复杂单代理配置(仅限 STOMP)
使用 ActiveMQ Classic > 用户提交的配置 > 复杂单代理配置(仅限 STOMP)
ActiveMQ Classic 配置示例,包括预定义队列、简单目标安全(可以轻松更新为 JAAS)、具有 Jetty JAAS 的复杂 Web 控制台安全以及 JMX 安全。
虽然这是一个相当详细的配置,但它锁定了所有 ActiveMQ Classic 服务。如果 ActiveMQ Classic 像这样默认提供封闭的配置,那就太好了。
在此示例中,假定 ActiveMQ Classic 安装在 /usr/local/activemq/ 中。
<!--
ActiveMQ Classic activemq.xml configuration file (/usr/local/activemq/conf/activemq.xml)
* ActiveMQ Classic JVM Startup options are in /etc/activemq.conf
* Uses the Sun JMX connector for remote management. Point jconsole at:
service:jmx:rmi:///jndi/rmi://myserver.domain.net:61616/jmxrmi
* Uses Kaha persistence storage, stored in the "activemq-data" directory.
"activemq-data" and "logs" sub-directories must be writable by the
ActiveMQ Classic user.
* Also see conf/log4j.properties for logging configuration
-->
<beans>
<!-- Enables system properties as variables in this configuration file -->
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
<broker xmlns="http://activemq.org/config/1.0" brokerName="SERVER1"
populateJMSXUserID="true" useJmx="true" persistent="true">
<!-- Queue setup. Queues can be created on the fly by any user with
admin rights, but it is not good to give every user admin rights. -->
<destinations>
<queue physicalName="widgets" />
<queue physicalName="spacecontrol" />
<queue physicalName="displays" />
</destinations>
<!-- We only allow Stomp clients -->
<transportConnectors>
<transportConnector name="stomp" uri="stomp://127.0.0.1:61613"/>
</transportConnectors>
<!-- We don't have any other brokers to connect to -->
<networkConnectors>
</networkConnectors>
<!-- Do not create an ActiveMQ JMX connector. Use the Sun JMX connector
instead, and hook ActiveMQ Classic to it. -->
<managementContext>
<managementContext createConnector="false" />
</managementContext>
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="sa" password="manager" groups="producers,consumers,admins" />
<authenticationUser username="frontend" password="manager" groups="producers,consumers" />
<authenticationUser username="backend" password="manager" groups="consumers" />
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="producers" read="consumers" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
</broker>
<!-- Do not create ActiveMQ.Agent topic, as it does not work if
destination security is enabled -->
<!-- <commandAgent xmlns="http://activemq.org/config/1.0"/> -->
<!-- Web Console. Auth is via JAAS. Beware: jetty-plus-6.1.4.jar contains the
JAAS classes, and is not included with ActiveMQ Classic. You need to download
separately. Web Console queue browser will fail, as it tries to use JMS
to browse the queue, and that requires a password.
-->
<jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
<connectors>
<nioConnector port="8161" />
</connectors>
<userRealms>
<!-- "name" must match the realm in web.xml, and "loginModuleName" must be defined in login.conf -->
<jaasUserRealm name="ActiveMQ" loginModuleName="ActiveMQ"
callbackHandlerClass="org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler" />
</userRealms>
<handlers>
<webAppContext contextPath="/admin" resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
</handlers>
</jetty>
</beans>
将此 XML 代码段添加到 /admin/ 应用程序的 web.xml 文件中,以启用与上述 activemq.xml 配置匹配的 HTTP 身份验证。
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Console</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admins</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ActiveMQ</realm-name>
</login-config>
