複雜的單一 Broker 設定 (僅限 STOMP)
使用 ActiveMQ Classic > 使用者提交的設定 > 複雜的單一 Broker 設定 (僅限 STOMP)
ActiveMQ Classic 設定的範例,其中包含預定義的佇列、簡單的目的地安全性 (可以輕鬆更新為 JAAS)、使用 Jetty JAAS 的複雜 Web 主控台安全性以及 JMX 安全性。
雖然這是一個相當詳細的配置,但它鎖定了每個 ActiveMQ Classic 服務。如果 ActiveMQ Classic 出廠時就帶有這樣預設的封閉配置,那就太理想了。
在此範例中,假設 ActiveMQ Classic 安裝在 /usr/local/activemq/ 中。
<!--
ActiveMQ Classic activemq.xml configuration file (/usr/local/activemq/conf/activemq.xml)
* ActiveMQ Classic JVM Startup options are in /etc/activemq.conf
* Uses the Sun JMX connector for remote management. Point jconsole at:
service:jmx:rmi:///jndi/rmi://myserver.domain.net:61616/jmxrmi
* Uses Kaha persistence storage, stored in the "activemq-data" directory.
"activemq-data" and "logs" sub-directories must be writable by the
ActiveMQ Classic user.
* Also see conf/log4j.properties for logging configuration
-->
<beans>
<!-- Enables system properties as variables in this configuration file -->
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
<broker xmlns="http://activemq.org/config/1.0" brokerName="SERVER1"
populateJMSXUserID="true" useJmx="true" persistent="true">
<!-- Queue setup. Queues can be created on the fly by any user with
admin rights, but it is not good to give every user admin rights. -->
<destinations>
<queue physicalName="widgets" />
<queue physicalName="spacecontrol" />
<queue physicalName="displays" />
</destinations>
<!-- We only allow Stomp clients -->
<transportConnectors>
<transportConnector name="stomp" uri="stomp://127.0.0.1:61613"/>
</transportConnectors>
<!-- We don't have any other brokers to connect to -->
<networkConnectors>
</networkConnectors>
<!-- Do not create an ActiveMQ JMX connector. Use the Sun JMX connector
instead, and hook ActiveMQ Classic to it. -->
<managementContext>
<managementContext createConnector="false" />
</managementContext>
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="sa" password="manager" groups="producers,consumers,admins" />
<authenticationUser username="frontend" password="manager" groups="producers,consumers" />
<authenticationUser username="backend" password="manager" groups="consumers" />
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="producers" read="consumers" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
</broker>
<!-- Do not create ActiveMQ.Agent topic, as it does not work if
destination security is enabled -->
<!-- <commandAgent xmlns="http://activemq.org/config/1.0"/> -->
<!-- Web Console. Auth is via JAAS. Beware: jetty-plus-6.1.4.jar contains the
JAAS classes, and is not included with ActiveMQ Classic. You need to download
separately. Web Console queue browser will fail, as it tries to use JMS
to browse the queue, and that requires a password.
-->
<jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
<connectors>
<nioConnector port="8161" />
</connectors>
<userRealms>
<!-- "name" must match the realm in web.xml, and "loginModuleName" must be defined in login.conf -->
<jaasUserRealm name="ActiveMQ" loginModuleName="ActiveMQ"
callbackHandlerClass="org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler" />
</userRealms>
<handlers>
<webAppContext contextPath="/admin" resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" />
</handlers>
</jetty>
</beans>
將此 XML 片段添加到 /admin/ 應用程式的 web.xml 中,以啟用 HTTP 驗證,使其與上面的 activemq.xml 配置相符。
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Console</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admins</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ActiveMQ</realm-name>
</login-config>
