发表新帖
发表新帖

ActiveMQ authorization

后端 未结
关注
2 857
别那么骄傲
别那么骄傲 2021-01-01 05:14

If I want to implement JAAS authorization on Apache ActiveMQ, do I have to use the plug-in in the activemq.xml configuration file?

This way is really NOT good becaus

相关标签:
2条回答
  • 生来不讨喜
    2021-01-01 05:35

    I found some code snippets that ended up being tremendously helpful in getting started on this subject:

    http://activemq.2283324.n4.nabble.com/Fully-programmatic-authorization-map-tp2344815.html

    Here's how I ended up using it (may not be the best way):

    public class TestAuthorizationPlugin extends AuthorizationPlugin {

    Then:

    @Override
public Broker installPlugin(Broker broker) {
    List<DestinationMapEntry> entries = new ArrayList<DestinationMapEntry>(); 
    try {
        entries.add(makeTopicAuthorization("groupA.topic", "groupA", "groupA", "groupA"));
        entries.add(makeQueueAuthorization("groupA.queue", "groupA", "groupA", "groupA"));
        entries.add(makeQueueAuthorization("groupB.queue", "groupB", "groupB", "groupB"));
        entries.add(makeTopicAuthorization("ActiveMQ.Advisory.>", "all", "all", "all"));
        AuthorizationMap authMap = new DefaultAuthorizationMap(entries);
        return new AuthorizationBroker(broker, authMap);
    } catch (Exception e) {
        LOGGER.error(e);
    } 

    return new AuthorizationBroker(broker, null);
}

    jar this and stick it in <activemq_home>/lib/.

    Modify the activemq.xml:

    <plugins>
    <!--  use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
    <jaasAuthenticationPlugin configuration="activemq" />

    <!-- Authorization control -->
    <bean xmlns="http://www.springframework.org/schema/beans" class="com.blackstrype.activemq.security.TestAuthorizationPlugin"/>
</plugins>

    Another helpful link for more info on autho plugin dev:

    http://mariuszprzydatek.com/2014/01/04/token-based-authentication-plugin-for-activemq/

    0 讨论(0)
  • 慢半拍i
    2021-01-01 05:40

    Whenever I have set up ActiveMQ security, I have found it best to use the plain AuthorizationPlugin with wildcards that denote the destinations covered (which is why it's really handy to use naming conventions fro your queues and topics). The idea is that you define a handful of user groups and grant them access to those destinations.

    The role of assigning a group from a username is handled by one of the authentication plugins - the JAAS plugin is particularly useful for externalising this information outside the ActiveMQ config in an LDAP directory.

    Check out the ActiveMQ Security Guide from FuseSource (registration required) for further information.

    Update 2018-07-02 ActiveMQ Security Guide, now located on redhat.

    0 讨论(0)
 看不清?
提交回复
热议问题