【发布时间】:2020-01-08 01:37:33
【问题描述】:
我目前正在使用部署在我们的测试服务器上的 ActiveMQ 5.15.9。
我必须实施某种安全措施,以便任何人都无法访问里面的队列。
到目前为止,我所做的是将以下内容添加到activemq.xml:
<plugins>
<simpleAuthenticationPlugin anonymousAccessAllowed ="false">
<users>
<authenticationUser
username="admin"
password="pass"
groups="admins,publishers,consumers" />
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry topic =">" write="producers" read="consumers" admin="admins" />
<authorizationEntry queue ="TEST.Q" write="producers" read="consumers" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
在我的 C# 中,这是访问队列的方式:
private static void SendNewMessageQueue(string text)
{
string queueName = "TEST";
Console.WriteLine($"Adding message to queue topic: {queueName}");
string brokerUri = $"activemq:tcp://localhost:61616"; // Default port
NMSConnectionFactory factory = new NMSConnectionFactory(brokerUri);
using (IConnection connection = factory.CreateConnection("admin","pass"))
{
connection.Start();
using (ISession session = connection.CreateSession(AcknowledgementMode.AutoAcknowledge))
using (IDestination dest = session.GetQueue(queueName))
using (IMessageProducer producer = session.CreateProducer(dest))
{
producer.DeliveryMode = MsgDeliveryMode.NonPersistent;
producer.Send(session.CreateTextMessage(text));
Console.WriteLine($"Sent {text} messages");
}
}
}
但是当我尝试运行我的代码时,出现以下错误:
User admin is not authorized to write to: queue://TEST
我需要这个,以便我可以将此 MQ 公开到 Internet 并通过仅允许拥有凭据的消费者/发布者来保护它。
【问题讨论】: