ActiveMQ in Action(4)

于 2010-06-22 23:20:00 发布
阅读量60 收藏
点赞数
文章标签: java 网络
本文介绍了ActiveMQ中的多种安全机制,包括SimpleAuthenticationPlugin、JAASAuthenticationPlugin等认证方式及AuthorizationPlugin授权方式,并提供了相应的配置示例。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

2.4 Security
ActiveMQ支持可插拔的安全机制,用以在不同的provider之间切换。
2.4.1 Simple Authentication Plugin
Simple Authentication Plugin适用于简单的认证需求,或者用于建立测试环境。它允许在XML配置文件中指定用户、用户组和密码等信息。以下是ActiveMQ配置的一个例 子:

Xml代码 复制代码
  1. < plugins >
  2. ...
  3. < simpleAuthenticationPlugin >
  4. < users >
  5. < authenticationUser username = "system" password = "manager" groups = "users,admins" />
  6. < authenticationUser username = "user" password = "password" groups = "users" />
  7. < authenticationUser username = "guest" password = "password" groups = "guests" />
  8. </ users >
  9. </ simpleAuthenticationPlugin >
  10. </ plugins >
Xml代码
  1. < plugins >
  2. ...
  3. < simpleAuthenticationPlugin >
  4. < users >
  5. < authenticationUser username = "system" password = "manager" groups = "users,admins" />
  6. < authenticationUser username = "user" password = "password" groups = "users" />
  7. < authenticationUser username = "guest" password = "password" groups = "guests" />
  8. </ users >
  9. </ simpleAuthenticationPlugin >
  10. </ plugins > 
<plugins>
  ...
  <simpleAuthenticationPlugin>
    <users>
      <authenticationUser username="system" password="manager" groups="users,admins"/>
	  <authenticationUser username="user" password="password" groups="users"/>
      <authenticationUser username="guest" password="password" groups="guests"/>
	</users>
  </simpleAuthenticationPlugin>
</plugins>

2.4.2 JAAS Authentication Plugin
JAAS Authentication Plugin依赖标准的JAAS机制来实现认证。通常情况下,你需要通过设置java.security.auth.login.config系统属性来 配置login modules的配置文件。如果没有指定这个系统属性,那么JAAS Authentication Plugin会缺省使用login.config作为文件名。以下是一个login.config文件的例子:

activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required debug=true org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties";
};
这个login.config文件中设置了两个属性:org.apache.activemq.jaas.properties.user和 org.apache.activemq.jaas.properties.group分别用来指向user.properties和 group.properties文件。需要注意的是,PropertiesLoginModule使用本地文件的查找方式,而且查找时采用的base directory是login.config文件所在的目录。因此这个login.config说明user.properties和 group.properties文件存放在跟login.config文件相同的目录里。
以下是ActiveMQ配置的一个例子:

Xml代码 复制代码
  1. < plugins >
  2. ...
  3. < jaasAuthenticationPlugin configuration = "activemq-domain" />
  4. </ plugins >
Xml代码
  1. < plugins >
  2. ...
  3. < jaasAuthenticationPlugin configuration = "activemq-domain" />
  4. </ plugins > 
<plugins>
  ...
  <jaasAuthenticationPlugin configuration="activemq-domain" />
</plugins>

基于以上的配置,在JAAS的LoginContext中会使用activemq-domain中配置的PropertiesLoginModule来进 行登陆。
ActiveMQ JAAS还支持LDAPLoginModule、CertificateLoginModule、 TextFileCertificateLoginModule等login module。

2.4.3 Custom Authentication Implementation
可以通过编码的方式为ActiveMQ增加认证功能。例如编写一个类继承自XBeanBrokerService。

Java代码 复制代码
  1. package com.yourpackage;
  3. import java.net.URI;
  4. import java.util.HashMap;
  5. import java.util.Map;
  7. import org.apache.activemq.broker.Broker;
  8. import org.apache.activemq.broker.BrokerFactory;
  9. import org.apache.activemq.broker.BrokerService;
  10. import org.apache.activemq.security.SimpleAuthenticationBroker;
  11. import org.apache.activemq.xbean.XBeanBrokerService;
  13. public class SimpleAuthBroker extends XBeanBrokerService{
  14. //
  15. private Stringuser;
  16. private Stringpassword;
  18. @SuppressWarnings ( "unchecked" )
  19. protected BrokeraddInterceptors(Brokerbroker) throws Exception{
  20. broker= super .addInterceptors(broker);
  21. Mappasswords= new HashMap();
  22. passwords.put(getUser(),getPassword());
  23. broker= new SimpleAuthenticationBroker(broker,passwords, new HashMap());
  24. return broker;
  25. }
  27. public StringgetUser(){
  28. return user;
  29. }
  31. public void setUser(Stringuser){
  32. this .user=user;
  33. }
  35. public StringgetPassword(){
  36. return password;
  37. }
  39. public void setPassword(Stringpassword){
  40. this .password=password;
  41. }
  42. }
Java代码
  1. package com.yourpackage;
  3. import java.net.URI;
  4. import java.util.HashMap;
  5. import java.util.Map;
  7. import org.apache.activemq.broker.Broker;
  8. import org.apache.activemq.broker.BrokerFactory;
  9. import org.apache.activemq.broker.BrokerService;
  10. import org.apache.activemq.security.SimpleAuthenticationBroker;
  11. import org.apache.activemq.xbean.XBeanBrokerService;
  13. public class SimpleAuthBroker extends XBeanBrokerService{
  14. //
  15. private Stringuser;
  16. private Stringpassword;
  18. @SuppressWarnings ( "unchecked" )
  19. protected BrokeraddInterceptors(Brokerbroker) throws Exception{
  20. broker=super .addInterceptors(broker);
  21. Mappasswords=new HashMap();
  22. passwords.put(getUser(),getPassword());
  23. broker=new SimpleAuthenticationBroker(broker,passwords, new HashMap());
  24. return broker;
  25. }
  27. public StringgetUser(){
  28. return user;
  29. }
  31. public void setUser(Stringuser){
  32. this .user=user;
  33. }
  35. public StringgetPassword(){
  36. return password;
  37. }
  39. public void setPassword(Stringpassword){
  40. this .password=password;
  41. }
  42. } 
package com.yourpackage;

import java.net.URI;
import java.util.HashMap;
import java.util.Map;

import org.apache.activemq.broker.Broker;
import org.apache.activemq.broker.BrokerFactory;
import org.apache.activemq.broker.BrokerService;
import org.apache.activemq.security.SimpleAuthenticationBroker;
import org.apache.activemq.xbean.XBeanBrokerService;

public class SimpleAuthBroker extends XBeanBrokerService {
    //
    private String user;
    private String password;
	
    @SuppressWarnings("unchecked")
    protected Broker addInterceptors(Broker broker) throws Exception {
        broker = super.addInterceptors(broker);
        Map passwords = new HashMap();
        passwords.put(getUser(), getPassword());
        broker = new SimpleAuthenticationBroker(broker, passwords, new HashMap());
        return broker;
    }
	
    public String getUser() {
	    return user;
    }

    public void setUser(String user) {
	    this.user = user;
    }

    public String getPassword() {
	    return password;
    }

    public void setPassword(String password) {
	    this.password = password;
    }
}
以下是ActiveMQ配置文件的一个例子:
Xml代码 复制代码
  1. < beans >
  3. < auth:SimpleAuthBroker
  4. xmlns:auth = "java://com.yourpackage"
  5. xmlns = "http://activemq.org/config/1.0" brokerName = "SimpleAuthBroker1" user = "user" password = "password" useJmx = "true" >
  7. < transportConnectors >
  8. < transportConnector uri = "tcp://localhost:61616" />
  9. </ transportConnectors >
  10. </ auth:SimpleAuthBroker >
  12. </ beans >
Xml代码
  1. < beans >
  3. < auth:SimpleAuthBroker
  4. xmlns:auth = "java://com.yourpackage"
  5. xmlns = "http://activemq.org/config/1.0" brokerName = "SimpleAuthBroker1" user = "user" password = "password" useJmx = "true" >
  7. < transportConnectors >
  8. < transportConnector uri = "tcp://localhost:61616" />
  9. </ transportConnectors >
  10. </ auth:SimpleAuthBroker >
  12. </ beans > 
<beans>
  …
  <auth:SimpleAuthBroker
  	xmlns:auth="java://com.yourpackage"
    xmlns="http://activemq.org/config/1.0" brokerName="SimpleAuthBroker1" user="user" password="password" useJmx="true">
  
    <transportConnectors>
      <transportConnector uri="tcp://localhost:61616"/>
    </transportConnectors>
  </auth:SimpleAuthBroker>
  …
</beans>

在这个配置文件中增加了一个namespace auth,用于指向之前编写的哪个类。同时为SimpleAuthBroker注入了两个属性值user和password,因此在被 SimpleAuthBroker改写的addInterceptors方法里,可以使用这两个属性进行认证了。ActiveMQ提供的 SimpleAuthenticationBroker类继承自BrokerFilter(可以简单的看成是Broker的Adaptor),它的构造函 数中的两个Map分别是userPasswords和userGroups。 SimpleAuthenticationBroker在 addConnection方法中使用userPasswords进行认证,同时会把userGroups的信息保存到 ConnectionContext中 。

2.4.4 Authorization Plugin
可以通过Authorization Plugin为认证后的用户授权,以下ActiveMQ配置文件的一个例子:

Xml代码 复制代码
  1. < plugins >
  2. < jaasAuthenticationPlugin configuration = "activemq-domain" />
  4. < authorizationPlugin >
  5. < map >
  6. < authorizationMap >
  7. < authorizationEntries >
  8. < authorizationEntry queue = ">" read = "admins" write = "admins" admin = "admins" />
  9. < authorizationEntry queue = "USERS.>" read = "users" write = "users" admin = "users" />
  10. < authorizationEntry queue = "GUEST.>" read = "guests" write = "guests,users" admin = "guests,users" />
  12. < authorizationEntry topic = ">" read = "admins" write = "admins" admin = "admins" />
  13. < authorizationEntry topic = "USERS.>" read = "users" write = "users" admin = "users" />
  14. < authorizationEntry topic = "GUEST.>" read = "guests" write = "guests,users" admin = "guests,users" />
  16. < authorizationEntry topic = "ActiveMQ.Advisory.>" read = "guests,users" write = "guests,users" admin = "guests,users" />
  17. </ authorizationEntries >
  18. </ authorizationMap >
  19. </ map >
  20. </ authorizationPlugin >
  21. </ plugins >
iteye_13254
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值