1) 安全接入机制:

  activemq启动时加载配置文件$ACTIVEMQ_HOME/conf/activemq.xml, 在activemq.xml的<broker>节点中添加以下元素以提供对建立连接时的用户名/密码的支持:

 <plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="manager"
groups
="users,admins"/>
<authenticationUser username="user" password="password"
groups
="users"/>
<authenticationUser username="guest" password="password" groups="guests"/>
</users>
</simpleAuthenticationPlugin>

<!-- lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />
<authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" />

<authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
<authorizationEntry topic="USERS.>" read="users" write="users" admin="users" />
<authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" />

<authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
</authorizationEntries>

<!-- let's assign roles to temporary destinations. comment this entry if we don't want any roles assigned to temp destinations -->
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry read="tempDestinationAdmins" write="tempDestinationAdmins" admin="tempDestinationAdmins"/>
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>

其中对哪种用户能够访问哪些类型的队列做了限制。

在客户端java连接activemq的配置如下:

<bean id="connectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL">
<value>tcp://10.100.8.5:61616?wireFormat.maxInactivityDuration=0&amp;jms.useAsyncSend=true</value>
</property>
<property name="userName" value="system"/>
<property name="password" value="manager"/>
</bean>

2)限定只能从本地连接activemq:

   <transportConnectors>

      <transportConnector name="openwire" uri="tcp://0.0.0.0:61616" />

   </transportConnectors>

  将上面的0.0.0.0改为localhost或127.0.0.1即可限定只能从本机连接。

3) 主备机机制:

    将连接的url设置为:

    failover:(tcp://primary:61616,tcp://secondary:61616)?randomize=false

 当primary断开后,会自动地连接secondary.

例如:

<bean id="connectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<!-- mq's URL -->
<!-- wireFormat.maxInactivityDuration=0 means never close the inactive connection -->
<property name="brokerURL">
<value>failover:(tcp://localhost:61616?wireFormat.maxInactivityDuration=0,tcp://10.100.8.5:61616?wireFormat.maxInactivityDuration=0)?randomize=false&amp;jms.useAsyncSend=true</value>
</property>
</bean>

注意当使用failover:时,jms.*类型的参数写在括号外面才对,否则activemq不能正确解析。

4)在同一个机器上启动多个MQ Broker

Master的配置文件为conf/activemq.xml, 将其复制一份,保存为activemq2.xml,然后做如下的修改:

1.        修改brokername属性,如:brokerName=”slaveBroker” 添加broker的属性 masterConnectorURI="tcp://masterhost:62001"

2.        修改data directory位置,使其不与masterdata directory重复:

<persistenceAdapter>

       <kahaDB directory=”${activemq.base}/data/kahaDB2” />

</persistenceAdapter>

 

3.        修改WEB控制台配置:
web
控制台的配置在jetty.xml中,复制这个文件保存为jetty2.xml,然后将jetty2.xml作为web控制台的配置文件:

<import resource=”jetty2.xml”/>

然后在jetty2.xml中修改web服务的端口以避免冲突:

<bean id=”Connector” …>

       <property name=”port” value=”8102” />

</bean>

 

启动slave broker:

cd  ${activemq-base}/bin

./activemq xbean:activemq2.xml  &

 

posted on 2011-08-12 17:38  桃源月色  阅读(6267)  评论(5编辑  收藏  举报