Activemq配置——Jaas方式配置用户登录验证

配置方式：

一、要配置系统环境变量：配置Jaas加载的配置文件路径。

linux下使用

export ACTIVEMQ_OPTS=-Djava.security.auth.login.config=<login.config存储路径> 

windows下

SET ACTIVEMQ_OPTS=%ACTIVEMQ_OPTS% -Djava.security.auth.login.config=<login.config存储路径>

二、配置配置文件

在配置文件broker之间添加下面的配置

1. <plugins>  
2.         <!-- Configure authentication; Username, passwords and groups
3.  添加jaas认证插件  
4. activemq-domain 在login.config里面定义,详细见login.config -->  
6.         <jaasAuthenticationPlugin configuration="activemq-domain" />
7.   
8.   
9.       <!--  Lets configure a destination based authorization mechanism 
10. 配置队列用户权限，>表示任意字符 -->  
11.       <authorizationPlugin>  
12.         <map>  
13.           <authorizationMap>  
14.             <authorizationEntries>  
15.               <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />  
16.               <authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />  
17.               <authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" />  
18.                 
19.               <authorizationEntry queue="TEST.Q" read="guests" write="guests" />  
20.                 
21.               <authorizationEntry topic=">" read="admins" write="admins" admin="admins" />  
22.               <authorizationEntry topic="USERS.>" read="users" write="users" admin="users" />  
23.               <authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" />  
24.                 
25.               <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>  
26.             </authorizationEntries>  
27.           </authorizationMap>  
28.         </map>  
29.       </authorizationPlugin>  
30.     </plugins>  

1. activemq-domain //与配置文件中jaas plugin配置中的configuration相一致
2. {
       org.apache.activemq.jaas.PropertiesLoginModule required//加载模块
           debug=true //设置调试模式
           org.apache.activemq.jaas.properties.user="users.properties"//配置users.properties的相应文件路径
           org.apache.activemq.jaas.properties.group="groups.properties";//配置groups.properties的相应文件路径
   };
   

users.properties：配置用户名和密码

1. ## ---------------------------------------------------------------------------
   ## Licensed to the Apache Software Foundation (ASF) under one or more
   ## contributor license agreements.  See the NOTICE file distributed with
   ## this work for additional information regarding copyright ownership.
   ## The ASF licenses this file to You under the Apache License, Version 2.0
   ## (the "License"); you may not use this file except in compliance with
   ## the License.  You may obtain a copy of the License at
   ## 
   ## http://www.apache.org/licenses/LICENSE-2.0
   ## 
   ## Unless required by applicable law or agreed to in writing, software
   ## distributed under the License is distributed on an "AS IS" BASIS,
   ## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   ## See the License for the specific language governing permissions and
   ## limitations under the License.
   ## ---------------------------------------------------------------------------
   
   #格式user=password
2. 
   system=manager
   user=password
   guest=password
   sslclient=CN=localhost, OU=activemq.org, O=activemq.org, L=LA, ST=CA, C=US
   

group.properties：配置用户对应的用户组

1. ## ---------------------------------------------------------------------------
   ## Licensed to the Apache Software Foundation (ASF) under one or more
   ## contributor license agreements.  See the NOTICE file distributed with
   ## this work for additional information regarding copyright ownership.
   ## The ASF licenses this file to You under the Apache License, Version 2.0
   ## (the "License"); you may not use this file except in compliance with
   ## the License.  You may obtain a copy of the License at
   ## 
   ## http://www.apache.org/licenses/LICENSE-2.0
   ## 
   ## Unless required by applicable law or agreed to in writing, software
   ## distributed under the License is distributed on an "AS IS" BASIS,
   ## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   ## See the License for the specific language governing permissions and
   ## limitations under the License.
   ## ---------------------------------------------------------------------------
   
   #格式：用户组=用户1,用户2,...
   admins=system,sslclient,client,broker1,broker2
   tempDestinationAdmins=system,user,sslclient,client,broker1,broker2
   users=system,user,sslclient,client,broker1,broker2
   guests=guest