为activemq配置授权
Configuring authorization for activemq
我正在同一台机器上使用 ActiveMQ embedded broker 编写测试应用程序。我尝试将其配置如下:
activemq.xml:
<amq:broker useJmx="false" persistent="false">
<amq:transportConnectors>
<amq:transportConnector uri="tcp://localhost:61616" />
</amq:transportConnectors>
</amq:broker>
<amq:simpleAuthenticationPlugin >
<amq:users>
<amq:authenticationUser username="system" password="manager"
groups="users,admins" />
</amq:users>
</amq:simpleAuthenticationPlugin>
Tomcat的context.xml:!!密码故意不正确!!
<Resource name="jms/ConnectionFactory" auth="Container" userName="userssname" password="passwords"
type="org.apache.activemq.ActiveMQConnectionFactory" description="JMS Connection Factory"
factory="org.apache.activemq.jndi.JNDIReferenceFactory" brokerURL="tcp://localhost:61616"
brokerName="LocalActiveMQBroker" />
但是,当我尝试执行注入时,即使密码不正确,我也可以轻松创建 ConnectionFactory 对象和 send/receive 消息。我怎么能否认呢?
我认为您还需要为队列和主题添加授权条目。
示例授权插件配置:
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins,publishers" read="admins,consumers" admin="admins" />
<authorizationEntry topic=">" write="admins,publishers" read="admins,consumers" admin="admins" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
我正在同一台机器上使用 ActiveMQ embedded broker 编写测试应用程序。我尝试将其配置如下:
activemq.xml:
<amq:broker useJmx="false" persistent="false">
<amq:transportConnectors>
<amq:transportConnector uri="tcp://localhost:61616" />
</amq:transportConnectors>
</amq:broker>
<amq:simpleAuthenticationPlugin >
<amq:users>
<amq:authenticationUser username="system" password="manager"
groups="users,admins" />
</amq:users>
</amq:simpleAuthenticationPlugin>
Tomcat的context.xml:!!密码故意不正确!!
<Resource name="jms/ConnectionFactory" auth="Container" userName="userssname" password="passwords"
type="org.apache.activemq.ActiveMQConnectionFactory" description="JMS Connection Factory"
factory="org.apache.activemq.jndi.JNDIReferenceFactory" brokerURL="tcp://localhost:61616"
brokerName="LocalActiveMQBroker" />
但是,当我尝试执行注入时,即使密码不正确,我也可以轻松创建 ConnectionFactory 对象和 send/receive 消息。我怎么能否认呢?
我认为您还需要为队列和主题添加授权条目。
示例授权插件配置:
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins,publishers" read="admins,consumers" admin="admins" />
<authorizationEntry topic=">" write="admins,publishers" read="admins,consumers" admin="admins" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>