This section explains how to enable LDAP authorization in the broker, so that the broker obtains its authorization data from the directory server. For each queue and topic, you can specify three different kinds of permission:
admin—allows you to create and destroy topics or queues.
read—allows you to read messages from topics or queues.
write—allows you to write messages to topics or queues.
Perform the following steps to enable LDAP authorization:
Add the LDAP authorization plug-in to the broker configuration. Open the broker configuration file,
$ACTIVEMQ_HOME/conf/activemq.xml
, with a text editor and add theauthorizationPlugin
element, as follows:<beans ...> <broker ...> ... <plugins> ... <authorizationPlugin> <map> <bean id="lDAPAuthorizationMap" class="org.apache.activemq.security.LDAPAuthorizationMap" xmlns="http://www.springframework.org/schema/beans"> <property name="initialContextFactory" value="com.sun.jndi.ldap.LdapCtxFactory"/> <property name="connectionURL" value="ldap://localhost:10389"/> <property name="authentication" value="simple"/> <property name="connectionUsername" value="uid=admin,ou=system"/> <property name="connectionPassword" value="secret"/> <property name="connectionProtocol" value=""/> <property name="topicSearchMatchingFormat" value="cn={0},ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/> <property name="topicSearchSubtreeBool" value="true"/> <property name="queueSearchMatchingFormat" value="cn={0},ou=Queue,ou=Destination,ou=ActiveMQ,ou=system"/> <property name="queueSearchSubtreeBool" value="true"/> <property name="advisorySearchBase" value="cn=ActiveMQ.Advisory,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/> <property name="tempSearchBase" value="cn=ActiveMQ.Temp,ou=Topic,ou=Destination,ou=ActiveMQ,ou=system"/> <property name="adminBase" value="(cn=admin)"/> <property name="adminAttribute" value="member"/> <property name="readBase" value="(cn=read)"/> <property name="readAttribute" value="member"/> <property name="writeBase" value="(cn=write)"/> <property name="writeAttribute" value="member"/> </bean> </map> </authorizationPlugin> </plugins> ... </broker> </beans>
If you have not already done so, add username/password credentials to the consumer tool,
example/src/ConsumerTool.java
, and to the producer tool,example/src/ProducerTool.java
, as described in Tutorial: Enable LDAP Authentication in the Broker and its Clients.Ensure that the X.500 directory server is running. If necessary, manually restart the X.500 directory server. If the server is not running, all broker connections will fail.
Run the broker. Open a new command prompt and start the broker by entering the following command:
activemq
Run the consumer client. Open a new command prompt, change directory to
example
and enter the following Ant command:ant consumer -Durl=tcp://localhost:61616 -Dmax=100
Run the producer client. Open a new command prompt, change directory to
example
and enter the following Ant command:ant producer -Durl=tcp://localhost:61616