| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="UTF-8"> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| <meta http-equiv="X-UA-Compatible" content="ie=edge"> |
| <title>ActiveMQ</title> |
| <link rel="icon" type="image/png" href="/assets/img/favicon.png"> |
| |
| <link rel="stylesheet" href="/css/main.css"> |
| <script defer src="https://use.fontawesome.com/releases/v5.0.8/js/all.js" integrity="sha384-SlE991lGASHoBfWbelyBPLsUlwY1GwNDJo3jSJO04KZ33K2bwfV9YBauFfnzvynJ" crossorigin="anonymous"></script> |
| <script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script> |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous"></script> |
| <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script> |
| </head> |
| |
| <body> |
| <nav class="navbar navbar-expand-lg navbar-light fixed-top"> |
| <div class="container"> |
| <!-- <a class="navbar-brand mr-auto" href="#"><img style="height: 50px" src="assets/img/apache-feather.png" /></a> --> |
| <a class="navbar-brand mr-auto" href="/"><img src="/assets/img/activemq_logo_black_small.png" style="height: 50px"/></a> |
| <button class="navbar-toggler ml-auto" type="button" data-toggle="collapse" data-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false" aria-label="Toggle navigation"> |
| <span class="navbar-toggler-icon"></span> |
| </button> |
| |
| <div class="ml-auto collapse navbar-collapse" id="navbarContent"> |
| <ul class="navbar-nav ml-auto"> |
| <li class="nav-item"> |
| <a class="nav-link active" href="/index.html">Home</a> |
| </li> |
| <li class="nav-item dropdown"> |
| <a class="nav-link" id="navbarDropdownComponents" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Components</a> |
| <ul class="dropdown-menu dropdown-menu-center" aria-labelledby="navbarDropdownComponents"> |
| <div class="row"> |
| <div class="col-12"> |
| <ul class="multi-column-dropdown"> |
| <li class="nav-item"><a class="dropdown-item" href="/components/classic">ActiveMQ 5</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="/components/artemis/">ActiveMQ Artemis</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="/components/nms">NMS Clients</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="/components/cms">CMS Client</a></li> |
| </ul> |
| </div> |
| </div> |
| </ul> |
| </li> |
| <li class="nav-item dropdown"> |
| <a class="nav-link" id="navbarDropdownCommunity" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Contact</a> |
| <ul class="dropdown-menu dropdown-menu-center multi-column columns-1" aria-labelledby="navbarDropdownCommunity"> |
| <div class="row"> |
| <div class="col-12"> |
| <ul class="multi-column-dropdown"> |
| <li class="nav-item"><a class="dropdown-item" href="/contact#mailing">Mailing Lists</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="/contact#chat">Chat</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="/contact#issues">Report Issues</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="/contact#contributing">Contributing</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="/security-advisories.html">Security</a></li> |
| </ul> |
| </div> |
| </div> |
| </ul> |
| </li> |
| <li class="nav-item dropdown"> |
| <a class="nav-link" id="navbarDropdownTeam" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Apache</a> |
| <ul class="dropdown-menu dropdown-menu-center multi-column columns-1" aria-labelledby="navbarDropdownTeam"> |
| <div class="row"> |
| <div class="col-sm-12"> |
| <ul class="multi-column-dropdown"> |
| <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org">The Apache Software Foundation</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/licenses/">License</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="/security-advisories.html">Security</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/events/current-event">Events</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="https://people.apache.org/phonebook.html?pmc=activemq">PMC & Committers</a></li> |
| <li class="nav-item"><a class="dropdown-item" href="/team/reports">Board Reports</a></li> |
| </ul> |
| </div> |
| </div> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </nav> |
| |
| <div class="content"> |
| <div class="page-title-activemq5"> |
| <div class="container"> |
| <h1>Complex Single Broker Configuration (STOMP only)</h1> |
| </div> |
| </div> |
| <div class="container" > |
| <div class="row" style="margin-top: 30px"> |
| <div class="col-12 activemq5"> |
| <p><a href="using-activemq">Using ActiveMQ</a> > <a href="user-submitted-configurations">User Submitted Configurations</a> > <a href="complex-single-broker-configuration-stomp-only">Complex Single Broker Configuration (STOMP only)</a></p> |
| |
| <p>Example of an ActiveMQ configuration with predefined queues, simple destination security (could easily update it to JAAS), complex Web Console security with Jetty JAAS, and JMX security too.</p> |
| |
| <p>While this is a fairly detailed configuration, it locks down every ActiveMQ service. It would be ideal if ActiveMQ shipped with a default closed configuration like this.</p> |
| |
| <p>ActiveMQ is assumed to be installed in /usr/local/activemq/ in this example.</p> |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code><!-- |
| ActiveMQ activemq.xml configuration file (/usr/local/activemq/conf/activemq.xml) |
| |
| * ActiveMQ JVM Startup options are in /etc/activemq.conf |
| |
| * Uses the Sun JMX connector for remote management. Point jconsole at: |
| service:jmx:rmi:///jndi/rmi://myserver.domain.net:61616/jmxrmi |
| |
| * Uses Kaha persistence storage, stored in the "activemq-data" directory. |
| "activemq-data" and "logs" sub-directories must be writable by the |
| ActiveMQ user. |
| |
| * Also see conf/log4j.properties for logging configuration |
| --> |
| |
| <beans> |
| <!-- Enables system properties as variables in this configuration file --> |
| <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> |
| |
| <broker xmlns="http://activemq.org/config/1.0" brokerName="SERVER1" |
| populateJMSXUserID="true" useJmx="true" persistent="true"> |
| |
| <!-- Queue setup. Queues can be created on the fly by any user with |
| admin rights, but it is not good to give every user admin rights. --> |
| <destinations> |
| <queue physicalName="widgets" /> |
| <queue physicalName="spacecontrol" /> |
| <queue physicalName="displays" /> |
| </destinations> |
| |
| <!-- We only allow Stomp clients --> |
| <transportConnectors> |
| <transportConnector name="stomp" uri="stomp://localhost:61613"/> |
| </transportConnectors> |
| |
| <!-- We don't have any other brokers to connect to --> |
| <networkConnectors> |
| </networkConnectors> |
| |
| <!-- Do not create an ActiveMQ JMX connector. Use the Sun JMX connector |
| instead, and hook ActiveMQ to it. --> |
| <managementContext> |
| <managementContext createConnector="false" /> |
| </managementContext> |
| |
| <plugins> |
| <simpleAuthenticationPlugin> |
| <users> |
| <authenticationUser username="sa" password="manager" groups="producers,consumers,admins" /> |
| <authenticationUser username="frontend" password="manager" groups="producers,consumers" /> |
| <authenticationUser username="backend" password="manager" groups="consumers" /> |
| </users> |
| </simpleAuthenticationPlugin> |
| <authorizationPlugin> |
| <map> |
| <authorizationMap> |
| <authorizationEntries> |
| <authorizationEntry queue=">" write="producers" read="consumers" admin="admins" /> |
| </authorizationEntries> |
| </authorizationMap> |
| </map> |
| </authorizationPlugin> |
| </plugins> |
| |
| </broker> |
| |
| <!-- Do not create ActiveMQ.Agent topic, as it does not work if |
| destination security is enabled --> |
| <!-- <commandAgent xmlns="http://activemq.org/config/1.0"/> --> |
| |
| <!-- Web Console. Auth is via JAAS. Beware: jetty-plus-6.1.4.jar contains the |
| JAAS classes, and is not included with ActiveMQ. You need to download |
| separately. Web Console queue browser will fail, as it tries to use JMS |
| to browse the queue, and that requires a password. |
| --> |
| |
| <jetty xmlns="http://mortbay.com/schemas/jetty/1.0"> |
| <connectors> |
| <nioConnector port="8161" /> |
| </connectors> |
| |
| <userRealms> |
| <!-- "name" must match the realm in web.xml, and "loginModuleName" must be defined in login.conf --> |
| <jaasUserRealm name="ActiveMQ" loginModuleName="ActiveMQ" |
| callbackHandlerClass="org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler" /> |
| </userRealms> |
| |
| <handlers> |
| <webAppContext contextPath="/admin" resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true" /> |
| </handlers> |
| </jetty> |
| </beans> |
| </code></pre></div></div> |
| <p>Add this XML snippet to the web.xml for the /admin/ app, in order to enable HTTP Authentication to match the activemq.xml configuration above.</p> |
| <div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code><security-constraint> |
| <web-resource-collection> |
| <web-resource-name>Web Console</web-resource-name> |
| <url-pattern>/*</url-pattern> |
| </web-resource-collection> |
| <auth-constraint> |
| <role-name>admins</role-name> |
| </auth-constraint> |
| </security-constraint> |
| |
| <login-config> |
| <auth-method>BASIC</auth-method> |
| <realm-name>ActiveMQ</realm-name> |
| </login-config> |
| </code></pre></div></div> |
| |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="row sitemap"> |
| <div class="col-sm-12"> |
| <div class="container"> |
| <div class="row"> |
| <div class="col-sm-12"> |
| <div class="row"> |
| <div class="col-sm-3"> |
| <div > |
| <img class="float-left" style="max-height: 100px" src="/assets/img/activemq_logo_white_vertical_small.png"/> |
| </div> |
| </div> |
| <div style="text-align: center; margin-bottom: 0px; margin-top: 30px; font-size: 65%" class="col-sm-6"> |
| <p>Apache ActiveMQ, ActiveMQ, ActiveMQ Artemis, Apache, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. Copyright © 2019, The Apache Software Foundation. Licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>.</p> |
| </div> |
| <div class="col-sm-3"> |
| <div > |
| <a href="https://www.apache.org"><img class="float-right" style="margin-top: 10px; max-height: 80px" src="/assets/img/apache-logo-small.png"/></a> |
| </div> |
| </div> |
| </div> |
| </div> |
| </div> |
| </div> |
| </div> |
| </div> |
| |
| </body> |
| </html> |