package easyway.app.activemq.demo3;
import javax.management.ObjectName;
import org.apache.activemq.broker.jmx.BrokerViewMBean;
import org.apache.activemq.web.RemoteJMXBrokerFacade;
import org.apache.activemq.web.config.SystemPropertiesConfiguration;
/**
*
* RemoteJMXBrokerFacade 访问ActiveMQ JMX配置
* @author longgangbai
*
*/
public class ActiveMQJMX {
/**
* 通过JMX获取ActiveMQ各种信息
* @param args
*/
public static void main(String[] args) {
RemoteJMXBrokerFacade createConnector = new RemoteJMXBrokerFacade();
System.setProperty("webconsole.jmx.url", "service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi");
//System.setProperty("webconsole.jmx.user","controlRole");
//System.setProperty("webconsole.jmx.password","abcd1234");
SystemPropertiesConfiguration configuration = new SystemPropertiesConfiguration();
createConnector.setConfiguration(configuration);
try {
BrokerViewMBean brokerAdmin = createConnector.getBrokerAdmin();
String brokerName =brokerAdmin.getBrokerName();
System.out.println("BrokerName ="+brokerName );
long messages =brokerAdmin.getTotalMessageCount();
System.out.println("messages ="+messages );
long consumerCount=brokerAdmin.getTotalConsumerCount();
System.out.println("consumerCount ="+consumerCount );
long dequeueCount=brokerAdmin.getTotalDequeueCount();
System.out.println("dequeueCount ="+dequeueCount );
long enqueueCount=brokerAdmin.getTotalEnqueueCount();
System.out.println("enqueueCount ="+enqueueCount );
System.out.println(brokerAdmin.getBrokerName());
//获取Topic相关的ObjectName
ObjectName[] topicList=brokerAdmin.getTopics();
System.out.println("topic ="+topicList.length);
//获取Queue相关的ObjectName
ObjectName[] queueList=brokerAdmin.getQueues();
System.out.println("queue ="+queueList.length);
//根据ObjectName创建相关的JMX对象获取相关的信息。
} catch (Exception e) {
e.printStackTrace();
}
}
}
ActiveMQ配置安全性
监视ActiveMQ的方式有多种,在第一部分中已经说到了Web监视控制台,设置登录用户名和密码,这里再说一下JMX监控。运行了ActiveMQ之后,再运行jdk自带的jconsole即可以看到ActiveMQ的进程,如图:
|
1
2
3
|
SUNJMX=-Dcom.sun.management.jmxremote.port=1099
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
|
修改成
|
1
2
3
4
5
|
SUNJMX=-Dcom.sun.management.jmxremote.port=1616
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.password.file=%ACTIVEMQ_BASE%/conf/jmx.password
-Dcom.sun.management.jmxremote.access.file=%ACTIVEMQ_BASE%/conf/jmx.access
|
Linux下的找到:
|
1
2
3
4
5
|
#ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.port=11099 "
#ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_CONFIG_DIR}/jmx.password"
#ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_CONFIG_DIR}/jmx.access"
#ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.ssl=false"
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote"
|
去掉注释即可。
重启ActiveMQ之后,在用jconsole连接就需要输入用户名和密码,jmx.access文件配置用户的访问权限readonly和readwrite,admin readwrite表示用户admin具有读写权限。Jmx.password文件配置用户的密码,admin activemq 表示admin用户的密码是activemq。
除了监视台可以设置用户名和密码之后,ActiveMQ也可以对各个主题和队列设置用户名和密码,配置如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
<plugins>
<!--Configure authentication;Username,passwords andgroups-->
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system"password="manager"groups="users,admins"/>
<authenticationUser username="user"password="password"groups="users"/>
<authenticationUser username="guest"password="password"groups="guests"/>
<authenticationUser username="testUser"password="123456"groups="testGroup"/>
</users>
</simpleAuthenticationPlugin>
<!-- Lets configureadestination based authorization mechanism-->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue="queue.group.uum"read="users"write="users"admin="users"/>
<authorizationEntry queue=">"read="admins"write="admins"admin="admins"/>
<authorizationEntry queue="USERS.>"read="users"write="users"admin="users"/>
<authorizationEntry queue="GUEST.>"read="guests"write="guests,users"admin="guests,users"/>
<authorizationEntry queue="TEST.Q"read="guests"write="guests"/>
<authorizationEntry queue="test"read=" testGroup "write=" testGroup "/>
<authorizationEntry topic=">"read="admins"write="admins"admin="admins"/>
<authorizationEntry topic="USERS.>"read="users"write="users"admin="users"/>
<authorizationEntry topic="GUEST.>"read="guests"write="guests,users"admin="guests,users"/>
<authorizationEntry topic="ActiveMQ.Advisory.>"read="guests,users ,testGroup"write="guests,users ,testGroup "admin="guests,users ,testGroup "/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
|
simpleAuthenticationPlugin中设置用户名、密码和群组,authorizationPlugin设置主题和队列的访问群组,“>”表示所有的主题或者队列。上面的配置中添加了一个testUser,属于群组testGroup,同时设置test这个队列的访问读写权限为testGroup,当然admins也可以访问的,因为admins是对所有的队列都有访问权限。将第三部分代码中的设置用户名和密码改成刚刚添加的用户testUser,如果密码不正确,将会抛出User name or password is invalid.异常,如果testUser所属的群组不能访问test队列,那么会抛出User guest is not authorized to write to: queue://test异常。需要注意的是所有的群组都需要对以ActiveMQ.Advisory为前缀的主题具有访问权限。