我正在尝试仅通过SSL配置Apache ActiveMQ 5.10.0,并在Windows7上测试身份验证和授权。在activemq.xml文件中我有
<sslContext>
<sslContext keyStore="file:${activemq.conf}/cert/broker.ks" keyStorePassword="password" trustStore="file:${activemq.conf}/cert/client.ts" trustStorePassword="password"/>
</sslContext>
<transportConnectors>
<transportConnector name="ssl" uri="ssl://127.0.0.1:61617?needClientAuth=true"/>
</transportConnectors>
在启动经纪人时,我收到消息
INFO | Listening for connections at: ssl://127.0.0.1:61617?needClientAuth=true
INFO | Connector ssl started
在其他cmd我正在启动我的java spring项目jar ......我得到以下日志:
[21 Jul 2014 15:07:59,146] [DEBUG] WireFormatNegotiator.negociate() - ssl://localhost/127.0.0.1:61617 after negotiation: OpenWireFormat{version=9, cacheEnabled=tru
e, stackTraceEnabled=true, tightEncodingEnabled=true, sizePrefixDisabled=false, maxFrameSize=9223372036854775807}
[21 Jul 2014 15:07:59,167] [DEBUG] TaskRunnerFactory.init() - Initialized TaskRunnerFactory[ActiveMQ Session Task] using ExecutorService: java.util.concurrent.Thre
adPoolExecutor@650e1899[Running, pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0]
[21 Jul 2014 15:07:59,169] [INFO ] WalletManager.run() -
########################## Wallet MANAGER UP ##########################
[21 Jul 2014 15:07:59,181] [DEBUG] CustomJmsTemplate.execute() - Executing callback on JMS Session: PooledSession { ActiveMQSession {id=ID:Psylocke-59003-140598047
8859-3:1:3,started=true} }
[21 Jul 2014 15:07:59,219] [DEBUG] CustomJmsTemplate.doSend() - Sending created message: ActiveMQObjectMessage {commandId = 0, responseRequired = false, messageId
= null, originalDestination = null, originalTransactionId = null, producerId = null, destination = null, transactionId = null, expiration = 0, timestamp = 0, arriv
al = 0, brokerInTime = 0, brokerOutTime = 0, correlationId = null, replyTo = null, persistent = false, type = null, priority = 0, groupID = null, groupSequence = 0
, targetConsumerId = null, compressed = false, userID = null, content = org.apache.activemq.util.ByteSequence@18f9a7a8, marshalledProperties = null, dataStructure
= null, redeliveryCounter = 0, size = 0, properties = null, readOnlyProperties = false, readOnlyBody = false, droppable = false}
[21 Jul 2014 15:07:59,229] [DEBUG] CustomJmsTemplate.execute() - Executing callback on JMS Session: PooledSession { ActiveMQSession {id=ID:Psylocke-59003-140598047
8859-1:1:2,started=true} }
[21 Jul 2014 15:07:59,260] [DEBUG] CustomJmsTemplate.doSend() - Sending created message: ActiveMQObjectMessage {commandId = 0, responseRequired = false, messageId
= null, originalDestination = null, originalTransactionId = null, producerId = null, destination = null, transactionId = null, expiration = 0, timestamp = 0, arriv
al = 0, brokerInTime = 0, brokerOutTime = 0, correlationId = null, replyTo = null, persistent = false, type = null, priority = 0, groupID = null, groupSequence = 0
, targetConsumerId = null, compressed = false, userID = null, content = org.apache.activemq.util.ByteSequence@ca2027f, marshalledProperties = null, dataStructure =
null, redeliveryCounter = 0, size = 0, properties = null, readOnlyProperties = false, readOnlyBody = false, droppable = false}
[21 Jul 2014 15:07:59,312] [DEBUG] WalletManager.processUIMessage() - ### UI ### GetWalletPositions processing stared ### UI ###
[21 Jul 2014 15:07:59,313] [DEBUG] WalletManager.processUIMessage() - ### UI ### GetWalletPositions processing ended ### UI ###
[21 Jul 2014 15:08:19,036] [DEBUG] AbstractInactivityMonitor.run() - WriteChecker 10001 ms elapsed since last write check.
[21 Jul 2014 15:08:19,038] [DEBUG] AbstractInactivityMonitor.run() - Running WriteCheck[tcp://127.0.0.1:61617]
[21 Jul 2014 15:08:19,145] [DEBUG] AbstractInactivityMonitor.run() - WriteChecker 10000 ms elapsed since last write check.
[21 Jul 2014 15:08:19,145] [DEBUG] AbstractInactivityMonitor.run() - Running WriteCheck[tcp://127.0.0.1:61617]
[21 Jul 2014 15:08:29,036] [DEBUG] AbstractInactivityMonitor.run() - WriteChecker 10000 ms elapsed since last write check.
[21 Jul 2014 15:08:29,036] [DEBUG] AbstractInactivityMonitor.run() - Running WriteCheck[tcp://127.0.0.1:61617]
[21 Jul 2014 15:08:29,145] [DEBUG] AbstractInactivityMonitor.run() - WriteChecker 10000 ms elapsed since last write check.
<plugins>
<!-- Configure authentication; Username, passwords and groups -->
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="${activemq.password}" groups="users,admins"/>
</users>
</simpleAuthenticationPlugin>
<!-- Lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />
<authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
<authorizationEntry topic="USERS.>" read="users" write="users" admin="users" />
<!-- <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/> -->
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
<bean id="activeMQConnectionFactory" class="org.apache.activemq.pool.PooledConnectionFactory" destroy-method="stop" >
<property name="connectionFactory">
<bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
<property name="brokerURL">
<value>ssl://${activemq.zdchange.hostname}:${activemq.zdchange.port}</value>
</property>
<property name="keyStore" value="broker.ks"/>
<property name="keyStorePassword" value="keypass"/>
<property name="trustStore" value="client.ts"/>
<property name="trustStorePassword" value="keypass"/>
<property name="userName" value="system"/>
<property name="password" value="manager"/>
<property name="redeliveryPolicy" ref="redeliveryPolicy"/>
<property name="useAsyncSend" value="true"/>
</bean>
</property>
</bean>
<!-- JMS Connection Factory for walletcontroller -->
<bean id="activeMQConnectionFactory_forSC" class="org.apache.activemq.pool.PooledConnectionFactory" destroy-method="stop" >
<property name="connectionFactory">
<bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
<property name="brokerURL">
<value>ssl://${activemq.sc.hostname}:${activemq.sc.port}</value>
</property>
<property name="keyStore" value="broker.ks"/>
<property name="keyStorePassword" value="keypass"/>
<property name="trustStore" value="client.ts"/>
<property name="trustStorePassword" value="keypass"/>
<property name="userName" value="system"/>
<property name="password" value="manager"/>
<property name="redeliveryPolicy" ref="redeliveryPolicy"/>
<property name="useAsyncSend" value="true"/>
</bean>
</property>
</bean>
现在即使我为“系统”提供了错误的密码或评论了下面的行
<property name="userName" value="system"/>
<property name="password" value="manager"/>
仍然是连接到经纪人。我的身份验证和授权是否未正确完成?
答案 0 :(得分:0)
您的activemq.xml配置错误可能有可能吗?你检查了你的日志吗?
答案 1 :(得分:0)
我今天再次执行了所有步骤,现在正在运行。这就是我所做的。
跟随http://codebrane.com/blog/2012/07/13/activemq-ssl-exchanges-and-handshake-error-messages/创建证书。 设置代理环境。
两个文件broker-keystore.ks和broker-truststore.ks放在apache-activemq-5.10.0 \ conf文件夹中。
<sslContext>
<sslContext keyStore="file:${activemq.conf}/broker-keystore.ks" keyStorePassword="password"
trustStore="file:${activemq.conf}/broker-truststore.ks" trustStorePassword="password"/>
</sslContext>
<transportConnectors>
<transportConnector name="ssl" uri="ssl://localhost:61617?transport.needClientAuth=true"/>
</transportConnectors>
将客户端密钥库和信任库放在适当的位置 使用ActiveMQSslConnectionFactory
<bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
<property name="brokerURL">
<value>ssl://localhost:61617</value>
</property>
<property name="keyStore" value="client-keystore.ks"/>
<property name="keyStorePassword" value="password"/>
<property name="trustStore" value="client-truststore.ks"/>
<property name="trustStorePassword" value="password"/>
<property name="userName" value="abc"/>
<property name="password" value="pass"/>
<property name="redeliveryPolicy" ref="redeliveryPolicy"/>
<property name="useAsyncSend" value="true"/>
</bean>