ActiveMQ(5.10.0) - Destination-level authorization
To build upon authentication, consider a use case requiring more fine-grained control over clients to authorize certain tasks. ActiveMQ provides two levels of authorization: operation-level authorization and message-level authorization. These two types of authorization provide a more detailed level of control than simple authentication. This section discusses these two types of authorization and walks through some examples to demonstrate each.
There are three types of user-level operations with JMS destinations:
- Read — The ability to receive messages from the destination
- Write — The ability to send messages to the destination
- Admin — The ability to administer the destination
Through these well-known operations, you can control the ability to perform the operations. Using the ActiveMQ XML configuration file, such authorization can be easily defined. Take a look at the following listing to add some operation-specific authorization to some destinations.
...
<plugins>
<plugins>
<jaasAuthenticationPlugin configuration="activemq-domain"/>
</plugins>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins"/>
<authorizationEntry queue="EXAMPLE.>" read="consumers" write="producers" admin="producers"/>
<authorizationEntry queue="EXAMPLE.HelloQueue" read="guests"/>
<authorizationEntry topic="ActiveMQ.Advisory.>"
read="admins,producers,consumers,guests"
write="admins,producers,consumers,guests"
admin="admins,producers,consumers,guests"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
...
In the listing, the JAAS authorization plug-in has been defined and pointed at the activemq-domain configuration in the login.config file. It has also been provided with a map of authorization entries. When configuring the map of authorization entries, the first task is to define the destination to be secured. This is achieved through the use of either a topic or a queue attribute on the entry. The next task is to declare which users and/or groups have privileges for operations on that destination.
A handy feature is the ability to define the destination value using wildcards. For example, EXAMPLE.> means the entry applies to all destinations in the EXAMPLE path recursively. Also, the authorization operations will accept either a single group or a comma-separated list of groups as a value.
Considering this explanation, the configuration used in the previous example can be translated as follows:
- Users from the admins group have full access to all queues
- Consumers can consume and producers can send messages to the destinations in the EXAMPLE path
- Guests can only consume from the EXAMPLE.HelloQueue queue
ActiveMQ(5.10.0) - Destination-level authorization的更多相关文章
- ActiveMQ 5.10.0 安装与配置
先在官网下载activeMQ,我这里是5.10.0. 然后在解压在一个文件夹下即可. 我这里是:D:\apache-activemq-5.10.0-bin 然后进入bin目录:D:\apache-ac ...
- ActiveMQ(5.10.0) - Configuring the JAAS Authentication Plug-in
JAAS provides pluggable authentication, which means ActiveMQ will use the same authentication API re ...
- ActiveMQ(5.10.0) - Spring Support
Maven Dependency: <dependencies> <dependency> <groupId>org.apache.activemq</gro ...
- ActiveMQ(5.10.0) - 删除闲置的队列或主题
方法一 通过 ActiveMQ Web 控制台删除. 方法二 通过 Java 代码删除. ActiveMQConnection.destroyDestination(ActiveMQDestinati ...
- ActiveMQ(5.10.0) - hello world
Sending a JMS message public class MyMessageProducer { ... // 创建连接工厂实例 ConnectionFactory connFactory ...
- ActiveMQ(5.10.0) - Connection Configuration URI
An Apache ActiveMQ connection can be configured by explicitly setting properties on the ActiveMQConn ...
- ActiveMQ(5.10.0) - Configuring the Simple Authentication Plug-in
The easiest way to secure the broker is through the use of authentication credentials placed directl ...
- ActiveMQ(5.10.0) - Building a custom security plug-in
If none of any built-in security mechanisms works for you, you can always build your own. Though the ...
- ActiveMQ(5.10.0) - JNDI Support
1. Place the jndi.properties file on the classpath. java.naming.factory.initial = org.apache.activem ...
随机推荐
- JQuery学习使用笔记 -- JQuery插件开发
内容转载自 http://www.css88.com/archives/4821 扩展jQuery插件和方法的作用是非常强大的,它可以节省大量开发时间.这篇文章将概述jQuery插件开发的基本知识,最 ...
- QString 与 QByteArray笔记
程序中在于外设打交到是常常会用到读硬件显示到控件,或是读控件写到硬件的情况,操作的最多的是字节流,所以肯定会用到QString 和QByteArray,下面测试一些常用的转换: #include &l ...
- C#学习笔记(五):泛型
认识泛型 泛型使类型参数化,从而实现了算法上的代码重用. 同时由于去掉了转换中装箱和拆箱的操作,使用泛型还可以提高程序的运行速度. 我们先看看C#自带的使用了泛型的类: using System.Co ...
- ORA-01033: ORACLE initialization or shutdown in progress 实用的处理方法
ORA-01033: ORACLE initialization or shutdown in progress 实用的处理方法,此问题通常是由于电脑非正常关机造成的,我们可以用下面的方法查找出是那个 ...
- 简单http笔记
https是以安全为目的的网络传输协议,可以认为是http的安全版,https使用ssl协议保证安全传输.https位于网络模型的应用层,使用默认端口443进行通信,URL以https开头是https ...
- vs2012下安装VisualHG
好久没写东西了.懒了.最近开发用到HG,记录一下.希望对用这个的有用 http://visualhg.codeplex.com/ 这里下载 VisualHG 安装完默认情况下 源代码管理出不来Visu ...
- usr/bin/ld: cannot find 错误解决方法
参考:http://blog.siyebocai.cn/20100324_5p424qs7.html 通常在软件编译时出现的usr/bin/ld: cannot find -lxxx的错误,主要的原因 ...
- [C#]匿名类型的深拷贝
.net Framework 3.5 + C# 3 发布了包括LinQ等一系列功能,其中包括了匿名类型,而我们在升级到.net4后,发现原来写好的用于POCO的深拷贝方法 static object ...
- 解决ccSvcHst.exe CPU占用超50%的问题,及其缘由
无意中发现任务管理器中一个非常奇特的进程,迅速吃掉了我50%的cpu资源,并且是持续性的,于是上google一番查找,终于有了新的发现. 非常多问答产品所有都是清一色的 错误解决方式: 正常情况下,系 ...
- 让WPS支持VHDL的关键词加粗
WPS的VBA在这里下载:http://bbs.wps.cn/forum.php?mod=viewthread&tid=22347925 语法高亮是参考Word的,这篇文章:http://bl ...