activeMQ Security--实现登录验证
来源:互联网 发布:java 占位符替换 编辑:程序博客网 时间:2024/05/22 10:26
一、Security
ActiveMQ支持可插拔的安全机制,用以在不同的provider之间切换。例如JAAS Authentication Plugin,Custom Authentication Implementation,Authorization Plugin
下面以JAAS Authentication Plugin为例。
JAAS Authentication Plugin依赖标准的JAAS机制来实现认证。通常情况下,你需要通过设置java.security.auth.login.config系统属性来 配置login modules的配置文件。如果没有指定这个系统属性,那么JAAS Authentication Plugin会缺省使用login.config作为文件名。
到官网http://activemq.apache.org/下载 activeMQ发布,目前activeMQ5.11需要JDK7支持,下面以activeMQ5.9+JDK6为例。打开conf文件夹如下
1.打开文件login.config,
activemq-domain { org.apache.activemq.jaas.PropertiesLoginModule required org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties";};
这个login.config文件中设置了两个属性:org.apache.activemq.jaas.properties.user和 org.apache.activemq.jaas.properties.group分别用来指向user.properties
2.打开文件groups.properties
#格式:用户组=用户1,用户2,...admins=system,users=system,client,userguests=guest
3.打开文件user.properties
#格式user=passwordsystem=pass0user=pass1guest=pass2
<plugins> <!--use JAAS to authenticate using the login.config file on the classpath to configure JAAS --> <jaasAuthenticationPlugin configuration="activemq-domain" /> <!-- lets configure a destination based authorization mechanism --> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> <authorizationEntry queue="USERS.>" read="users" write="users" admin="users" /> <authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" /> <authorizationEntry topic=">" read="admins" write="admins" admin="admins" /> <authorizationEntry topic="USERS.>" read="users" write="users" admin="users" /> <authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" /> <authorizationEntry queue="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/> <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin> </plugins>
In ActiveMQ we use a number of operations which you can associate with user roles and either individual queues or topics or you can use wildcards to attach to hierarchies of topics and queues.
Operation
Description
read
You can browse and consume from the destination
write
You can send messages to the destination
admin
You can lazily create the destination if it does not yet exist. This allows you fine grained control over which new destinations can be dynamically created in what part of the queue/topic hierarchy
项目引入activeMQ的jar包依赖,
<dependency> <groupId>org.activemq</groupId> <artifactId>activemq-all</artifactId> <version>5.9.0</version> </dependency>
实现代码
import org.apache.activemq.ActiveMQConnection;import org.apache.activemq.ActiveMQConnectionFactory;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import javax.jms.*;/** * Created by IntelliJ IDEA. * Author: ndong * Date: 2015-2-13 * Time: 16:50 */public class ClientListener implements MessageListener { private static final Logger logger = LoggerFactory.getLogger(ClientListener.class); //在点对点(PTP)消息传递域中,目的地被成为队列(queue) private Destination destination = null; //初始化 一个JMS客户端到JMS Provider的连接 private Connection connection = null; //初始化 一个接受消息的进程 private Session session = null; //初始化 消息消费者 private MessageConsumer consumer = null; public ClientListener() throws Exception { initialize(); } private void initialize() throws Exception { String userName = "user"; String password = "pass1"; String url = "failover://tcp://localhost:61616"; if (StringUtil.isEmpty(url)) { logger.error("can't read BROKER.URL in property file"); throw new Exception("请在配置文件中,添加服务地址。"); } ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory( userName, password, url); connection = connectionFactory.createConnection(); ((ActiveMQConnection) connection).addTransportListener(new ClientTransportListener()); //false 参数表示 为非事务型消息,后面的参数表示消息的确认类型(见4.消息发出去后的确认模式) session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); String subject = "test.subject"; destination = session.createQueue(subject); consumer = session.createConsumer(destination); } public void start() throws Exception { logger.info("begin listening..."); consumer.setMessageListener(this); connection.start(); } /** * 消息处理函数 * * @param message */ public void onMessage(Message message) { try { if (message instanceof TextMessage) { TextMessage txtMsg = (TextMessage) message; String msg = txtMsg.getText(); logger.info("received msg:" + msg); } else { logger.info("consumer received: " + message); } } catch (Exception e) { logger.error(e.getMessage(), e); } }}
二、ActiveMQ Web Console Security
ActiveMQ使用的是jetty服务器, 通过控制台可以监控消息,默认端口为8161,可通过浏览器http://localhost:8161/admin/index.jsp查看
默认登录密码为admin/admin,修改默认账户,打开conf/jetty.xml文件,找到
<bean id="securityConstraint" class="org.eclipse.jetty.http.security.Constraint"> <property name="name" value="BASIC" /> <property name="roles" value="admin" /> <property name="authenticate" value="false" /></bean>
将property name为authenticate的属性value="false" 改为"true",
控制台的登录用户名密码保存在conf/jetty-realm.properties文件中,内容如下:
## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements. See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License. You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
# Defines users that can access the web (console, demo, etc.)
# username: password [,rolename ...]
admin: admin, admin
值得注意的是 用户名和密码的格式是
用户名 : 密码 ,角色名
- activeMQ Security--实现登录验证
- symfony使用security实现验证登录
- Spring security实现登录验证+权限控制
- spring security 登录验证
- spring Security 登录验证
- spring security登录验证
- 基于Spring Security实现手机验证码登录
- Spring Security 3.1 登录验证
- spring security 登录验证 感想
- spring security 一个验证码登录例子
- 使用Spring Security进行自动登录验证
- 使用Spring Security进行自动登录验证
- Spring security登录新增图片验证码
- Spring Security 4 整合Hibernate 实现持久化登录验证(带源码)
- spring-security 多类型用户登录+登录多参数验证
- XMLHttpRequest实现登录验证
- JQuery登录验证实现
- 登录验证servlet实现
- 从中国制造到中国智造,奥克斯如何独当一面?
- awk命令
- HDU 2029
- 不是牢骚,匿名干嘛
- 《C Primer Plus(第五版)中文版》第5章第1至8题
- activeMQ Security--实现登录验证
- 机器学习笔记(二)——k-近邻算法
- IOC概念,反射例子
- 如何利用intent调用系统的浏览器
- 素数筛法相关问题
- 浅析Lua中table的遍历
- 简评黑客利器——中国菜刀
- 改变UITextView文字之间的间距
- ECharts图表组件中级入门篇:如何通过Ajax异步获取图表数据赋值于图表并渲染呈现