ActiveMQ 中可以通过以下方式实现SSL和安全认证:
1、 SSL 加密传输:
- 生产环境下务必使用SSL加密,防止消息被非法监听。
- 配置 Broker 和客户端 SSL:
Broker 端:
<transportConnectors>
<transportConnector name="ssl" uri="ssl://0.0.0.0:61617?transport.keyStorePath=../conf/broker.ks&transport.keyStorePassword=password&transport.trustStorePath=../conf/broker.ts&transport.trustStorePassword=password"/>
</transportConnectors>
客户端:
System.setProperty("```x.net.ssl.keyStore","../conf/client.ks");
System.setProperty("```x.net.ssl.keyStorePassword","password");
System.setProperty("```x.net.ssl.trustStore","../conf/client.ts");
System.setProperty("```x.net.ssl.trustStorePassword","password");
ConnectionFactory cf = new ActiveMQConnectionFactory("ssl://0.0.0.0:61617");
2、 安全认证:
- ActiveMQ 支持多种认证方式:
- Client Certificate:使用 SSL 客户端证书认证
-JAAS:使用 JAAS 进行用户名密码认证
-LDAP:使用 LDAP 服务器认证
-Kerberos:使用 Kerberos 协议认证 - 示例 JAAS 认证配置:
Broker 端:
<plugins>
<jaasAuthenticationPlugin configuration="activemq"/>
</plugins>
<jaasAuthenticationProperties>
<jaasSecurityDomain>
<loginModuleFlag>required</loginModuleFlag>
<loginModule>
<module-option name="roles">activemq,admin</module-option>
</loginModule>
</jaasSecurityDomain>
</jaasAuthenticationProperties>
客户端:
Hashtable<String, String> options = new Hashtable<>();
options.put("role", "activemq");
Subject subject = Subject.getSubject(new LoginModule(options));
JaasSecurityContext secContext = new JaasSecurityContext(subject);
ConnectionFactory cf = new ActiveMQConnectionFactory("admin", "admin", secContext);