配置activemq5.1.0的安全机制

在这里仅介绍配置activemq5.1.0默认的JAAS安全机制的配置方法。而且就是安装官网文档上说明设置的。当然官网文档上的设置是针对ActiveMQ 4.x的。我没有找到特地的针对5.1版本的。于是就默认为向下兼容,或者说领个版本在安全设置上没有变更。官网文档地址:http://activemq.apache.org/security.html

 

一.目的:我们在自己的服务器上假设avtivemq 消息代理,如果不加入安全机制的话,任何连入internet的人,只要知道消息服务的具体地址(包括ip,端口,消息地址[队列或者主题地址],),都可以肆无忌惮的发送、接收消息。想象如果没有安全机制,这将会引起上么样的后果。

 

二.配置环境:我采用的环境就是activemq5.1.0。需要修改或者添加的文件有

     %avtivemq home%/conf/activemq.xml                ------------------  修改

     %avtivemq home%/conf/login.config                   ------------------  增加

     %avtivemq home%/conf/groups.properties         ------------------  增加

     %avtivemq home%/conf/users.properties           ------------------  增加

     %avtivemq home%/webapps/admin/WEB-INF/webconsole-embedded.xml    ------------------  修改

 

三.具体过程以及讲解:

  (1).activemq.xml的修改(下面是修改过的全文,加粗部分是修改过的部分)

 <!-- Allows us to use system properties as variables in this configuration file -->
 <bean
  class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />

 <broker xmlns="http://activemq.apache.org/schema/core"
  brokerName="localhost" dataDirectory="${activemq.base}/data">

  <!-- Destination specific policies using destination names or wildcards -->
  <destinationPolicy>
   <policyMap>
    <policyEntries>
     <policyEntry queue=">" memoryLimit="5mb" />
     <policyEntry topic=">" memoryLimit="5mb">
      <dispatchPolicy>
       <strictOrderDispatchPolicy />
      </dispatchPolicy>
      <subscriptionRecoveryPolicy>
       <lastImageSubscriptionRecoveryPolicy />
      </subscriptionRecoveryPolicy>
     </policyEntry>
    </policyEntries>
   </policyMap>
  </destinationPolicy>

  <!-- Use the following to configure how ActiveMQ is exposed in JMX -->
  <managementContext>
   <managementContext createConnector="false" />
  </managementContext>

  <!-- The store and forward broker networks ActiveMQ will listen to -->
  <networkConnectors>
   <!-- by default just auto discover the other brokers -->
   <networkConnector name="default-nc"
    uri="multicast://default" />
   <!-- Example of a static configuration:
    <networkConnector name="host1 and host2" uri="static://(tcp://host1:61616,tcp://host2:61616)"/>
   -->
  </networkConnectors>

  <persistenceAdapter>
   <amqPersistenceAdapter syncOnWrite="false"
    directory="${activemq.base}/data" maxFileLength="20 mb" />
  </persistenceAdapter>

  <!-- Use the following if you wish to configure the journal with JDBC -->
  <!--
   <persistenceAdapter>
   <journaledJDBC dataDirectory="${activemq.base}/data" dataSource="#postgres-ds"/>
   </persistenceAdapter>
  -->

  <!-- Or if you want to use pure JDBC without a journal -->
  <!--
   <persistenceAdapter>
   <jdbcPersistenceAdapter dataSource="#postgres-ds"/>
   </persistenceAdapter>
  -->

  <!--  The maximum about of space the broker will use before slowing down producers -->
  <systemUsage>
   <systemUsage>
    <memoryUsage>
     <memoryUsage limit="20 mb" />
    </memoryUsage>
    <storeUsage>
     <storeUsage limit="1 gb" name="foo" />
    </storeUsage>
    <tempUsage>
     <tempUsage limit="100 mb" />
    </tempUsage>
   </systemUsage>
  </systemUsage>


  <!-- The transport connectors ActiveMQ will listen to -->
  <transportConnectors>
   <transportConnector name="openwire"
    uri="tcp://localhost:61616" discoveryUri="multicast://default" />
   <transportConnector name="ssl" uri="ssl://localhost:61617" />
   <transportConnector name="stomp"
    uri="stomp://localhost:61613" />
   <transportConnector name="xmpp"
    uri="xmpp://localhost:61222" />
  </transportConnectors>

  <plugins>
   <!--  use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
   <jaasAuthenticationPlugin configuration="activemq-domain" />

   <!--  lets configure a destination based authorization mechanism -->
   <authorizationPlugin>
    <map>
     <authorizationMap>
      <authorizationEntries>
       <authorizationEntry queue=">" read="admins"
        write="admins" admin="admins" />
       <authorizationEntry queue="USERS.>"
        read="users" write="users" admin="users" />
       <authorizationEntry queue="GUEST.>"
        read="guests" write="guests,users" admin="guests,users" />

       <authorizationEntry topic=">" read="admins"
        write="admins" admin="admins" />
       <authorizationEntry topic="USERS.>"
        read="users" write="users" admin="users" />
       <authorizationEntry topic="GUEST.>"
        read="guests" write="guests,users" admin="guests,users" />

       <authorizationEntry
        topic="ActiveMQ.Advisory.>" read="guests,users"
        write="guests,users" admin="guests,users" />
      </authorizationEntries>

      <!-- let's assign roles to temporary destinations. comment this entry if we don't want any roles assigned to temp destinations  -->
      <tempDestinationAuthorizationEntry>
       <tempDestinationAuthorizationEntry
        read="tempDestinationAdmins" write="tempDestinationAdmins"
        admin="tempDestinationAdmins" />
      </tempDestinationAuthorizationEntry>
     </authorizationMap>
    </map>
   </authorizationPlugin>
  </plugins>


 </broker>

 <!--
  ** Lets deploy some Enterprise Integration Patterns inside the ActiveMQ Message Broker
  ** For more details see
  **
  ** http://activemq.apache.org/enterprise-integration-patterns.html
 -->
 <camelContext id="camel"
  xmlns="http://activemq.apache.org/camel/schema/spring">

  <!-- You can use a <package> element for each root package to search for Java routes -->
  <package>org.foo.bar</package>

  <!-- You can use Spring XML syntax to define the routes here using the <route> element -->
  <route>
   <from uri="activemq:example.A" />
   <to uri="activemq:example.B" />
  </route>
 </camelContext>
 <!-- configure the camel activemq component to use the current broker -->
 <bean id="activemq"
  class="org.apache.activemq.camel.component.ActiveMQComponent">
  <property name="connectionFactory">
   <bean
    class="org.apache.activemq.ActiveMQConnectionFactory">
    <property name="brokerURL"
     value="vm://localhost?create=false&amp;waitForStart=10000" />
    <property name="userName" value="system" />
    <property name="password" value="manager" />
   </bean>
  </property>
 </bean>


 <!-- Uncomment to create a command agent to respond to message based admin commands on the ActiveMQ.Agent topic -->
 <!--
  <commandAgent xmlns="http://activemq.apache.org/schema/core" brokerUrl="vm://localhost"/>
 -->


 <!-- An embedded servlet engine for serving up the Admin console -->
 <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
  <connectors>
   <nioConnector port="8161" />
  </connectors>

  <handlers>
   <webAppContext contextPath="/admin"
    resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
   <webAppContext contextPath="/demo"
    resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true" />
   <webAppContext contextPath="/fileserver"
    resourceBase="${activemq.base}/webapps/fileserver"
    logUrlOnStart="true" />
  </handlers>
 </jetty>

 <!-- END SNIPPET: example -->

 

(2)login.config的内容

activemq-domain {
    org.apache.activemq.jaas.PropertiesLoginModule required
        debug=true
        org.apache.activemq.jaas.properties.user="users.properties"
        org.apache.activemq.jaas.properties.group="groups.properties";
};

 

(3)groups.properties的内容

admins=system
tempDestinationAdmins=system,user
users=system,user
guests=guest

上面内容的结构是 组名=用户名1,用户名2...   意在存储组信息,指明组中有什么用户

(4)users.properties的内容

system=manager
user=password
guest=password

上面内容的结构是 用户名=密码 意在存储用户信息

(5)webconsole-embedded.xml的内容(下面是全文,加粗部分是修改过的内容)

<?xml version="1.0" encoding="UTF-8" ?>

<beans>

 <bean id="placeholderConfig"
  class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />

 <!-- use the following bean for a local in-JVM broker -->
 <bean id="brokerQuery"
  class="org.apache.activemq.web.SingletonBrokerFacade"
  autowire='constructor' singleton="false" />


 <bean id="sessionPool"
  class="org.apache.activemq.web.SessionPool">
  <property name="connectionFactory" ref="connectionFactory" />
 </bean>

 <bean id="connectionFactory"
  class="org.apache.activemq.ActiveMQConnectionFactory">
  <property name="brokerURL" value="vm://localhost" />
  <property name="userName" value="system" />
  <property name="password" value="manager" />
 </bean>

 <bean id="queueBrowser"
  class="org.apache.activemq.web.QueueBrowseQuery"
  autowire='constructor' singleton="false" />
 <bean id="messageQuery" class="org.apache.activemq.web.MessageQuery"
  autowire='constructor' singleton="false" />

</beans>

 

这个配置是为了让我们能够进入activemq自带的activemq web控制台控制和监测消息服务。

 

四.开启服务与总结。

        在命令行控制台进入%avtivemq home%/bin。执行activemq命令启动服务器。如果是按照上面的步骤一步一步来的,现在应该能成功的启动带有安全机制的activemq消息中间件代理服务。

        下午配置多时,就是没有配置成功,总是报这样那样的异常错误。看来是自己没有静下心来。晚上回家稍微推敲一番,看着控制台的异常原因和官方文档,按步就班地,便配置成功。心得自然是要静下心来看文档,并推敲出现异常的原因。

你可能感兴趣的:(apache,spring,bean,Web,activemq)