如果Activemq不加安全配置,那么任何知道队列所在服务器IP的人都可以发送接收队列消息
安全配置主要是通过配置账号密码增强安全性
1、添加访问队列的账号密码:conf/activemq.xml
//定义了一个 wusc 用户,密码为 wusc.123,角色为 users,admins(broker节点下添加)
1
2
3
4
5
6
7
|
< plugins >
< simpleAuthenticationPlugin >
< users >
< authenticationUser username = "wusc" password = "wusc.123" groups = "users,admins" />
</ users >
</ simpleAuthenticationPlugin >
</ plugins >
|
2、设置控制台的账号密码
a) 开启验证选项:/conf/jetty.xml
确保 authenticate 的值为 true(默认)
1
2
3
4
5
|
< bean id = "securityConstraint" class = "org.eclipse.jetty.util.security.Constraint" >
< property name = "name" value = "BASIC" />
< property name = "roles" value = "admin" />
< property name = "authenticate" value = "true" />
</ bean >
|
b) 查看控制台账号密码
/conf/jetty-realm.properties
3、重启activemq生效
./activemq restart
显示 is already running表示activemq启动成功