ARTEMIS-1463 - add role based authentication to the JMX objects
some example fixes https://issues.apache.org/jira/browse/ARTEMIS-1463
This commit is contained in:
parent
93a99cc096
commit
12ad0120ad
|
@ -44,9 +44,6 @@ public class ManagementConnector implements ActiveMQComponent {
|
|||
|
||||
@Override
|
||||
public void start() throws Exception {
|
||||
ArtemisMBeanServerGuard guard = new ArtemisMBeanServerGuard();
|
||||
guard.init();
|
||||
|
||||
rmiRegistryFactory = new RmiRegistryFactory();
|
||||
rmiRegistryFactory.setPort(configuration.getConnectorPort());
|
||||
rmiRegistryFactory.init();
|
||||
|
|
|
@ -61,9 +61,6 @@ under the License.
|
|||
</goals>
|
||||
<configuration>
|
||||
<ignore>${noServer}</ignore>
|
||||
<!-- options used for JMX on the example -->
|
||||
<javaOptions>-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=3000 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
|
||||
</javaOptions>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
|
|
|
@ -80,7 +80,7 @@ public class JMXExample {
|
|||
|
||||
// Step 10. Create JMX Connector to connect to the server's MBeanServer
|
||||
HashMap env = new HashMap();
|
||||
String[] creds = {"admin", "password"};
|
||||
String[] creds = {"guest", "guest"};
|
||||
env.put(JMXConnector.CREDENTIALS, creds);
|
||||
|
||||
JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL(JMXExample.JMX_URL), env);
|
||||
|
|
|
@ -22,19 +22,19 @@
|
|||
<entry domain="hawtio"/>
|
||||
</whitelist>
|
||||
<default-access>
|
||||
<access method="list*" roles="view,update,amq"/>
|
||||
<access method="get*" roles="view,update,amq"/>
|
||||
<access method="is*" roles="view,update,amq"/>
|
||||
<access method="set*" roles="update,amq"/>
|
||||
<access method="*" roles="amq"/>
|
||||
<access method="list*" roles="view,update,amq,guest"/>
|
||||
<access method="get*" roles="view,update,amq,guest"/>
|
||||
<access method="is*" roles="view,update,amq,guest"/>
|
||||
<access method="set*" roles="update,amq,guest"/>
|
||||
<access method="*" roles="amq,guest"/>
|
||||
</default-access>
|
||||
<role-access>
|
||||
<match domain="org.apache.activemq.apache">
|
||||
<access method="list*" roles="view,update,amq"/>
|
||||
<access method="get*" roles="view,update,amq"/>
|
||||
<access method="is*" roles="view,update,amq"/>
|
||||
<access method="set*" roles="update,amq"/>
|
||||
<access method="*" roles="amq"/>
|
||||
<access method="list*" roles="view,update,amq,guest"/>
|
||||
<access method="get*" roles="view,update,amq,guest"/>
|
||||
<access method="is*" roles="view,update,amq,guest"/>
|
||||
<access method="set*" roles="update,amq,guest"/>
|
||||
<access method="*" roles="amq,guest"/>
|
||||
</match>
|
||||
<!--example of how to configure a specific object-->
|
||||
<!--<match domain="org.apache.activemq.apache" key="subcomponent=queues">
|
||||
|
|
|
@ -61,8 +61,6 @@ under the License.
|
|||
</goals>
|
||||
<configuration>
|
||||
<ignore>${noServer}</ignore>
|
||||
<javaOptions>-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=3001 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
|
||||
</javaOptions>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
|
|
|
@ -44,7 +44,7 @@ import org.apache.activemq.artemis.api.core.management.QueueControl;
|
|||
*/
|
||||
public class MessageCounterExample {
|
||||
|
||||
private static final String JMX_URL = "service:jmx:rmi:///jndi/rmi://localhost:3001/jmxrmi";
|
||||
private static final String JMX_URL = "service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi";
|
||||
|
||||
public static void main(final String[] args) throws Exception {
|
||||
QueueConnection connection = null;
|
||||
|
@ -75,7 +75,10 @@ public class MessageCounterExample {
|
|||
|
||||
// Step 7. Use JMX to retrieve the message counters using the JMSQueueControl
|
||||
ObjectName on = ObjectNameBuilder.DEFAULT.getQueueObjectName(SimpleString.toSimpleString(queue.getQueueName()), SimpleString.toSimpleString(queue.getQueueName()), RoutingType.ANYCAST);
|
||||
JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL(JMX_URL), new HashMap<String, Object>());
|
||||
HashMap env = new HashMap();
|
||||
String[] creds = {"guest", "guest"};
|
||||
env.put(JMXConnector.CREDENTIALS, creds);
|
||||
JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL(JMX_URL), env);
|
||||
MBeanServerConnection mbsc = connector.getMBeanServerConnection();
|
||||
QueueControl queueControl = MBeanServerInvocationHandler.newProxyInstance(mbsc, on, QueueControl.class, false);
|
||||
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<!--
|
||||
~ Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
~ contributor license agreements. See the NOTICE file distributed with
|
||||
~ this work for additional information regarding copyright ownership.
|
||||
~ The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
~ (the "License"); you may not use this file except in compliance with
|
||||
~ the License. You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<management-context xmlns="http://activemq.org/schema">
|
||||
<connector connector-port="1099" connector-host="127.0.0.1"/>
|
||||
<authorisation>
|
||||
<whitelist>
|
||||
<entry domain="hawtio"/>
|
||||
</whitelist>
|
||||
<default-access>
|
||||
<access method="list*" roles="view,update,amq,guest"/>
|
||||
<access method="get*" roles="view,update,amq,guest"/>
|
||||
<access method="is*" roles="view,update,amq,guest"/>
|
||||
<access method="set*" roles="update,amq,guest"/>
|
||||
<access method="*" roles="amq, guest"/>
|
||||
</default-access>
|
||||
<role-access>
|
||||
<match domain="org.apache.activemq.apache">
|
||||
<access method="list*" roles="view,update,amq,guest"/>
|
||||
<access method="get*" roles="view,update,amq,guest"/>
|
||||
<access method="is*" roles="view,update,amq,guest"/>
|
||||
<access method="set*" roles="update,amq,guest"/>
|
||||
<access method="*" roles="amq,guest"/>
|
||||
</match>
|
||||
<!--example of how to configure a specific object-->
|
||||
<!--<match domain="org.apache.activemq.apache" key="subcomponent=queues">
|
||||
<access method="list*" roles="view,update,amq"/>
|
||||
<access method="get*" roles="view,update,amq"/>
|
||||
<access method="is*" roles="view,update,amq"/>
|
||||
<access method="set*" roles="update,amq"/>
|
||||
<access method="*" roles="amq"/>
|
||||
</match>-->
|
||||
</role-access>
|
||||
</authorisation>
|
||||
</management-context>
|
Loading…
Reference in New Issue