在plugin配置節點下,配置以下信息:
<authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> <authorizationEntry queue="USERS.>" read="publishers" write="publishers" admin="admins" /> <authorizationEntry queue="FirstQueue.>" read="guests" write="consumer" admin="admins" /> <authorizationEntry queue="TEST.Q" read="guests" write="guests" /> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin>
每個authorizationEntry配置都有read、write和admin屬性,分別對應讀取、寫入和管理。read、write和admin的值爲在認證中用戶對應的groups屬性中的值。
authorizationEntry和消息隊列的對應關係是通過通配符方式。
例如:<authorizationEntry queue="FirstQueue.>" read="guests" write="consumer" admin="admins" /> 對應以FirstQueue開頭的消息隊列。
===========================
完整的認證和權限的配置如下:
<plugins> <simpleAuthenticationPlugin> <users> <authenticationUser username="admin" password="password" groups="admins,publishers,consumers"/> <authenticationUser username="publisher" password="password" groups="publishers,consumers"/> <authenticationUser username="consumer" password="password" groups="consumers"/> <authenticationUser username="guest" password="password" groups="guests"/> </users> </simpleAuthenticationPlugin> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> <authorizationEntry queue="USERS.>" read="publishers" write="publishers" admin="admins" /> <authorizationEntry queue="FirstQueue.>" read="guests" write="consumer" admin="admins" /> <authorizationEntry queue="TEST.Q" read="guests" write="guests" /> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin> </plugins>