配置方式:
一、要配置系統環境變量:配置Jaas加載的配置文件路徑。
linux下使用
export ACTIVEMQ_OPTS=-Djava.security.auth.login.config=<login.config存儲路徑>或是在profile文件末尾添加上這樣一個導出
windows下
SET ACTIVEMQ_OPTS=%ACTIVEMQ_OPTS% -Djava.security.auth.login.config=<login.config存儲路徑>
二、配置配置文件
在配置文件broker之間添加下面的配置
- <plugins>
- <!-- Configure authentication; Username, passwords and groups
- 添加jaas認證插件
- activemq-domain 在login.config裏面定義,詳細見login.config -->
- <jaasAuthenticationPlugin configuration="activemq-domain" />
- <!-- Lets configure a destination based authorization mechanism
- 配置隊列用戶權限,>表示任意字符 -->
- <authorizationPlugin>
- <map>
- <authorizationMap>
- <authorizationEntries>
- <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
- <authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />
- <authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" />
- <authorizationEntry queue="TEST.Q" read="guests" write="guests" />
- <authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
- <authorizationEntry topic="USERS.>" read="users" write="users" admin="users" />
- <authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" />
- <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
- </authorizationEntries>
- </authorizationMap>
- </map>
- </authorizationPlugin>
- </plugins>
- activemq-domain //與配置文件中jaas plugin配置中的configuration相一致
-
{
org.apache.activemq.jaas.PropertiesLoginModule required//加載模塊
debug=true //設置調試模式
org.apache.activemq.jaas.properties.user="users.properties"//配置users.properties的相應文件路徑
org.apache.activemq.jaas.properties.group="groups.properties";//配置groups.properties的相應文件路徑
};
users.properties:配置用戶名和密碼
-
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
#格式user=password -
system=manager
user=password
guest=password
sslclient=CN=localhost, OU=activemq.org, O=activemq.org, L=LA, ST=CA, C=US
group.properties:配置用戶對應的用戶組
-
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
#格式:用戶組=用戶1,用戶2,...
admins=system,sslclient,client,broker1,broker2
tempDestinationAdmins=system,user,sslclient,client,broker1,broker2
users=system,user,sslclient,client,broker1,broker2
guests=guest