| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <!-- |
| Secure ActiveMQ broker |
| For more information, see: |
| |
| http://activemq.apache.org/security.html |
| |
| Before you can run this configuration, you need to set ACTIVEMQ_ENCRYPTION_PASSWORD environment variable, like |
| |
| $ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq |
| |
| For more information see: http://activemq.apache.org/encrypted-passwords.html |
| |
| To run ActiveMQ with this configuration add xbean:conf/activemq-security.xml to your command |
| |
| e.g. $ bin/activemq console xbean:conf/activemq-security.xml |
| --> |
| <beans |
| xmlns="http://www.springframework.org/schema/beans" |
| xmlns:amq="http://activemq.apache.org/schema/core" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd |
| http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd"> |
| |
| <!-- Allows us to use encrypted system properties as variables in this configuration file --> |
| <bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> |
| <property name="algorithm" value="PBEWithMD5AndDES" /> |
| <property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD" /> |
| </bean> |
| |
| <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> |
| <property name="config" ref="environmentVariablesConfiguration" /> |
| </bean> |
| |
| <bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> |
| <constructor-arg ref="configurationEncryptor" /> |
| <property name="location" value="file:${activemq.base}/conf/credentials-enc.properties"/> |
| </bean> |
| |
| <!-- |
| Use this configuration if you don't want to set encryptor password using environment variable |
| Note however, that with this solution your passwords can be easily decrypted once the encrypter password is known |
| |
| <bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> |
| <property name="algorithm" value="PBEWithMD5AndDES"/> |
| <property name="password" value="activemq"/> |
| </bean> |
| --> |
| |
| <broker useJmx="true" persistent="false" xmlns="http://activemq.apache.org/schema/core" destroyApplicationContextOnStop="true"> |
| |
| <managementContext> |
| <managementContext createConnector="true"> |
| <property xmlns="http://www.springframework.org/schema/beans" name="environment"> |
| <map xmlns="http://www.springframework.org/schema/beans"> |
| <entry xmlns="http://www.springframework.org/schema/beans" key="jmx.remote.x.password.file" |
| value="conf/jmx.password"/> |
| <entry xmlns="http://www.springframework.org/schema/beans" key="jmx.remote.x.access.file" |
| value="conf/jmx.access"/> |
| </map> |
| </property> |
| </managementContext> |
| </managementContext> |
| |
| <plugins> |
| <!-- Configure authentication; Username, passwords and groups --> |
| <simpleAuthenticationPlugin> |
| <users> |
| <authenticationUser username="system" password="${activemq.password}" |
| groups="users,admins"/> |
| <authenticationUser username="user" password="${guest.password}" |
| groups="users"/> |
| <authenticationUser username="guest" password="${guest.password}" groups="guests"/> |
| </users> |
| </simpleAuthenticationPlugin> |
| |
| |
| <!-- Lets configure a destination based authorization mechanism --> |
| <authorizationPlugin> |
| <map> |
| <authorizationMap> |
| <authorizationEntries> |
| <authorizationEntry queue=">" read="admins" write="admins" admin="admins" /> |
| <authorizationEntry queue="USERS.>" read="users" write="users" admin="users" /> |
| <authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" /> |
| |
| <authorizationEntry queue="TEST.Q" read="guests" write="guests" /> |
| |
| <authorizationEntry topic=">" read="admins" write="admins" admin="admins" /> |
| <authorizationEntry topic="USERS.>" read="users" write="users" admin="users" /> |
| <authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" /> |
| |
| <authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/> |
| </authorizationEntries> |
| </authorizationMap> |
| </map> |
| </authorizationPlugin> |
| </plugins> |
| |
| <transportConnectors> |
| <transportConnector name="default" uri="tcp://0.0.0.0:61616"/> |
| </transportConnectors> |
| |
| </broker> |
| |
| <!-- |
| Configure command agent to be used in secured broker environment |
| Notice how we used ${activemq.username} and ${activemq.password} configured in credential.properties |
| --> |
| <commandAgent xmlns="http://activemq.apache.org/schema/core" brokerUrl="vm://localhost" username="${activemq.username}" password="${activemq.password}"/> |
| |
| <!-- Use Web applications and Camel in secured broker environment --> |
| <import resource="jetty.xml"/> |
| <import resource="camel.xml"/> |
| |
| </beans> |
