问题:
Apache ActiveMQ 5.10.0 over SSL中的身份验证和授权问题仅在Java项目中存在
巫马修然
我试图只通过SSL配置Apache ActiveMQ 5.10.0,并在Windows7上测试身份验证和授权。在activemq.xml文件中,我有
<sslContext>
<sslContext keyStore="file:${activemq.conf}/cert/broker.ks" keyStorePassword="password" trustStore="file:${activemq.conf}/cert/client.ts" trustStorePassword="password"/>
</sslContext>
<transportConnectors>
<transportConnector name="ssl" uri="ssl://127.0.0.1:61617?needClientAuth=true"/>
</transportConnectors>
在启动经纪人时,我收到了消息。
INFO | Listening for connections at: ssl://127.0.0.1:61617?needClientAuth=true
INFO | Connector ssl started
在其他cmd中,我正在启动我的java spring项目jar……我得到以下日志:
[21 Jul 2014 15:07:59,146] [DEBUG] WireFormatNegotiator.negociate() - ssl://localhost/127.0.0.1:61617 after negotiation: OpenWireFormat{version=9, cacheEnabled=tru
e, stackTraceEnabled=true, tightEncodingEnabled=true, sizePrefixDisabled=false, maxFrameSize=9223372036854775807}
[21 Jul 2014 15:07:59,167] [DEBUG] TaskRunnerFactory.init() - Initialized TaskRunnerFactory[ActiveMQ Session Task] using ExecutorService: java.util.concurrent.Thre
adPoolExecutor@650e1899[Running, pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0]
[21 Jul 2014 15:07:59,169] [INFO ] WalletManager.run() -
########################## Wallet MANAGER UP ##########################
[21 Jul 2014 15:07:59,181] [DEBUG] CustomJmsTemplate.execute() - Executing callback on JMS Session: PooledSession { ActiveMQSession {id=ID:Psylocke-59003-140598047
8859-3:1:3,started=true} }
[21 Jul 2014 15:07:59,219] [DEBUG] CustomJmsTemplate.doSend() - Sending created message: ActiveMQObjectMessage {commandId = 0, responseRequired = false, messageId
= null, originalDestination = null, originalTransactionId = null, producerId = null, destination = null, transactionId = null, expiration = 0, timestamp = 0, arriv
al = 0, brokerInTime = 0, brokerOutTime = 0, correlationId = null, replyTo = null, persistent = false, type = null, priority = 0, groupID = null, groupSequence = 0
, targetConsumerId = null, compressed = false, userID = null, content = org.apache.activemq.util.ByteSequence@18f9a7a8, marshalledProperties = null, dataStructure
= null, redeliveryCounter = 0, size = 0, properties = null, readOnlyProperties = false, readOnlyBody = false, droppable = false}
[21 Jul 2014 15:07:59,229] [DEBUG] CustomJmsTemplate.execute() - Executing callback on JMS Session: PooledSession { ActiveMQSession {id=ID:Psylocke-59003-140598047
8859-1:1:2,started=true} }
[21 Jul 2014 15:07:59,260] [DEBUG] CustomJmsTemplate.doSend() - Sending created message: ActiveMQObjectMessage {commandId = 0, responseRequired = false, messageId
= null, originalDestination = null, originalTransactionId = null, producerId = null, destination = null, transactionId = null, expiration = 0, timestamp = 0, arriv
al = 0, brokerInTime = 0, brokerOutTime = 0, correlationId = null, replyTo = null, persistent = false, type = null, priority = 0, groupID = null, groupSequence = 0
, targetConsumerId = null, compressed = false, userID = null, content = org.apache.activemq.util.ByteSequence@ca2027f, marshalledProperties = null, dataStructure =
null, redeliveryCounter = 0, size = 0, properties = null, readOnlyProperties = false, readOnlyBody = false, droppable = false}
[21 Jul 2014 15:07:59,312] [DEBUG] WalletManager.processUIMessage() - ### UI ### GetWalletPositions processing stared ### UI ###
[21 Jul 2014 15:07:59,313] [DEBUG] WalletManager.processUIMessage() - ### UI ### GetWalletPositions processing ended ### UI ###
[21 Jul 2014 15:08:19,036] [DEBUG] AbstractInactivityMonitor.run() - WriteChecker 10001 ms elapsed since last write check.
[21 Jul 2014 15:08:19,038] [DEBUG] AbstractInactivityMonitor.run() - Running WriteCheck[tcp://127.0.0.1:61617]
[21 Jul 2014 15:08:19,145] [DEBUG] AbstractInactivityMonitor.run() - WriteChecker 10000 ms elapsed since last write check.
[21 Jul 2014 15:08:19,145] [DEBUG] AbstractInactivityMonitor.run() - Running WriteCheck[tcp://127.0.0.1:61617]
[21 Jul 2014 15:08:29,036] [DEBUG] AbstractInactivityMonitor.run() - WriteChecker 10000 ms elapsed since last write check.
[21 Jul 2014 15:08:29,036] [DEBUG] AbstractInactivityMonitor.run() - Running WriteCheck[tcp://127.0.0.1:61617]
[21 Jul 2014 15:08:29,145] [DEBUG] AbstractInactivityMonitor.run() - WriteChecker 10000 ms elapsed since last write check.
<plugins>
<!-- Configure authentication; Username, passwords and groups -->
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="${activemq.password}" groups="users,admins"/>
</users>
</simpleAuthenticationPlugin>
<!-- Lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />
<authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
<authorizationEntry topic="USERS.>" read="users" write="users" admin="users" />
<!-- <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/> -->
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
<bean id="activeMQConnectionFactory" class="org.apache.activemq.pool.PooledConnectionFactory" destroy-method="stop" >
<property name="connectionFactory">
<bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
<property name="brokerURL">
<value>ssl://${activemq.zdchange.hostname}:${activemq.zdchange.port}</value>
</property>
<property name="keyStore" value="broker.ks"/>
<property name="keyStorePassword" value="keypass"/>
<property name="trustStore" value="client.ts"/>
<property name="trustStorePassword" value="keypass"/>
<property name="userName" value="system"/>
<property name="password" value="manager"/>
<property name="redeliveryPolicy" ref="redeliveryPolicy"/>
<property name="useAsyncSend" value="true"/>
</bean>
</property>
</bean>
<!-- JMS Connection Factory for walletcontroller -->
<bean id="activeMQConnectionFactory_forSC" class="org.apache.activemq.pool.PooledConnectionFactory" destroy-method="stop" >
<property name="connectionFactory">
<bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
<property name="brokerURL">
<value>ssl://${activemq.sc.hostname}:${activemq.sc.port}</value>
</property>
<property name="keyStore" value="broker.ks"/>
<property name="keyStorePassword" value="keypass"/>
<property name="trustStore" value="client.ts"/>
<property name="trustStorePassword" value="keypass"/>
<property name="userName" value="system"/>
<property name="password" value="manager"/>
<property name="redeliveryPolicy" ref="redeliveryPolicy"/>
<property name="useAsyncSend" value="true"/>
</bean>
</property>
</bean>
现在,即使我为“系统”提供了不正确的密码或评论以下行
<property name="userName" value="system"/>
<property name="password" value="manager"/>
但它仍在与经纪人建立联系。我的身份验证和授权是否未正确完成?
共有2个答案
曾光远
我今天再次遵循了所有步骤,现在它正在工作。这就是我所做的。
按照http://codebrane.com/blog/2012/07/13/activemq-ssl-exchanges-and-handshake-error-messages/创建证书。设置代理环境。
两个文件broker-keystore.ks和broker-truststore.ks位于apache-activemq-5.10.0\conf文件夹中。
<sslContext>
<sslContext keyStore="file:${activemq.conf}/broker-keystore.ks" keyStorePassword="password"
trustStore="file:${activemq.conf}/broker-truststore.ks" trustStorePassword="password"/>
</sslContext>
<transportConnectors>
<transportConnector name="ssl" uri="ssl://localhost:61617?transport.needClientAuth=true"/>
</transportConnectors>
将客户端密钥库和信任库放置在正确的位置。使用ActiveMQSslConnectionFactory
<bean class="org.apache.activemq.ActiveMQSslConnectionFactory">
<property name="brokerURL">
<value>ssl://localhost:61617</value>
</property>
<property name="keyStore" value="client-keystore.ks"/>
<property name="keyStorePassword" value="password"/>
<property name="trustStore" value="client-truststore.ks"/>
<property name="trustStorePassword" value="password"/>
<property name="userName" value="abc"/>
<property name="password" value="pass"/>
<property name="redeliveryPolicy" ref="redeliveryPolicy"/>
<property name="useAsyncSend" value="true"/>
</bean>
柳灿
有没有可能您的activemq.xml配置错误?您检查日志了吗?
类似资料:
-
问题内容: 我一直在努力用Spring-Security 正确实现Stomp(websocket) 身份验证 和 授权 。 为了后代,我将回答我自己的问题以提供指导。 问题 Spring WebSocket文档(用于身份验证)看起来不清楚ATM(IMHO)。而且我不明白如何正确处理 身份验证 和 授权 。 我想要的是 使用登录名/密码对用户进行身份验证。 防止匿名用户通过WebSocket连接。
-
在Spring Security am中,使用DefaultJaasAuthenticationProvider配置进行带有linux用户名/密码的登录身份验证。JpamLoginModule用于身份验证。我成功地进行了身份验证,但我在授权方面有问题(ROLE_USER,ROLE_ADMIN),正在获得HTTP状态403-访问被拒绝错误。 下面是我在spring-security.xml中使用的配
-
我正在实现一个基于Spring Data REST的应用程序,我想知道是否有一种优雅的方法可以使用此框架或相关框架来实现身份验证和授权规则。 对REST服务器的所有HTTP请求都必须带有身份验证标头,我需要检查它们并根据HTTP方法和经过身份验证的用户与所请求资源的关联来决定是否授权。例如,(该应用程序是电子学习系统的REST服务器),讲师只能访问他们自己的课程部分,学生只能访问他们订阅的课程部分
-
我一直在努力用Spring-Security正确地实现Stomp(websocket)身份验证和授权。对于后人,我将回答我自己的问题,以提供一个指导。 Spring WebSocket文档(用于身份验证)看起来不清楚ATM(IMHO)。我无法理解如何正确处理身份验证和授权。 null 在HTTP协商endpoint上进行身份验证(因为大多数JavaScript库不会随HTTP协商调用一起发送身份验
-
OAuth术语已经困扰我很久了。OAuth授权是像一些人建议的那样,还是认证? 如果我错了,请纠正我,但我一直认为授权是允许某人访问某个资源的行为,而OAuth似乎没有任何实际允许用户访问给定资源的实现。OAuth实现所讨论的都是为用户提供一个令牌(签名的,有时是加密的)。然后,每次调用都会将该令牌传递到后端服务endpoint,在后端服务endpoint上检查该令牌的有效性,这也不是OAuth的