Google Git
Sign in
apache / activemq-website / 4b856e9b8fa3258f6a2985d4393d8a4ea3be4121 / . / output / components / classic / documentation / complex-single-broker-configuration-stomp-only.html
blob: 61ba5410cf65260622d4554df442b4168e332477 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>ActiveMQ</title>
<link rel="icon" type="image/png" href="/assets/img/favicon.png">
<link rel="stylesheet" href="/css/main.css">
<script defer src="/js/fontawesome-all.min.js" integrity="sha384-rOA1PnstxnOBLzCLMcre8ybwbTmemjzdNlILg8O7z1lUkLXozs4DHonlDtnE7fpc"></script>
<script src="/js/jquery.slim.min.js" integrity="sha384-5AkRS45j4ukf+JbWAfHL8P4onPA9p0KwwP7pUdjSQA3ss9edbJUJc/XcYAiheSSz"></script>
<script src="/js/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q"></script>
<script src="/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl"></script>
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-light fixed-top">
<div class="container">
<!-- <a class="navbar-brand mr-auto" href="#"><img style="height: 50px" src="assets/img/apache-feather.png" /></a> -->
<a class="navbar-brand mr-auto" href="/"><img src="/assets/img/activemq_logo_black_small.png" style="height: 50px"/></a>
<button class="navbar-toggler ml-auto" type="button" data-toggle="collapse" data-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="ml-auto collapse navbar-collapse" id="navbarContent">
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a class="nav-link active" href="/news">News</a>
</li>
<li class="nav-item dropdown">
<a class="nav-link" id="navbarDropdownComponents" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Components<span class="caret"></span></a>
<ul class="dropdown-menu dropdown-menu-center" aria-labelledby="navbarDropdownComponents">
<div class="row">
<div class="col-12">
<ul class="multi-column-dropdown">
<li class="nav-item"><a class="dropdown-item" href="/components/classic">ActiveMQ Classic</a></li>
<li class="nav-item"><a class="dropdown-item" href="/components/artemis/">ActiveMQ Artemis</a></li>
<li class="nav-item"><a class="dropdown-item" href="/components/nms">NMS Clients</a></li>
<li class="nav-item"><a class="dropdown-item" href="/components/cms">CMS Client</a></li>
</ul>
</div>
</div>
</ul>
</li>
<li class="nav-item dropdown">
<a class="nav-link" id="navbarDropdownCommunity" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Community<span class="caret"></span></a>
<ul class="dropdown-menu dropdown-menu-center multi-column columns-1" aria-labelledby="navbarDropdownCommunity">
<div class="row">
<div class="col-12">
<ul class="multi-column-dropdown">
<li class="nav-item"><a class="dropdown-item" href="/contact">Contact Us</a></li>
<li class="nav-item"><a class="dropdown-item" href="/contributing">Contribute</a></li>
<li class="nav-item"><a class="dropdown-item" href="/issues">Report Issues</a></li>
<li class="nav-item"><a class="dropdown-item" href="/support">Get Support</a></li>
</ul>
</div>
</div>
</ul>
</li>
<li class="nav-item dropdown">
<a class="nav-link" id="navbarDropdownTeam" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><img src="/assets/img/feather.png" style="height:20px">Apache<span class="caret"></span></a>
<ul class="dropdown-menu dropdown-menu-center multi-column columns-1" aria-labelledby="navbarDropdownTeam">
<div class="row">
<div class="col-sm-12">
<ul class="multi-column-dropdown">
<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org">The Apache Software Foundation</a></li>
<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/licenses/">License</a></li>
<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
<li class="nav-item"><a class="dropdown-item" href="/security-advisories">Security</a></li>
<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/events/current-event">Events</a></li>
<li class="nav-item"><a class="dropdown-item" href="https://people.apache.org/phonebook.html?pmc=activemq">PMC & Committers</a></li>
<li class="nav-item"><a class="dropdown-item" href="https://whimsy.apache.org/board/minutes/ActiveMQ.html">Board Reports</a></li>
<li class="nav-item"><a class="dropdown-item" href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a></li>
</ul>
</div>
</div>
</ul>
</li>
</ul>
</div>
</div>
</nav>
<div class="content">
<div class="page-title-classic">
<div class="container">
<h1>Complex Single Broker Configuration (STOMP only)</h1>
</div>
</div>
<div class="container" >
<div class="row" style="margin-top: 30px">
<div class="col-12 classic">
<p><a href="using-activemq-classic">Using ActiveMQ Classic</a> &gt; <a href="user-submitted-configurations">User Submitted Configurations</a> &gt; <a href="complex-single-broker-configuration-stomp-only">Complex Single Broker Configuration (STOMP only)</a></p>
<p>Example of an ActiveMQ Classic configuration with predefined queues, simple destination security (could easily update it to JAAS), complex Web Console security with Jetty JAAS, and JMX security too.</p>
<p>While this is a fairly detailed configuration, it locks down every ActiveMQ Classic service. It would be ideal if ActiveMQ Classic shipped with a default closed configuration like this.</p>
<p>ActiveMQ Classic is assumed to be installed in /usr/local/activemq/ in this example.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&lt;!--
ActiveMQ Classic activemq.xml configuration file (/usr/local/activemq/conf/activemq.xml)
* ActiveMQ Classic JVM Startup options are in /etc/activemq.conf
* Uses the Sun JMX connector for remote management. Point jconsole at:
service:jmx:rmi:///jndi/rmi://myserver.domain.net:61616/jmxrmi
* Uses Kaha persistence storage, stored in the "activemq-data" directory.
"activemq-data" and "logs" sub-directories must be writable by the
ActiveMQ Classic user.
* Also see conf/log4j.properties for logging configuration
--&gt;
&lt;beans&gt;
&lt;!-- Enables system properties as variables in this configuration file --&gt;
&lt;bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/&gt;
&lt;broker xmlns="http://activemq.org/config/1.0" brokerName="SERVER1"
populateJMSXUserID="true" useJmx="true" persistent="true"&gt;
&lt;!-- Queue setup. Queues can be created on the fly by any user with
admin rights, but it is not good to give every user admin rights. --&gt;
&lt;destinations&gt;
&lt;queue physicalName="widgets" /&gt;
&lt;queue physicalName="spacecontrol" /&gt;
&lt;queue physicalName="displays" /&gt;
&lt;/destinations&gt;
&lt;!-- We only allow Stomp clients --&gt;
&lt;transportConnectors&gt;
&lt;transportConnector name="stomp" uri="stomp://localhost:61613"/&gt;
&lt;/transportConnectors&gt;
&lt;!-- We don't have any other brokers to connect to --&gt;
&lt;networkConnectors&gt;
&lt;/networkConnectors&gt;
&lt;!-- Do not create an ActiveMQ JMX connector. Use the Sun JMX connector
instead, and hook ActiveMQ Classic to it. --&gt;
&lt;managementContext&gt;
&lt;managementContext createConnector="false" /&gt;
&lt;/managementContext&gt;
&lt;plugins&gt;
&lt;simpleAuthenticationPlugin&gt;
&lt;users&gt;
&lt;authenticationUser username="sa" password="manager" groups="producers,consumers,admins" /&gt;
&lt;authenticationUser username="frontend" password="manager" groups="producers,consumers" /&gt;
&lt;authenticationUser username="backend" password="manager" groups="consumers" /&gt;
&lt;/users&gt;
&lt;/simpleAuthenticationPlugin&gt;
&lt;authorizationPlugin&gt;
&lt;map&gt;
&lt;authorizationMap&gt;
&lt;authorizationEntries&gt;
&lt;authorizationEntry queue="&gt;" write="producers" read="consumers" admin="admins" /&gt;
&lt;/authorizationEntries&gt;
&lt;/authorizationMap&gt;
&lt;/map&gt;
&lt;/authorizationPlugin&gt;
&lt;/plugins&gt;
&lt;/broker&gt;
&lt;!-- Do not create ActiveMQ.Agent topic, as it does not work if
destination security is enabled --&gt;
&lt;!-- &lt;commandAgent xmlns="http://activemq.org/config/1.0"/&gt; --&gt;
&lt;!-- Web Console. Auth is via JAAS. Beware: jetty-plus-6.1.4.jar contains the
JAAS classes, and is not included with ActiveMQ Classic. You need to download
separately. Web Console queue browser will fail, as it tries to use JMS
to browse the queue, and that requires a password.
--&gt;
&lt;jetty xmlns="http://mortbay.com/schemas/jetty/1.0"&gt;
&lt;connectors&gt;
&lt;nioConnector port="8161" /&gt;
&lt;/connectors&gt;
&lt;userRealms&gt;
&lt;!-- "name" must match the realm in web.xml, and "loginModuleName" must be defined in login.conf --&gt;
&lt;jaasUserRealm name="ActiveMQ" loginModuleName="ActiveMQ"
callbackHandlerClass="org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler" /&gt;
&lt;/userRealms&gt;
&lt;handlers&gt;
&lt;webAppContext contextPath="/admin" resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" /&gt;
&lt;/handlers&gt;
&lt;/jetty&gt;
&lt;/beans&gt;
</code></pre></div></div>
<p>Add this XML snippet to the web.xml for the /admin/ app, in order to enable HTTP Authentication to match the activemq.xml configuration above.</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&lt;security-constraint&gt;
&lt;web-resource-collection&gt;
&lt;web-resource-name&gt;Web Console&lt;/web-resource-name&gt;
&lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/web-resource-collection&gt;
&lt;auth-constraint&gt;
&lt;role-name&gt;admins&lt;/role-name&gt;
&lt;/auth-constraint&gt;
&lt;/security-constraint&gt;
&lt;login-config&gt;
&lt;auth-method&gt;BASIC&lt;/auth-method&gt;
&lt;realm-name&gt;ActiveMQ&lt;/realm-name&gt;
&lt;/login-config&gt;
</code></pre></div></div>
</div>
</div>
</div>
</div>
<div class="row sitemap">
<div class="col-sm-12">
<div class="container">
<div class="row">
<div class="col-sm-12">
<div class="row">
<div class="col-sm-3">
<div >
<img class="float-left" style="max-height: 100px" src="/assets/img/activemq_logo_white_vertical_small.png"/>
</div>
</div>
<div style="text-align: center; margin-bottom: 0px; margin-top: 30px; font-size: 65%" class="col-sm-6">
<p><a href="https://www.apache.org/foundation/marks/list/">Apache, ActiveMQ, Apache ActiveMQ</a>, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. Copyright &copy; 2024, The Apache Software Foundation. Licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>.</p>
</div>
<div class="col-sm-3">
<div >
<a href="https://www.apache.org"><img class="float-right" style="margin-top: 10px; max-height: 80px" src="/assets/img/apache-logo-small.png"/></a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>