ActiveMQ(5.10.0) - Destination-level authorization

时间:2022-01-14 09:42:57

To build upon authentication, consider a use case requiring more fine-grained control over clients to authorize certain tasks. ActiveMQ provides two levels of authorization: operation-level authorization and message-level authorization. These two types of authorization provide a more detailed level of control than simple authentication. This section discusses these two types of authorization and walks through some examples to demonstrate each.

There are three types of user-level operations with JMS destinations:

  • Read — The ability to receive messages from the destination
  • Write — The ability to send messages to the destination
  • Admin — The ability to administer the destination

Through these well-known operations, you can control the ability to perform the operations. Using the ActiveMQ XML configuration file, such authorization can be easily defined. Take a look at the following listing to add some operation-specific authorization to some destinations.

...

<plugins>

    <plugins>

        <jaasAuthenticationPlugin configuration="activemq-domain"/>

    </plugins>

    <authorizationPlugin>

        <map>

            <authorizationMap>

                <authorizationEntries>

                    <authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>

                    <authorizationEntry queue="EXAMPLE.>" read="consumers" write="producers" admin="producers"/>

                    <authorizationEntry queue="EXAMPLE.HelloQueue" read="guests"/>

                    <authorizationEntry topic="ActiveMQ.Advisory.>"

                        read="admins,producers,consumers,guests"

                        write="admins,producers,consumers,guests"

                        admin="admins,producers,consumers,guests"/>

                </authorizationEntries>

            </authorizationMap>

        </map>

    </authorizationPlugin>

</plugins>

...

In the listing, the JAAS authorization plug-in has been defined and pointed at the activemq-domain configuration in the login.config file. It has also been provided with a map of authorization entries. When configuring the map of authorization entries, the first task is to define the destination to be secured. This is achieved through the use of either a topic or a queue attribute on the entry. The next task is to declare which users and/or groups have privileges for operations on that destination.

A handy feature is the ability to define the destination value using wildcards. For example, EXAMPLE.> means the entry applies to all destinations in the EXAMPLE path recursively. Also, the authorization operations will accept either a single group or a comma-separated list of groups as a value.

Considering this explanation, the configuration used in the previous example can be translated as follows:

  • Users from the admins group have full access to all queues
  • Consumers can consume and producers can send messages to the destinations in the EXAMPLE path
  • Guests can only consume from the EXAMPLE.HelloQueue queue

ActiveMQ(5.10.0) - Destination-level authorization的更多相关文章

  1. ActiveMQ 5&period;10&period;0 安装与配置

    先在官网下载activeMQ,我这里是5.10.0. 然后在解压在一个文件夹下即可. 我这里是:D:\apache-activemq-5.10.0-bin 然后进入bin目录:D:\apache-ac ...

  2. ActiveMQ&lpar;5&period;10&period;0&rpar; - Configuring the JAAS Authentication Plug-in

    JAAS provides pluggable authentication, which means ActiveMQ will use the same authentication API re ...

  3. ActiveMQ&lpar;5&period;10&period;0&rpar; - Spring Support

    Maven Dependency: <dependencies> <dependency> <groupId>org.apache.activemq</gro ...

  4. ActiveMQ&lpar;5&period;10&period;0&rpar; - 删除闲置的队列或主题

    方法一 通过 ActiveMQ Web 控制台删除. 方法二 通过 Java 代码删除. ActiveMQConnection.destroyDestination(ActiveMQDestinati ...

  5. ActiveMQ&lpar;5&period;10&period;0&rpar; - hello world

    Sending a JMS message public class MyMessageProducer { ... // 创建连接工厂实例 ConnectionFactory connFactory ...

  6. ActiveMQ&lpar;5&period;10&period;0&rpar; - Connection Configuration URI

    An Apache ActiveMQ connection can be configured by explicitly setting properties on the ActiveMQConn ...

  7. ActiveMQ&lpar;5&period;10&period;0&rpar; - Configuring the Simple Authentication Plug-in

    The easiest way to secure the broker is through the use of authentication credentials placed directl ...

  8. ActiveMQ&lpar;5&period;10&period;0&rpar; - Building a custom security plug-in

    If none of any built-in security mechanisms works for you, you can always build your own. Though the ...

  9. ActiveMQ&lpar;5&period;10&period;0&rpar; - JNDI Support

    1. Place the jndi.properties file on the classpath. java.naming.factory.initial = org.apache.activem ...

随机推荐

  1. Jquery 学习之基础一

    1.添加一个CSS类 $("button").click(function(){  $("#div1").addClass("important bl ...

  2. soap base64 调用

      xsd__base64Binary data;     data.__ptr = (unsigned char*) soap_malloc(_soapProxy,picLen);     data ...

  3. postfix之dovecot

    dovecot-1.0.rc14安装 注:我的系统是RHEL4一.RPM格式1.安装RPM包:2.编辑/etc/dovecot.conf其中,修改protocols = imap pop3 passd ...

  4. 两行代码搞定UITableView无数据无网络显示-b

    不知是否有像我一样的,每次写TableView在监听网络和无数据源时逻辑处理提示视图都是一堆代码,很繁琐也很重复的垃圾代码(可能就只有我这样

  5. Window下JDK安装与配置

    今天项目组开会,由于.Net平台的限制无法满足现有业务需求,项目计划从.Net平台转Java平台,采用Java+Spark+Hadoop,之前关于Java和Hadoop的书也买的有只是平时看的少,最近 ...

  6. vue使用之剑走偏锋——菜单组件篇

    背景 习惯了这样的写法了,上来先来一个背景,交待一下事情的起因.事情的起因很简单,用惯了mvc框架,想来一发前后端完全分离的框架试试.选用的人员和技术是这样子的,让原本做java的web开发的人员使用 ...

  7. 2017年最好的JavaScript库

    iTour 它让你有机会告诉你任何接口的功能.此外,这个插件可以执行教学,显示任务的功能,提示你做什么和跟进任务的执行.这是他所有类似软件中最灵活和功能最强的插件. Popper.js 这是屏幕上的一 ...

  8. 《深入探索Netty原理及源码分析》文集小结

    <深入探索Netty原理及源码分析>文集小结 https://www.jianshu.com/p/239a196152de

  9. MSTSC 3389 端口修改

    1. 启动注册表编辑器. 2. 找到并单击以下注册表子项: 3. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server ...

  10. 状压dp的另一种形式

    做的那么多都是一些比较怎么说呢,都是在数网格一类的题目之中,这些题目有些有点固定的套路,而一些需要状态压缩的题目呢,则么是真正对状态转移的考验. 这道题呢,被彻底打脸了,以后一定要任性一点一道题做不出 ...

相关文章