我有一个方法,其参数是通过JMX协议连接到ActiveMQ Artemis代理的传递值。但是我的用户名/密码不起作用。也就是说,如果我将用户和密码值留空,那么它仍然会连接,并且我希望在连接到队列时弹出错误,因为用户数据不正确
public static MBeanServerConnection connectBroker(String brokerUrl, String user, String password) {
try {
Map<String, String[]> env = new HashMap();
String[] creds = {user, password};
env.put(JMXConnector.CREDENTIALS, creds);
JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + brokerUrl + ":13682/jmxrmi"), env);
return connector.getMBeanServerConnection();
} catch (IOException e) {
throw new RuntimeException(e);
}
}
奇怪的是,如果CREDENTIALS被通过,它仍然有效,但如果没有这样的用户,我希望它给出一个错误
经纪人. xml
:
<configuration xmlns="urn:activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
<core xmlns="urn:activemq:core">
<name>localhost</name>
<bindings-directory>./data/messaging/bindings</bindings-directory>
<journal-directory>./data/messaging/journal</journal-directory>
<large-messages-directory>./data/messaging/largemessages</large-messages-directory>
<paging-directory>./data/messaging/paging</paging-directory>
<!-- true to expose ActiveMQ Artemis resources through JMX -->
<jmx-management-enabled>true</jmx-management-enabled>
<!-- Acceptors -->
<acceptors>
<acceptor name="netty">tcp://localhost:61616</acceptor>
</acceptors>
<!-- Other config -->
<security-settings>
<!--security for example queue-->
<security-setting match="exampleQueue">
<permission roles="amq" type="createDurableQueue"/>
<permission roles="amq" type="deleteDurableQueue"/>
<permission roles="amq" type="createNonDurableQueue"/>
<permission roles="amq" type="deleteNonDurableQueue"/>
<permission roles="amq" type="consume"/>
<permission roles="amq" type="send"/>
<permission roles="amq" type="browse"/>
</security-setting>
<security-setting match="TestQueue">
<permission roles="amq" type="createDurableQueue"/>
<permission roles="amq" type="deleteDurableQueue"/>
<permission roles="amq" type="createNonDurableQueue"/>
<permission roles="amq" type="deleteNonDurableQueue"/>
<permission roles="amq" type="consume"/>
<permission roles="amq" type="send"/>
</security-setting>
<security-setting match="TestQueueSecond">
<permission roles="amq" type="createDurableQueue"/>
<permission roles="amq" type="deleteDurableQueue"/>
<permission roles="amq" type="createNonDurableQueue"/>
<permission roles="amq" type="deleteNonDurableQueue"/>
<permission roles="amq" type="consume"/>
<permission roles="amq" type="send"/>
</security-setting>
</security-settings>
<addresses>
<address name="exampleQueue">
<anycast>
<queue name="exampleQueue"/>
</anycast>
</address>
<address name="TestQueue">
<anycast>
<queue name="TestQueue"/>
</anycast>
</address>
<address name="TestQueueSecond">
<anycast>
<queue name="TestQueueSecond"/>
</anycast>
</address>
</addresses>
</core>
</configuration>
管理. xml
:
<management-context xmlns="http://activemq.apache.org/schema">
<connector connector-port="13682" connector-host="localhost"/>
<authorisation>
<allowlist>
<entry domain="hawtio"/>
</allowlist>
<default-access>
<access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/>
<access method="is*" roles="view,update,amq,guest"/>
<access method="set*" roles="update,amq,guest"/>
<access method="*" roles="amq,guest"/>
</default-access>
<role-access>
<match domain="org.apache.activemq.artemis">
<access method="list*" roles="view,update,amq,guest"/>
<access method="get*" roles="view,update,amq,guest"/>
<access method="is*" roles="view,update,amq,guest"/>
<access method="set*" roles="update,amq,guest"/>
<access method="*" roles="amq,guest"/>
</match>
<!--example of how to configure a specific object-->
<!--<match domain="org.apache.activemq.artemis" key="subcomponent=queues">
<access method="list*" roles="view,update,amq"/>
<access method="get*" roles="view,update,amq"/>
<access method="is*" roles="view,update,amq"/>
<access method="set*" roles="update,amq"/>
<access method="*" roles="amq"/>
</match>-->
</role-access>
</authorisation>
</management-context>
登录. config
:
activemq {
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
debug=false
reload=true
org.apache.activemq.jaas.properties.user="artemis-users.properties"
org.apache.activemq.jaas.properties.role="artemis-roles.properties";
org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient
debug=false
org.apache.activemq.jaas.guest.user="admin"
org.apache.activemq.jaas.guest.role="amq";
};
您的login. config
正在使用GuestLoginModule
,即:
org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient
debug=false
org.apache.activemq.jaas.guest.user="admin"
org.apache.activemq.jaas.guest.role="amq";
这意味着不传递任何凭据或传递错误凭据的用户将被接受,并被赋予用户名admin
和角色amq
。有关详细信息,请参阅留档。
如果您不想要此行为,您可以在login. config
中使用它:
activemq {
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
debug=false
reload=true
org.apache.activemq.jaas.properties.user="artemis-users.properties"
org.apache.activemq.jaas.properties.role="artemis-roles.properties";
};