在 ActiveMQ 认证(一) 中,若用户名或密码不正确,不能连接到ActiveMQ。我们可以通过配置文件,确用户是否有消息的读取、写入和管理的权限。
在plugin配置节点下,配置以下信息:
<authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> <authorizationEntry queue="USERS.>" read="publishers" write="publishers" admin="admins" /> <authorizationEntry queue="FirstQueue.>" read="guests" write="consumer" admin="admins" /> <authorizationEntry queue="TEST.Q" read="guests" write="guests" /> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin>
每个authorizationEntry配置都有read、write和admin属性,分别对应读取、写入和管理。read、write和admin的值为在认证中用户对应的groups属性中的值。
authorizationEntry和消息队列的对应关系是通过通配符方式。
例如:<authorizationEntry queue="FirstQueue.>" read="guests" write="consumer" admin="admins" /> 对应以FirstQueue开头的消息队列。
===========================
完整的认证和权限的配置如下:
<plugins> <simpleAuthenticationPlugin> <users> <authenticationUser username="admin" password="password" groups="admins,publishers,consumers"/> <authenticationUser username="publisher" password="password" groups="publishers,consumers"/> <authenticationUser username="consumer" password="password" groups="consumers"/> <authenticationUser username="guest" password="password" groups="guests"/> </users> </simpleAuthenticationPlugin> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> <authorizationEntry queue="USERS.>" read="publishers" write="publishers" admin="admins" /> <authorizationEntry queue="FirstQueue.>" read="guests" write="consumer" admin="admins" /> <authorizationEntry queue="TEST.Q" read="guests" write="guests" /> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin> </plugins>