在plugin配置節點下,配置以下信息:
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="USERS.>" read="publishers" write="publishers" admin="admins" />
<authorizationEntry queue="FirstQueue.>" read="guests" write="consumer" admin="admins" />
<authorizationEntry queue="TEST.Q" read="guests" write="guests" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
每個authorizationEntry配置都有read、write和admin屬性,分別對應讀取、寫入和管理。read、write和admin的值爲在認證中用戶對應的groups屬性中的值。
authorizationEntry和消息隊列的對應關係是通過通配符方式。
例如:<authorizationEntry queue="FirstQueue.>" read="guests" write="consumer" admin="admins" /> 對應以FirstQueue開頭的消息隊列。
===========================
完整的認證和權限的配置如下:
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="admin" password="password"
groups="admins,publishers,consumers"/>
<authenticationUser username="publisher" password="password"
groups="publishers,consumers"/>
<authenticationUser username="consumer" password="password"
groups="consumers"/>
<authenticationUser username="guest" password="password"
groups="guests"/>
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="USERS.>" read="publishers" write="publishers" admin="admins" />
<authorizationEntry queue="FirstQueue.>" read="guests" write="consumer" admin="admins" />
<authorizationEntry queue="TEST.Q" read="guests" write="guests" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>