ActiveMQ(5.10.0) - Configuring the simple authentication plug-in
2016-01-13 11:50
288 查看
The easiest way to secure the broker is through the use of authentication credentials placed directly in the broker’s XML configuration file. Such functionality is provided by the simple authentication plug-in that’s part of ActiveMQ. The following listing provides an example of using this plug-in.
By using this simple configuration snippet, four users can now access ActiveMQ. Obviously, for authentication purposes, each user must have a username and a password. Additionally, the groups attribute provides a comma-separated list of groups to which the user belongs. This information is used for authorization purposes, as will be seen shortly.
The preceding exception is expected because a security plug-in is activated but the authentication credentials haven’t yet been defined in the producer client. To fix this exception, modify the producer to add a username and password. The following snippet provides an example of this:
As the preceding snippet shows, the only necessary change is to define a username and a password that are then used as parameters to the call to the createConnection() method.
Unfortunately, with the simple authentication plug-in, passwords are stored (and transferred) as clear text, which impacts the security of the broker. But even plain-text passwords prevent unauthorized clients from interacting with the broker, and in some
environments this is all that’s needed. Additionally, you can consider using the simple authentication plug-in in combination with the SSL transport, which will at least solve the problem of sending plain passwords over the network.
<plugins> <simpleAuthenticationPlugin> <users> <authenticationUser username="admin" password="admin" groups="admins,producers,consumers"/> <authenticationUser username="producer" password="producer" groups="producers,consumers"/> <authenticationUser username="consumer" password="consumer" groups="consumers"/> <authenticationUser username="guest" password="guest" groups="guests"/> </users> </simpleAuthenticationPlugin> </plugins>
By using this simple configuration snippet, four users can now access ActiveMQ. Obviously, for authentication purposes, each user must have a username and a password. Additionally, the groups attribute provides a comma-separated list of groups to which the user belongs. This information is used for authorization purposes, as will be seen shortly.
The preceding exception is expected because a security plug-in is activated but the authentication credentials haven’t yet been defined in the producer client. To fix this exception, modify the producer to add a username and password. The following snippet provides an example of this:
private String username = "producer"; private String password = "producer"; public Producer() throws JMSException { factory = new ActiveMQConnectionFactory(brokerURL); connection = factory.createConnection(username, password); connection.start(); session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); producer = session.createProducer(null); }
As the preceding snippet shows, the only necessary change is to define a username and a password that are then used as parameters to the call to the createConnection() method.
Unfortunately, with the simple authentication plug-in, passwords are stored (and transferred) as clear text, which impacts the security of the broker. But even plain-text passwords prevent unauthorized clients from interacting with the broker, and in some
environments this is all that’s needed. Additionally, you can consider using the simple authentication plug-in in combination with the SSL transport, which will at least solve the problem of sending plain passwords over the network.
相关文章推荐
- 程序测试概论与单元测试详解
- Android Log 工具类
- 电信SMGP协议,基于开源的jar文件smgpapi20100113.jar进行实现
- 判断一个产品是否是一个可配置产品的子产品
- MySQL DATE_FORMAT() 函数
- Kill Session
- 实现服务器基准的最佳方式
- apache2.4 和php 开启gzip功能
- linux命令每天必学(15)之tail 命令
- Java应用服务器
- 有意思的两脚平板支架
- 关于函数的自己的参数,我们必须要用全局的变量来接收
- 浅析地理数据模型发展
- 设置In_Memery
- openstack命令行
- Css
- ubuntu14.0日志消息内容存放的位置
- 在论坛中出现的比较难的sql问题:29(row_number函数 组内某列的值连续出现3次标记出来)
- 浅谈Java生命周期管理机制
- 微信获取签名token