Activemq 安全机制以及稳定性研究
1) 安全接入機制:
activemq啟動時加載配置文件$ACTIVEMQ_HOME/conf/activemq.xml, 在activemq.xml的<broker>節點中添加以下元素以提供對建立連接時的用戶名/密碼的支持:
<plugins><simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="manager"
groups="users,admins"/>
<authenticationUser username="user" password="password"
groups="users"/>
<authenticationUser username="guest" password="password" groups="guests"/>
</users>
</simpleAuthenticationPlugin>
<!-- lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />
<authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" />
<authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
<authorizationEntry topic="USERS.>" read="users" write="users" admin="users" />
<authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
</authorizationEntries>
<!-- let's assign roles to temporary destinations. comment this entry if we don't want any roles assigned to temp destinations -->
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry read="tempDestinationAdmins" write="tempDestinationAdmins" admin="tempDestinationAdmins"/>
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
其中對哪種用戶能夠訪問哪些類型的隊列做了限制。
在客戶端java連接activemq的配置如下:
<bean id="connectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory"><property name="brokerURL">
<value>tcp://10.100.8.5:61616?wireFormat.maxInactivityDuration=0&jms.useAsyncSend=true</value>
</property>
<property name="userName" value="system"/>
<property name="password" value="manager"/>
</bean>
2)限定只能從本地連接activemq:
?? <transportConnectors>
????? <transportConnector name="openwire" uri="tcp://0.0.0.0:61616" />
?? </transportConnectors>
? 將上面的0.0.0.0改為localhost或127.0.0.1即可限定只能從本機連接。
3) 主備機機制:
??? 將連接的url設置為:
failover:(tcp://primary:61616,tcp://secondary:61616)?randomize=false?當primary斷開后,會自動地連接secondary.
例如:
<bean id="connectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory"><!-- mq's URL -->
<!-- wireFormat.maxInactivityDuration=0 means never close the inactive connection -->
<property name="brokerURL">
<value>failover:(tcp://localhost:61616?wireFormat.maxInactivityDuration=0,tcp://10.100.8.5:61616?wireFormat.maxInactivityDuration=0)?randomize=false&jms.useAsyncSend=true</value>
</property>
</bean>
注意當使用failover:時,jms.*類型的參數寫在括號外面才對,否則activemq不能正確解析。
4)在同一個機器上啟動多個MQ Broker:
Master的配置文件為conf/activemq.xml, 將其復制一份,保存為activemq2.xml,然后做如下的修改:
1.??????? 修改broker的name屬性,如:brokerName=”slaveBroker”, 添加broker的屬性 masterConnectorURI="tcp://masterhost:62001"
2.??????? 修改data directory位置,使其不與master的data directory重復:
<persistenceAdapter>
?????? <kahaDB directory=”${activemq.base}/data/kahaDB2” />
</persistenceAdapter>
?
3.??????? 修改WEB控制臺配置:
web控制臺的配置在jetty.xml中,復制這個文件保存為jetty2.xml,然后將jetty2.xml作為web控制臺的配置文件:
<import resource=”jetty2.xml”/>
然后在jetty2.xml中修改web服務的端口以避免沖突:
<bean id=”Connector” …>
?????? <property name=”port” value=”8102” />
</bean>
?
啟動slave broker:
cd? ${activemq-base}/bin
./activemq xbean:activemq2.xml? &
?
轉載于:https://www.cnblogs.com/zhongkl/archive/2011/08/12/2136553.html
總結
以上是生活随笔為你收集整理的Activemq 安全机制以及稳定性研究的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 我的RHCA之路随想
- 下一篇: JBPM流程部署校验之java利用XSD