一、定义用户组
1.1 simpleAuthenticationPlugin通过在activemq.xml中配置用户组
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="admin" password="password" groups="admins,publishers,consumers"/>
<authenticationUser username="publisher" password="password" groups="publishers,consumers"/>
<authenticationUser username="consumer" password="password" groups="consumers"/>
<authenticationUser username="guest" password="password" groups="guests"/>
</users>
</simpleAuthenticationPlugin>
</plugins>
1.2 通过JAAS来配置用户组
<plugins>
<jaasAuthenticationPlugin configuration="activemq-domain" />
</plugins>
增加login.config文件
activemq {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
};
注:reload设置为true时,用户名和密码在每次请求的时候都会重新加载,即修改之后立即生效。
增加users.properties
system=manager
admin=password
user=password
guest=password
sslclient=CN=localhost, OU=activemq.org, O=activemq.org, L=LA, ST=CA, C=US
增加groups.properties
admins=system,sslclient,client,broker1,broker2
tempDestinationAdmins=system,user,sslclient,client,broker1,broker2
users=system,user,sslclient,client,broker1,broker2
guests=guest
二、queue和topic配置不同角色的读写权限
<plugins>
<jaasAuthenticationPlugin configuration="activemq" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue="yyc-test" read="guests" write="users" admin="admins" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/>
</authorizationEntries>
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry read="tmpDestinationAdmins" write="tmpDestinationAdmins" admin="tmpDestinationAdmins"/>
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
注:
configuration的值要与login.config中的设置名称相匹配,如:activemq;
ActiveMQ.Advisory.>以表达式的方式配置的topic一定要设置。因为连接的时候就是这种类型的主题,如果不配置此项话,连接会报错(没有权限)。
二、broker与broker之间的连接
<networkConnectors>
<networkConnector
name="brokerAbridge"
userName="user"
password="password"
uri="static://(tcp://brokerA:61616)"/>
</networkConnectors>
参考地址:http://activemq.apache.org/security.html
亿速云「云服务器」,即开即用、新一代英特尔至强铂金CPU、三副本存储NVMe SSD云盘,价格低至29元/月。点击查看>>
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。