activeMQSecurity--实现登录验证

     ActiveMQ支持可插拔的安全机制，用以在不同的provider之间切换。例如JAAS Authentication Plugin，Custom Authentication Implementation，Authorization Plugin 
下面以JAAS Authentication Plugin为例。

    JAAS Authentication Plugin依赖标准的JAAS机制来实现认证。通常情况下，你需要通过设置Java.security.auth.login.config系统属性来 配置login modules的配置文件。如果没有指定这个系统属性，那么JAAS Authentication Plugin会缺省使用login.config作为文件名。

    到官网http://activemq.apache.org/下载 activeMQ发布，目前activeMQ5.11需要JDK7支持,下面以activeMQ5.9+JDK6为例。打开conf文件夹如下

1.打开文件login.config，

[html]  view plain  copy

 

1. activemq-domain {  
2.     org.apache.activemq.jaas.PropertiesLoginModule required  
3.     org.apache.activemq.jaas.properties.user="users.properties"  
4.     org.apache.activemq.jaas.properties.group="groups.properties";  
5. };  

2.打开文件groups.properties

[html]  view plain  copy

 

1. #格式：用户组=用户1,用户2,...  
2. admins=system,  
3. users=system,client,user  
4. guests=guest  

[html]  view plain  copy

 

1. #格式user=password  
2. system=pass0  
3. user=pass1  
4. guest=pass2  

[html]  view plain  copy

 

1.         <plugins>      
2.       
3. <jaasAuthenticationPlugin configuration="activemq-domain" />      
4.       
5. <authorizationPlugin>    
6.     <map>    
7.      <authorizationMap>    
8.         <authorizationEntries>    
9.           <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />   
10.           <authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />    
11.           <authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" />    
12.             
13.             
14.               
15.           <authorizationEntry topic=">" read="admins" write="admins" admin="admins" />    
16.           <authorizationEntry topic="USERS.>" read="users" write="users" admin="users" />    
17.           <authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" />  
18.           
19.               
20.           <authorizationEntry queue="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>    
21.           <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>    
22.          authorizationEntries>    
23.      authorizationMap>    
24.    map>    
25.                     authorizationPlugin>       
26.   plugins>   

In ActiveMQ we use a number of operations which you can associate with user roles and either individual queues or topics or you can use wildcards to attach to hierarchies of topics and queues.

项目引入activeMQ的jar包依赖,

[html]  view plain  copy

 

1. <dependency>  
2.        <groupId>org.activemqgroupId>  
3.        <artifactId>activemq-allartifactId>  
4.        <version>5.9.0version>  
5.  dependency>  

实现代码

[java]  view plain  copy

 

1. import org.apache.activemq.ActiveMQConnection;  
2. import org.apache.activemq.ActiveMQConnectionFactory;  
3. import org.slf4j.Logger;  
4. import org.slf4j.LoggerFactory;  
5.   
6. import javax.jms.*;  
7.   
8. /** 
9.  * Created by IntelliJ IDEA. 
10.  * Author: ndong 
11.  * Date: 2015-2-13 
12.  * Time: 16:50 
13.  */  
14. public class ClientListener implements MessageListener {  
15.   private static final Logger logger = LoggerFactory.getLogger(ClientListener.class);  
16.   
17.   //在点对点（PTP）消息传递域中，目的地被成为队列（queue）  
18.   private Destination destination = null;  
19.   //初始化 一个JMS客户端到JMS Provider的连接  
20.   private Connection connection = null;  
21.   //初始化  一个接受消息的进程  
22.   private Session session = null;  
23.   //初始化 消息消费者  
24.   private MessageConsumer consumer = null;  
25.   
26.   public ClientListener() throws Exception {  
27.     initialize();  
28.   }  
29.   
30.   private void initialize() throws Exception {  
31.     String userName = "user";  
32.     String password = "pass1";  
33.     String url = "failover://tcp://localhost:61616";  
34.     if (StringUtil.isEmpty(url)) {  
35.       logger.error("can't read BROKER.URL in property file");  
36.       throw new Exception("请在配置文件中，添加服务地址。");  
37.     }  
38.     ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory(  
39.       userName, password, url);  
40.     connection = connectionFactory.createConnection();  
41.     ((ActiveMQConnection) connection).addTransportListener(new ClientTransportListener());  
42.     //false 参数表示 为非事务型消息，后面的参数表示消息的确认类型（见4.消息发出去后的确认模式）  
43.     session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);  
44.     String subject = "test.subject";  
45.     destination = session.createQueue(subject);  
46.     consumer = session.createConsumer(destination);  
47.   }  
48.   
49.   public void start() throws Exception {  
50.     logger.info("begin listening...");  
51.     consumer.setMessageListener(this);  
52.     connection.start();  
53.   }  
54.   
55.   /** 
56.      * 消息处理函数 
57.      * 
58.      * @param message 
59.      */  
60.     public void onMessage(Message message) {  
61.       try {  
62.         if (message instanceof TextMessage) {  
63.           TextMessage txtMsg = (TextMessage) message;  
64.           String msg = txtMsg.getText();  
65.           logger.info("received msg:" + msg);  
66.            
67.             
68.         } else {  
69.           logger.info("consumer received: " + message);  
70.         }  
71.       } catch (Exception e) {  
72.         logger.error(e.getMessage(), e);  
73.       }  
74.     }  
75.   
76.   
77. }  

ActiveMQ Web Console Security

ActiveMQ使用的是jetty服务器, 通过控制台可以监控消息，默认端口为8161，可通过浏览器http://localhost:8161/admin/index.jsp查看

默认登录密码为admin/admin,修改默认账户，打开conf/jetty.xml文件，找到

[html]  view plain  copy

 

1. <bean id="securityConstraint" class="org.eclipse.jetty.http.security.Constraint">  
2.         <property name="name" value="BASIC" />  
3.         <property name="roles" value="admin" />  
4.         <property name="authenticate" value="false" />  
5. bean>  

将property name为authenticate的属性value="false" 改为"true"，
控制台的登录用户名密码保存在conf/jetty-realm.properties文件中,内容如下:

## ---------------------------------------------------------------------------
## Licensed to the Apache Software Foundation (ASF) under one or more
## contributor license agreements.  See the NOTICE file distributed with
## this work for additional information regarding copyright ownership.
## The ASF licenses this file to You under the Apache License, Version 2.0
## (the "License"); you may not use this file except in compliance with
## the License.  You may obtain a copy of the License at
## 
## http://www.apache.org/licenses/LICENSE-2.0
## 
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------


# Defines users that can access the web (console, demo, etc.)
# username: password [,rolename ...]
admin: admin, admin

值得注意的是 用户名和密码的格式是

用户名 : 密码 ,角色名

finish