ActiveMQ IP-based authentication and authorization plug-in implementation

first, the realization principle

The ActiveMQ hierarchy diagram is shown in Figure 1.1.

Figure 1.1 ActiveMQ Structure hierarchy diagram

As the above figure shows, ActiveMQ is mainly composed of connectors, broker and message store, focusing on the broker section. Broker's representation in ActiveMQ is "Interface (interface)", which encapsulates ActiveMQ connection management, session management, message sending and receiving, and other functional methods, and Brokerfilte R implements this interface, and provides chain structure support, which can intercept the implementation of all broker methods and pass results to the next node of the chain structure, thus forming a complete "responsibility chain" mode.

The bottom Region of the broker section are the core components, all of which are all types of broker Plug-ins, which inherit from Brokerfilter, are compatible with the broker interface but extend the functionality of broker, and the specific functions of various plug-ins are as follows:

1) "System Plugin" refers to the ACIVEMQ internal use of Plugin mechanism to achieve some of the system functions, users can not be customized;

2) "Amq Plugin" refers to the ActiveMQ has been implemented, can be freely selected in the configuration file plug-ins, such as simple security plug-ins and JAAS security plug-ins;

3) "User Plugin" refers to the user's own implementation of the ActiveMQ Plug-ins, users need to put the relevant jar package into the ActiveMQ boot classpath, and configure the configuration file to properly load.

The ActiveMQ plug-in is actually a filter chain based on broke R, the entire design is similar to the filter structure of the Server Applet, all Plugin constitute a chain structure, each plug-in is actually a "interceptor", class structure As shown in Figure 1.2:

Figure 1.2 Broker class structure diagram

Because ActiveMQ allows users to implement personalized plug-ins themselves, ip-based authentication and authorization Plug-ins can be implemented on this principle. Second, the realization of source code 1, Ipauthenticationplugin

Package tewa.apache.activemq.security;

Import java.util.List;

Import Org.apache.activemq.broker.Broker;
Import Org.apache.activemq.broker.BrokerPlugin;

public class Ipauthenticationplugin implements Brokerplugin {
	list<string> allowedipaddresses;

	Public broker Installplugin (broker broker) throws Exception {return
		new Ipauthenticationbroker (broker, allowedipaddresses);
	}

	Public list<string> getallowedipaddresses () {return
		allowedipaddresses;
	}

	public void setallowedipaddresses (list<string> allowedipaddresses) {
		this.allowedipaddresses = Allowedipaddresses
	}
	

}

2, Ipauthenticationbroker

Package tewa.apache.activemq.security;
Import java.util.List;
Import Java.util.regex.Matcher;

Import Java.util.regex.Pattern;
Import Org.apache.activemq.advisory.AdvisoryBroker;
Import Org.apache.activemq.broker.Broker;
Import Org.apache.activemq.broker.BrokerFilter;
Import Org.apache.activemq.broker.ConnectionContext;
Import Org.apache.activemq.command.ConnectionInfo;
Import Org.slf4j.Logger;

Import Org.slf4j.LoggerFactory;
	public class Ipauthenticationbroker extends Brokerfilter {list<string> allowedipaddresses; Pattern pattern = pattern.compile ("^" ([0-9\\.]
	*):(.*)");
	
	Private static final Logger log = Loggerfactory.getlogger (Advisorybroker.class);
		Public Ipauthenticationbroker (Broker Next, list<string> allowedipaddresses) {super (next);
	this.allowedipaddresses = allowedipaddresses;

		public string getsubaddress (string remoteaddress) {string subaddress = null; for (int i = 0; i < remoteaddress.length (); i++) {Char ch = remoteaddress.charat (i);

				if (ch >= ' 0 ' && ch <= ' 9 ') {subaddress = remoteaddress.substring (i);
			Break
	} return subaddress; @Override public void Addconnection (ConnectionContext context, ConnectionInfo info) throws Exception {String re
		Moteaddress = Context.getconnection (). getremoteaddress (); Remoteaddress form such as: tcp://127.0.0.1:6572, because the regular expression is not used well, in this intercept 127.0.0.1:6572 to judge//This regular expression how to use, Welcome to enlighten Matcher Matcher = Patt
		Ern.matcher (Getsubaddress (remoteaddress));
			if (Matcher.matches ()) {String IP = matcher.group (1); if (!allowedipaddresses.contains (IP)) {throw new SecurityException ("Connecting from IP address + IP +" are not Allo
			Wed ");
			else {log.info ("Connecting from address {}", remoteaddress); } else {throw new SecurityException ("Invalid remote Address" + remoteaddress + "subaddress" + getsubaddress (Remo
		teaddress));
	} super.addconnection (context, info); }	
	
}

third, the installation of Plug-ins 1, the code export Jar:IPAuthenticationPlugin.jar;
2, the jar package copy to the ACTIVEMQ directory under the Lib directory;
3. Open Activemq\conf\activemq.xml and add in broker node:

<plugins> 
<bean xmlns= "Http://www.springframework.org/schema/beans" id= "Ipauthenticationplugin" class= "Tewa.apache.activemq.security.IPAuthenticationPlugin" >
	<property name= "Allowedipaddresses" > 
		<list>
		<value>127.0.0.1</value> 
		<value>192.168.168.1</value>
		</list>
	</property>
</bean>
</plugins>

4, restart the ACTIVEMQ service.


Note:
Test Plug-in ACTIVEMQ service version: V5.14.5;
Plug-in source download path: ActiveMQ based on IP authentication and authorization plug-in source and Jar


reference materials:1, http://blog.csdn.net/scorpio3k/article/details/48159839
2, "ActiveMQ in action" 6.3 Bar