To build upon authentication, consider a use case requiring more fine-grained control over clients to authorize certain tasks. ActiveMQ provides two levels of authorization: operation-level authorization and message-level authorization. These two types of authorization provide a more detailed level of control than simple authentication. This section discusses these two types of authorization and walks through some examples to demonstrate each.

There are three types of user-level operations with JMS destinations:

  • Read — The ability to receive messages from the destination
  • Write — The ability to send messages to the destination
  • Admin — The ability to administer the destination

Through these well-known operations, you can control the ability to perform the operations. Using the ActiveMQ XML configuration file, such authorization can be easily defined. Take a look at the following listing to add some operation-specific authorization to some destinations.

...

<plugins>

    <plugins>

        <jaasAuthenticationPlugin configuration="activemq-domain"/>

    </plugins>

    <authorizationPlugin>

        <map>

            <authorizationMap>

                <authorizationEntries>

                    <authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>

                    <authorizationEntry queue="EXAMPLE.>" read="consumers" write="producers" admin="producers"/>

                    <authorizationEntry queue="EXAMPLE.HelloQueue" read="guests"/>

                    <authorizationEntry topic="ActiveMQ.Advisory.>"

                        read="admins,producers,consumers,guests"

                        write="admins,producers,consumers,guests"

                        admin="admins,producers,consumers,guests"/>

                </authorizationEntries>

            </authorizationMap>

        </map>

    </authorizationPlugin>

</plugins>

...

In the listing, the JAAS authorization plug-in has been defined and pointed at the activemq-domain configuration in the login.config file. It has also been provided with a map of authorization entries. When configuring the map of authorization entries, the first task is to define the destination to be secured. This is achieved through the use of either a topic or a queue attribute on the entry. The next task is to declare which users and/or groups have privileges for operations on that destination.

A handy feature is the ability to define the destination value using wildcards. For example, EXAMPLE.> means the entry applies to all destinations in the EXAMPLE path recursively. Also, the authorization operations will accept either a single group or a comma-separated list of groups as a value.

Considering this explanation, the configuration used in the previous example can be translated as follows:

  • Users from the admins group have full access to all queues
  • Consumers can consume and producers can send messages to the destinations in the EXAMPLE path
  • Guests can only consume from the EXAMPLE.HelloQueue queue

ActiveMQ(5.10.0) - Destination-level authorization的更多相关文章

  1. ActiveMQ 5.10.0 安装与配置

    先在官网下载activeMQ,我这里是5.10.0. 然后在解压在一个文件夹下即可. 我这里是:D:\apache-activemq-5.10.0-bin 然后进入bin目录:D:\apache-ac ...

  2. ActiveMQ(5.10.0) - Configuring the JAAS Authentication Plug-in

    JAAS provides pluggable authentication, which means ActiveMQ will use the same authentication API re ...

  3. ActiveMQ(5.10.0) - Spring Support

    Maven Dependency: <dependencies> <dependency> <groupId>org.apache.activemq</gro ...

  4. ActiveMQ(5.10.0) - 删除闲置的队列或主题

    方法一 通过 ActiveMQ Web 控制台删除. 方法二 通过 Java 代码删除. ActiveMQConnection.destroyDestination(ActiveMQDestinati ...

  5. ActiveMQ(5.10.0) - hello world

    Sending a JMS message public class MyMessageProducer { ... // 创建连接工厂实例 ConnectionFactory connFactory ...

  6. ActiveMQ(5.10.0) - Connection Configuration URI

    An Apache ActiveMQ connection can be configured by explicitly setting properties on the ActiveMQConn ...

  7. ActiveMQ(5.10.0) - Configuring the Simple Authentication Plug-in

    The easiest way to secure the broker is through the use of authentication credentials placed directl ...

  8. ActiveMQ(5.10.0) - Building a custom security plug-in

    If none of any built-in security mechanisms works for you, you can always build your own. Though the ...

  9. ActiveMQ(5.10.0) - JNDI Support

    1. Place the jndi.properties file on the classpath. java.naming.factory.initial = org.apache.activem ...

随机推荐

  1. dns解析对SEO产生的影响

    DNS 是域名系统 (Domain Name System) 的缩写,它是由解析器和域名服务器组成的.域名服务器是指保存有该网络中所有主机的域名和对应的IP地址,并具有将域名转换为IP地址功能的服务器 ...

  2. 三星手机 Samsung Galaxy S3 无法复制粘贴的不完美解决方法

    问题简单描述 从上周开始我的Samsung Galaxy S3手机就无法实现复制粘贴功能了,每次复制时都提示复制到了剪贴板,但是粘贴时就会发现根本粘贴不了,无法打开剪贴板.真的是莫明其妙啊,我的手机没 ...

  3. request,response,session

    1.request.getParameter("key")接受的是来自客户登陆端的数据,接受的是post或get方式传送的value. 2.请求的默认字符集是ISO-8859-1, ...

  4. CSS 文本格式

    整理自:(http://www.w3school.com.cn/css/css_text.asp) Text Color 颜色属性被用来设置文字的颜色. 颜色是通过CSS最经常的指定: 十六进制值 - ...

  5. 解决Linux下sqlplus中文乱码问题

    错误现象:在windows下用其他工具访问oracle,确认中文正常显示.在Linux下使用sqlplus查询数据表中文内容出现乱码. 分析及解决:因为windows下正常,所以问题应出现在Linux ...

  6. [置顶] 《Windows编程零基础》__2 一个完整的程序

    Windows开发的常识 1)窗口 Windows中最基本的概念也许就是窗口了,每一个前台程序都至少有一个窗口,一个窗口也是你可以看到的部分,比如,QQ有如下的登录窗口 基本上你在Windows中可见 ...

  7. notepad++ 输入中文无响应

    如果是win7,到用户文件夹 C:\Users\xxxxxxxx\AppData\Roaming\Notepad++ 里面的config.xml 删掉,然后重新打开,应该就可以了,  代价是会删除之前 ...

  8. Codeforces Gym 100637B B. Lunch 找规律

    B. Lunch Time Limit: 20 Sec Memory Limit: 256 MB 题目连接 http://codeforces.com/gym/100637/problem/B Des ...

  9. Android Dalvik虚拟机初识(转)

    原文地址:http://blog.csdn.net/andyxm/article/details/6126907 android虚拟机jvmjava优化linux内核 首先,让我们来思考下面几个问题: ...

  10. c语言下的通用数据库接口(之sqlite消化,模拟c#,java的反射)

    在java/C#中都有类的反射,而C下是不存在的. java/C#中能够把表设计成类.而C下仅仅能设计成结构体形式. 在java中有hibernate来操作数据库,可是在C以下怎么设计好呢? 如今,我 ...