如果Activemq不加安全配置,那么任何知道隊列所在服務器IP的人都可以發送接收隊列消息
安全配置主要是通過配置賬號密碼增強安全性
1、添加訪問隊列的賬號密碼:conf/activemq.xml
//定義了一個 wusc 用戶,密碼為 wusc.123,角色為 users,admins(broker節點下添加)
|
1
2
3
4
5
6
7
|
<
plugins
>
<
simpleAuthenticationPlugin
>
<
users
>
<
authenticationUser
username
=
"wusc"
password
=
"wusc.123"
groups
=
"users,admins"
/>
</
users
>
</
simpleAuthenticationPlugin
>
</
plugins
>
|
2、設置控制台的賬號密碼
a) 開啟驗證選項:/conf/jetty.xml
確保 authenticate 的值為 true(默認)
|
1
2
3
4
5
|
<
bean
id
=
"securityConstraint"
class
=
"org.eclipse.jetty.util.security.Constraint"
>
<
property
name
=
"name"
value
=
"BASIC"
/>
<
property
name
=
"roles"
value
=
"admin"
/>
<
property
name
=
"authenticate"
value
=
"true"
/>
</
bean
>
|
b) 查看控制台賬號密碼
/conf/jetty-realm.properties
3、重啟activemq生效
./activemq restart
顯示 is already running表示activemq啟動成功
