ActiveMQ授权
[英]ActiveMQ authorization
问题描述
If I want to implement JAAS authorization on Apache ActiveMQ, do I have to use the plug-in in the activemq.xml configuration file? 
如果要在Apache ActiveMQ上实现JAAS授权,是否必须使用activemq.xml配置文件中的插件?
This way is really NOT good because if I want to change authorization, I have to change the activemq.xml file and restart the server in order to work. 这种方式确实不好,因为如果要更改授权,则必须更改activemq.xml文件并重新启动服务器才能正常工作。
Is there any way I can use like JAAS authentication by changing other properties file rather than the activemq.xml file? 是否可以通过更改其他属性文件而不是activemq.xml文件来使用类似JAAS身份验证的方法? Or can I custom my own authorization plugin? 还是可以自定义我自己的授权插件?
Thanks. 谢谢。
2 个解决方案
解决方案1
4 已采纳 2012-07-20 09:26:27
Whenever I have set up ActiveMQ security, I have found it best to use the plain AuthorizationPlugin with wildcards that denote the destinations covered (which is why it's really handy to use naming conventions fro your queues and topics). 每当我设置ActiveMQ安全性时,我都发现最好使用带通配符的普通AuthorizationPlugin来表示所覆盖的目的地(这就是为什么在队列和主题中使用命名约定确实很方便)的原因。 The idea is that you define a handful of user groups and grant them access to those destinations. 这样的想法是,您定义了少数用户组,并授予他们访问这些目的地的权限。
The role of assigning a group from a username is handled by one of the authentication plugins - the JAAS plugin is particularly useful for externalising this information outside the ActiveMQ config in an LDAP directory. 从用户名分配组的角色由身份验证插件之一处理-JAAS插件对于在LDAP目录中的ActiveMQ配置之外外部化此信息特别有用。
Check out the ActiveMQ Security Guide from FuseSource (registration required) for further information. 请查阅FuseSource的《 ActiveMQ安全指南》 (需要注册)以获取更多信息。
Update 2018-07-02 ActiveMQ Security Guide , now located on redhat. 更新2018-07-02 ActiveMQ安全指南 ,现在位于redhat上。
解决方案2
3 2015-07-10 15:01:07
I found some code snippets that ended up being tremendously helpful in getting started on this subject: 我发现了一些代码片段,这些片段最终对入门这个主题非常有帮助:
http://activemq.2283324.n4.nabble.com/Fully-programmatic-authorization-map-tp2344815.html http://activemq.2283324.n4.nabble.com/Fully-programmatic-authorization-map-tp2344815.html
Here's how I ended up using it (may not be the best way): 这是我最终使用它的方式(可能不是最好的方法):
public class TestAuthorizationPlugin extends AuthorizationPlugin {
Then: 然后:
@Override
public Broker installPlugin(Broker broker) {
List<DestinationMapEntry> entries = new ArrayList<DestinationMapEntry>();
try {
entries.add(makeTopicAuthorization("groupA.topic", "groupA", "groupA", "groupA"));
entries.add(makeQueueAuthorization("groupA.queue", "groupA", "groupA", "groupA"));
entries.add(makeQueueAuthorization("groupB.queue", "groupB", "groupB", "groupB"));
entries.add(makeTopicAuthorization("ActiveMQ.Advisory.>", "all", "all", "all"));
AuthorizationMap authMap = new DefaultAuthorizationMap(entries);
return new AuthorizationBroker(broker, authMap);
} catch (Exception e) {
LOGGER.error(e);
}
return new AuthorizationBroker(broker, null);
}
jar this and stick it in <activemq_home>/lib/ . 将其罐入并粘贴在<activemq_home>/lib/ 。
Modify the activemq.xml: 修改activemq.xml:
<plugins>
<!-- use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
<jaasAuthenticationPlugin configuration="activemq" />
<!-- Authorization control -->
<bean xmlns="http://www.springframework.org/schema/beans" class="com.blackstrype.activemq.security.TestAuthorizationPlugin"/>
</plugins>
Another helpful link for more info on autho plugin dev: 有关autho插件dev的更多信息的另一个有用链接:
http://mariuszprzydatek.com/2014/01/04/token-based-authentication-plugin-for-activemq/ http://mariuszprzydatek.com/2014/01/04/token-based-authentication-plugin-for-activemq/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.