
						<authorizationEntry topic="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins" />
					</authorizationEntries>
				</authorizationMap>
			</map>
		</authorizationPlugin>
	</plugins>

  b）在conf目录下增加login.config，groups.properties，users.properties

        login.config 内容如下：

        activemq-domain {
                org.apache.activemq.jaas.PropertiesLoginModule required
                debug=true
                org.apache.activemq.jaas.properties.user="users.properties"
                org.apache.activemq.jaas.properties.group="groups.properties";
            };

       groups.properties  内容如下：

           #group=userName
           admins=system

      users.properties  内容如下：

           #userName=password
           system=manager

以上两种配置方式到conf下activemq-security.xml文件都能看到，看样子这个就是配置安全的配置文件，但是不知道怎么用，本人英文不好看官方的文档看不太懂，英文好的可以看下:

http://activemq.apache.org/security.html http://activemq.apache.org/encrypted-passwords.html 看明白后也给大家讲解讲解下