我在同一台机器上使用ActiveMQ embedded broker编写测试应用程序。我尝试按如下方式配置它:
activemq.xml:
<amq:broker useJmx="false" persistent="false">
<amq:transportConnectors>
<amq:transportConnector uri="tcp://localhost:61616" />
</amq:transportConnectors>
</amq:broker>
<amq:simpleAuthenticationPlugin >
<amq:users>
<amq:authenticationUser username="system" password="manager"
groups="users,admins" />
</amq:users>
</amq:simpleAuthenticationPlugin>
Tomcat&#39; context.xml:!!密码故意不正确!!
<Resource name="jms/ConnectionFactory" auth="Container" userName="userssname" password="passwords"
type="org.apache.activemq.ActiveMQConnectionFactory" description="JMS Connection Factory"
factory="org.apache.activemq.jndi.JNDIReferenceFactory" brokerURL="tcp://localhost:61616"
brokerName="LocalActiveMQBroker" />
但是,当我尝试执行注入时,即使密码不正确,我也可以轻松创建ConnectionFactory对象并发送/接收消息。我怎么能否认这个?
答案 0 :(得分:1)
我认为您还需要为队列和主题添加授权条目。
示例授权插件配置:
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins,publishers" read="admins,consumers" admin="admins" />
<authorizationEntry topic=">" write="admins,publishers" read="admins,consumers" admin="admins" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>