ARTEMIS-578 cert authn/z for STOMP
This commit is contained in:
parent
b3ffac30ea
commit
6881c1ddc3
|
@ -16,6 +16,7 @@
|
|||
*/
|
||||
package org.apache.activemq.artemis.core.protocol.stomp;
|
||||
|
||||
import javax.security.cert.X509Certificate;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
|
@ -504,11 +505,11 @@ public final class StompConnection implements RemotingConnection {
|
|||
manager.sendReply(this, frame);
|
||||
}
|
||||
|
||||
public boolean validateUser(final String login1, final String passcode1) {
|
||||
this.valid = manager.validateUser(login1, passcode1);
|
||||
public boolean validateUser(final String login, final String pass, final X509Certificate[] certificates) {
|
||||
this.valid = manager.validateUser(login, pass, certificates);
|
||||
if (valid) {
|
||||
this.login = login1;
|
||||
this.passcode = passcode1;
|
||||
this.login = login;
|
||||
this.passcode = pass;
|
||||
}
|
||||
return valid;
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
*/
|
||||
package org.apache.activemq.artemis.core.protocol.stomp;
|
||||
|
||||
import javax.security.cert.X509Certificate;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.HashMap;
|
||||
import java.util.Iterator;
|
||||
|
@ -45,6 +46,7 @@ import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
|
|||
import org.apache.activemq.artemis.spi.core.remoting.Acceptor;
|
||||
import org.apache.activemq.artemis.spi.core.remoting.Connection;
|
||||
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
|
||||
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager2;
|
||||
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3;
|
||||
import org.apache.activemq.artemis.utils.UUIDGenerator;
|
||||
|
||||
|
@ -326,14 +328,17 @@ class StompProtocolManager extends AbstractProtocolManager<StompFrame,StompFrame
|
|||
return "activemq";
|
||||
}
|
||||
|
||||
public boolean validateUser(String login, String passcode) {
|
||||
public boolean validateUser(String login, String passcode, X509Certificate[] certificates) {
|
||||
boolean validated = true;
|
||||
|
||||
ActiveMQSecurityManager sm = server.getSecurityManager();
|
||||
|
||||
if (sm != null && server.getConfiguration().isSecurityEnabled()) {
|
||||
if (sm instanceof ActiveMQSecurityManager3) {
|
||||
validated = ((ActiveMQSecurityManager3) sm).validateUser(login, passcode, null) != null;
|
||||
validated = ((ActiveMQSecurityManager3) sm).validateUser(login, passcode, certificates) != null;
|
||||
}
|
||||
else if (sm instanceof ActiveMQSecurityManager2) {
|
||||
validated = ((ActiveMQSecurityManager2) sm).validateUser(login, passcode, certificates);
|
||||
}
|
||||
else {
|
||||
validated = sm.validateUser(login, passcode);
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
*/
|
||||
package org.apache.activemq.artemis.core.protocol.stomp.v10;
|
||||
|
||||
import javax.security.cert.X509Certificate;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.activemq.artemis.core.protocol.stomp.FrameEventListener;
|
||||
|
@ -26,7 +27,9 @@ import org.apache.activemq.artemis.core.protocol.stomp.StompDecoder;
|
|||
import org.apache.activemq.artemis.core.protocol.stomp.StompFrame;
|
||||
import org.apache.activemq.artemis.core.protocol.stomp.StompVersions;
|
||||
import org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler;
|
||||
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection;
|
||||
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
|
||||
import org.apache.activemq.artemis.utils.CertificateUtil;
|
||||
|
||||
import static org.apache.activemq.artemis.core.protocol.stomp.ActiveMQStompProtocolMessageBundle.BUNDLE;
|
||||
|
||||
|
@ -48,7 +51,12 @@ public class StompFrameHandlerV10 extends VersionedStompFrameHandler implements
|
|||
String clientID = headers.get(Stomp.Headers.Connect.CLIENT_ID);
|
||||
String requestID = headers.get(Stomp.Headers.Connect.REQUEST_ID);
|
||||
|
||||
if (connection.validateUser(login, passcode)) {
|
||||
X509Certificate[] certificates = null;
|
||||
if (connection.getTransportConnection() instanceof NettyConnection) {
|
||||
certificates = CertificateUtil.getCertsFromChannel(((NettyConnection) connection.getTransportConnection()).getChannel());
|
||||
}
|
||||
|
||||
if (connection.validateUser(login, passcode, certificates)) {
|
||||
connection.setClientID(clientID);
|
||||
connection.setValid(true);
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
*/
|
||||
package org.apache.activemq.artemis.core.protocol.stomp.v11;
|
||||
|
||||
import javax.security.cert.X509Certificate;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.atomic.AtomicLong;
|
||||
|
||||
|
@ -27,7 +28,9 @@ import org.apache.activemq.artemis.core.protocol.stomp.StompConnection;
|
|||
import org.apache.activemq.artemis.core.protocol.stomp.StompDecoder;
|
||||
import org.apache.activemq.artemis.core.protocol.stomp.StompFrame;
|
||||
import org.apache.activemq.artemis.core.protocol.stomp.VersionedStompFrameHandler;
|
||||
import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnection;
|
||||
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
|
||||
import org.apache.activemq.artemis.utils.CertificateUtil;
|
||||
|
||||
import static org.apache.activemq.artemis.core.protocol.stomp.ActiveMQStompProtocolMessageBundle.BUNDLE;
|
||||
|
||||
|
@ -53,8 +56,13 @@ public class StompFrameHandlerV11 extends VersionedStompFrameHandler implements
|
|||
String clientID = headers.get(Stomp.Headers.Connect.CLIENT_ID);
|
||||
String requestID = headers.get(Stomp.Headers.Connect.REQUEST_ID);
|
||||
|
||||
X509Certificate[] certificates = null;
|
||||
if (connection.getTransportConnection() instanceof NettyConnection) {
|
||||
certificates = CertificateUtil.getCertsFromChannel(((NettyConnection) connection.getTransportConnection()).getChannel());
|
||||
}
|
||||
|
||||
try {
|
||||
if (connection.validateUser(login, passcode)) {
|
||||
if (connection.validateUser(login, passcode, certificates)) {
|
||||
connection.setClientID(clientID);
|
||||
connection.setValid(true);
|
||||
|
||||
|
|
|
@ -0,0 +1,116 @@
|
|||
<?xml version='1.0'?>
|
||||
<!--
|
||||
Licensed to the Apache Software Foundation (ASF) under one
|
||||
or more contributor license agreements. See the NOTICE file
|
||||
distributed with this work for additional information
|
||||
regarding copyright ownership. The ASF licenses this file
|
||||
to you under the Apache License, Version 2.0 (the
|
||||
"License"); you may not use this file except in compliance
|
||||
with the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing,
|
||||
software distributed under the License is distributed on an
|
||||
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
KIND, either express or implied. See the License for the
|
||||
specific language governing permissions and limitations
|
||||
under the License.
|
||||
-->
|
||||
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<groupId>org.apache.activemq.examples.stomp</groupId>
|
||||
<artifactId>stomp-examples</artifactId>
|
||||
<version>1.4.0-SNAPSHOT</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>stomp-dual-authentication</artifactId>
|
||||
<packaging>jar</packaging>
|
||||
<name>ActiveMQ Artemis JMS Stomp Dual Authentication Example</name>
|
||||
|
||||
<properties>
|
||||
<activemq.basedir>${project.basedir}/../../../..</activemq.basedir>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.apache.activemq</groupId>
|
||||
<artifactId>artemis-jms-client</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.activemq</groupId>
|
||||
<artifactId>artemis-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>create</id>
|
||||
<goals>
|
||||
<goal>create</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<ignore>${noServer}</ignore>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>start</id>
|
||||
<goals>
|
||||
<goal>cli</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<ignore>${noServer}</ignore>
|
||||
<spawn>true</spawn>
|
||||
<testURI>tcp://localhost:61616</testURI>
|
||||
<testUser>consumer</testUser>
|
||||
<testPassword>activemq</testPassword>
|
||||
<args>
|
||||
<param>run</param>
|
||||
</args>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>runClient</id>
|
||||
<goals>
|
||||
<goal>runClient</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<clientClass>org.apache.activemq.artemis.jms.example.StompDualAuthenticationExample</clientClass>
|
||||
<args>
|
||||
<arg>${project.basedir}/target/server0/etc/client-side-keystore.jks</arg>
|
||||
<arg>secureexample</arg>
|
||||
<arg>${project.basedir}/target/server0/etc/client-side-truststore.jks</arg>
|
||||
<arg>secureexample</arg>
|
||||
</args>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>stop</id>
|
||||
<goals>
|
||||
<goal>cli</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<ignore>${noServer}</ignore>
|
||||
<args>
|
||||
<param>stop</param>
|
||||
</args>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.apache.activemq.examples.stomp</groupId>
|
||||
<artifactId>stomp-dual-authentication</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
|
@ -0,0 +1,51 @@
|
|||
<!--
|
||||
Licensed to the Apache Software Foundation (ASF) under one
|
||||
or more contributor license agreements. See the NOTICE file
|
||||
distributed with this work for additional information
|
||||
regarding copyright ownership. The ASF licenses this file
|
||||
to you under the Apache License, Version 2.0 (the
|
||||
"License"); you may not use this file except in compliance
|
||||
with the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing,
|
||||
software distributed under the License is distributed on an
|
||||
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
KIND, either express or implied. See the License for the
|
||||
specific language governing permissions and limitations
|
||||
under the License.
|
||||
-->
|
||||
|
||||
<html>
|
||||
<head>
|
||||
<title>ActiveMQ Artemis Stomp Example</title>
|
||||
<link rel="stylesheet" type="text/css" href="../../../common/common.css" />
|
||||
<link rel="stylesheet" type="text/css" href="../../../common/prettify.css" />
|
||||
<script type="text/javascript" src="../../../common/prettify.js"></script>
|
||||
</head>
|
||||
<body onload="prettyPrint()">
|
||||
<h1>Stomp Dual Authentication Example</h1>
|
||||
|
||||
<pre>To run the example, simply type <b>mvn verify</b> from this directory, <br>or <b>mvn -PnoServer verify</b> if you want to start and create the server manually.</pre>
|
||||
|
||||
<p>This example shows you how to configure 2-way SSL along with 2 different authentications mechanisms so that SSL and non-SSL clients can send and consume messages to/from ActiveMQ Artemis.
|
||||
The non-SSL authentication mechanism simply uses username and password. The SSL authentication mechanism uses the client's certificate. The Stomp client uses SSL socket directly to send
|
||||
a message. Then a JMS client will use a non-SSL connection to consume it.</p>
|
||||
|
||||
<p>The various keystore files are generated using the following commands:</p>
|
||||
|
||||
<p>
|
||||
<pre class="prettyprint">
|
||||
<code>
|
||||
keytool -genkey -keystore server-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
|
||||
keytool -export -keystore server-side-keystore.jks -file server-side-cert.cer -storepass secureexample
|
||||
keytool -import -keystore client-side-truststore.jks -file server-side-cert.cer -storepass secureexample -keypass secureexample -noprompt
|
||||
keytool -genkey -keystore client-side-keystore.jks -storepass secureexample -keypass secureexample -dname "CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg RSA
|
||||
keytool -export -keystore client-side-keystore.jks -file client-side-cert.cer -storepass secureexample
|
||||
keytool -import -keystore server-side-truststore.jks -file client-side-cert.cer -storepass secureexample -keypass secureexample -noprompt
|
||||
</code>
|
||||
</pre>
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,141 @@
|
|||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.artemis.jms.example;
|
||||
|
||||
import javax.jms.Connection;
|
||||
import javax.jms.ConnectionFactory;
|
||||
import javax.jms.MessageConsumer;
|
||||
import javax.jms.Queue;
|
||||
import javax.jms.Session;
|
||||
import javax.jms.TextMessage;
|
||||
import javax.naming.InitialContext;
|
||||
import javax.net.ssl.SSLSocket;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.net.Socket;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.Security;
|
||||
|
||||
import com.sun.net.ssl.internal.ssl.Provider;
|
||||
|
||||
/**
|
||||
* An example where a client will send a Stomp message on a TCP socket
|
||||
* and consume it from a JMS MessageConsumer.
|
||||
*/
|
||||
public class StompDualAuthenticationExample {
|
||||
|
||||
private static final String END_OF_FRAME = "\u0000";
|
||||
|
||||
public static void main(final String[] args) throws Exception {
|
||||
// set up SSL keystores for Stomp connection
|
||||
System.setProperty("javax.net.ssl.keyStore", args[0]);
|
||||
System.setProperty("javax.net.ssl.keyStorePassword", args[1]);
|
||||
System.setProperty("javax.net.ssl.trustStore", args[2]);
|
||||
System.setProperty("javax.net.ssl.trustStorePassword", args[3]);
|
||||
|
||||
Connection connection = null;
|
||||
InitialContext initialContext = null;
|
||||
Security.addProvider(new Provider());
|
||||
|
||||
try {
|
||||
// Step 1. Create an SSL socket to connect to the broker
|
||||
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
|
||||
SSLSocket socket = (SSLSocket) sslsocketfactory.createSocket("localhost", 5500);
|
||||
|
||||
// Step 2. Send a CONNECT frame to connect to the server
|
||||
String connectFrame = "CONNECT\n" +
|
||||
"request-id: 1\n" +
|
||||
"\n" +
|
||||
END_OF_FRAME;
|
||||
sendFrame(socket, connectFrame);
|
||||
|
||||
readFrame(socket);
|
||||
|
||||
// Step 3. Send a SEND frame (a Stomp message) to the
|
||||
// jms.queue.exampleQueue address with a text body
|
||||
String text = "Hello, world from Stomp!";
|
||||
String message = "SEND\n" +
|
||||
"destination: jms.queue.exampleQueue\n" +
|
||||
"\n" +
|
||||
text +
|
||||
END_OF_FRAME;
|
||||
sendFrame(socket, message);
|
||||
System.out.println("Sent Stomp message: " + text);
|
||||
|
||||
// Step 4. Send a DISCONNECT frame to disconnect from the server
|
||||
String disconnectFrame = "DISCONNECT\n" +
|
||||
"\n" +
|
||||
END_OF_FRAME;
|
||||
sendFrame(socket, disconnectFrame);
|
||||
|
||||
// Step 5. Slose the TCP socket
|
||||
socket.close();
|
||||
|
||||
// We will now consume from JMS the message sent with Stomp.
|
||||
|
||||
// Step 6. Create an initial context to perform the JNDI lookup.
|
||||
initialContext = new InitialContext();
|
||||
|
||||
// Step 7. Perform a lookup on the queue and the connection factory
|
||||
Queue queue = (Queue) initialContext.lookup("queue/exampleQueue");
|
||||
ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
|
||||
|
||||
// Step 8.Create a JMS Connection, Session and a MessageConsumer on the queue
|
||||
connection = cf.createConnection("consumer", "activemq");
|
||||
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||
MessageConsumer consumer = session.createConsumer(queue);
|
||||
|
||||
// Step 9. Start the Connection
|
||||
connection.start();
|
||||
|
||||
// Step 10. Receive the message
|
||||
TextMessage messageReceived = (TextMessage) consumer.receive(5000);
|
||||
System.out.println("Received JMS message: " + messageReceived.getText());
|
||||
}
|
||||
finally {
|
||||
// Step 11. Be sure to close our JMS resources!
|
||||
if (initialContext != null) {
|
||||
initialContext.close();
|
||||
}
|
||||
if (connection != null) {
|
||||
connection.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private static void sendFrame(Socket socket, String data) throws Exception {
|
||||
byte[] bytes = data.getBytes(StandardCharsets.UTF_8);
|
||||
OutputStream outputStream = socket.getOutputStream();
|
||||
for (int i = 0; i < bytes.length; i++) {
|
||||
outputStream.write(bytes[i]);
|
||||
}
|
||||
outputStream.flush();
|
||||
}
|
||||
|
||||
private static String readFrame(Socket socket) throws Exception {
|
||||
byte[] bytes = new byte[2048];
|
||||
InputStream inputStream = socket.getInputStream();
|
||||
int nbytes = inputStream.read(bytes);
|
||||
byte[] data = new byte[nbytes];
|
||||
System.arraycopy(bytes, 0, data, 0, data.length);
|
||||
String resp = new String(data, StandardCharsets.UTF_8);
|
||||
System.out.println("Got response from server: " + resp);
|
||||
return resp;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
consumers=consumer
|
|
@ -0,0 +1,17 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
consumer=activemq
|
|
@ -0,0 +1,26 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<!--
|
||||
~ Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
~ contributor license agreements. See the NOTICE file distributed with
|
||||
~ this work for additional information regarding copyright ownership.
|
||||
~ The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
~ (the "License"); you may not use this file except in compliance with
|
||||
~ the License. You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<broker xmlns="http://activemq.org/schema">
|
||||
|
||||
<jaas-security domain="activemq" certificate-domain="activemq-cert"/>
|
||||
|
||||
<server configuration="file:${artemis.instance}/etc/broker.xml"/>
|
||||
|
||||
</broker>
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
<?xml version='1.0'?>
|
||||
<!--
|
||||
Licensed to the Apache Software Foundation (ASF) under one
|
||||
or more contributor license agreements. See the NOTICE file
|
||||
distributed with this work for additional information
|
||||
regarding copyright ownership. The ASF licenses this file
|
||||
to you under the Apache License, Version 2.0 (the
|
||||
"License"); you may not use this file except in compliance
|
||||
with the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing,
|
||||
software distributed under the License is distributed on an
|
||||
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
KIND, either express or implied. See the License for the
|
||||
specific language governing permissions and limitations
|
||||
under the License.
|
||||
-->
|
||||
|
||||
<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="urn:activemq"
|
||||
xsi:schemaLocation="urn:activemq /schema/artemis-server.xsd">
|
||||
|
||||
<jms xmlns="urn:activemq:jms">
|
||||
<!--the queue used by the example-->
|
||||
<queue name="exampleQueue"/>
|
||||
</jms>
|
||||
|
||||
<core xmlns="urn:activemq:core">
|
||||
|
||||
<bindings-directory>./data/messaging/bindings</bindings-directory>
|
||||
|
||||
<journal-directory>./data/messaging/journal</journal-directory>
|
||||
|
||||
<large-messages-directory>./data/messaging/largemessages</large-messages-directory>
|
||||
|
||||
<paging-directory>./data/messaging/paging</paging-directory>
|
||||
|
||||
<!-- Acceptors -->
|
||||
<acceptors>
|
||||
<acceptor name="netty-acceptor">tcp://localhost:61616</acceptor>
|
||||
<acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;needClientAuth=true;keyStorePath=${data.dir}/../etc/server-side-keystore.jks;keyStorePassword=secureexample;trustStorePath=${data.dir}/../etc/server-side-truststore.jks;trustStorePassword=secureexample</acceptor>
|
||||
</acceptors>
|
||||
|
||||
<!-- Other config -->
|
||||
|
||||
<security-settings>
|
||||
<!--security for example queue-->
|
||||
<security-setting match="jms.queue.exampleQueue">
|
||||
<permission type="consume" roles="consumers"/>
|
||||
<permission type="send" roles="producers"/>
|
||||
</security-setting>
|
||||
</security-settings>
|
||||
|
||||
</core>
|
||||
</configuration>
|
|
@ -0,0 +1,18 @@
|
|||
#
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
producers=producer
|
|
@ -0,0 +1,18 @@
|
|||
#
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
producer=CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,30 @@
|
|||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
activemq {
|
||||
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule required
|
||||
debug=false
|
||||
org.apache.activemq.jaas.properties.user="artemis-users.properties"
|
||||
org.apache.activemq.jaas.properties.role="artemis-roles.properties";
|
||||
};
|
||||
|
||||
activemq-cert {
|
||||
org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule required
|
||||
debug=true
|
||||
org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
|
||||
org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
|
||||
};
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,20 @@
|
|||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing,
|
||||
# software distributed under the License is distributed on an
|
||||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory
|
||||
connectionFactory.ConnectionFactory=tcp://localhost:61616
|
||||
queue.queue/exampleQueue=exampleQueue
|
Loading…
Reference in New Issue