消息中间件(5)-ActiveMQ后台监控
ActiveMQ提供了基于WEB的控制台,现在有两个版本。
监控的主要对象是连接的机器,队列,主题,消息。
1、在activemq.xml末尾引进内嵌的jetty.xml,用来启动web控制系统
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd"> ... <broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.data}"> ... </broker> <!--web 后台监控--> <import resource="jetty.xml"/> </beans>
2、在jetty.xml,由spring初始化运行内嵌式jetty容器
<bean id="Server" depends-on="jettyPort" class="org.eclipse.jetty.server.Server" init-method="start" destroy-method="stop"> <property name="connectors"> <list> <bean id="Connector" class="org.eclipse.jetty.server.nio.SelectChannelConnector"> <!-- see the jettyPort bean --> <property name="port" value="#{systemProperties['jetty.port']}" /> </bean> <!-- Enable this connector if you wish to use https with web console --> <!--开启之后,打开SSL功能 <bean id="SecureConnector" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <property name="port" value="8162" /> <property name="keystore" value="file:${activemq.conf}/broker.ks" /> <property name="password" value="password" /> </bean> --> </list> </property> <property name="handler"> <bean id="handlers" class="org.eclipse.jetty.server.handler.HandlerCollection"> <property name="handlers"> <list> <ref bean="rewrite"/> <ref bean="contexts" /> <ref bean="securityHandler" /> </list> </property> </bean> </property> </bean>
2.1端口配置,depends-on="jettyPort" 引用
<bean id="jettyPort" class="org.apache.activemq.web.WebConsolePort" init-method="start"> <!-- the default port number for the web console --> <property name="port" value="8161"/> </bean>2.2jetty所需的其他配置
<bean id="rewrite" class="org.eclipse.jetty.rewrite.handler.RewriteHandler"> <property name="rules"> <set> <bean class="org.eclipse.jetty.rewrite.handler.RedirectRegexRule"> <property name="regex" value="/api/jolokia(.*)"/> <property name="replacement" value="/hawtio/jolokia$1"/> </bean> </set> </property> </bean> <bean id="contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"> </bean>2.3 权限配置
<bean id="securityLoginService" class="org.eclipse.jetty.security.HashLoginService"> <property name="name" value="ActiveMQRealm" /> <property name="config" value="${activemq.conf}/jetty-realm.properties" /> </bean> <bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint"> <property name="name" value="BASIC" /> <property name="roles" value="user,admin" /> <!-- set authenticate=false to disable login --> <property name="authenticate" value="true" /> </bean> <bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint"> <property name="name" value="BASIC" /> <property name="roles" value="admin" /> <!-- set authenticate=false to disable login --> <property name="authenticate" value="true" /> </bean> <bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping"> <property name="constraint" ref="securityConstraint" /> <property name="pathSpec" value="/admin/*,*.jsp" /> </bean> <bean id="adminSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping"> <property name="constraint" ref="adminSecurityConstraint" /> <property name="pathSpec" value="*.action" /> </bean> <bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler"> <property name="loginService" ref="securityLoginService" /> <property name="authenticator"> <bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" /> </property> <property name="constraintMappings"> <list> <ref bean="adminSecurityConstraintMapping" /> <ref bean="securityConstraintMapping" /> </list> </property> <property name="handler"> <bean id="sec" class="org.eclipse.jetty.server.handler.HandlerCollection"> <property name="handlers"> <list> <bean class="org.eclipse.jetty.webapp.WebAppContext"> <property name="contextPath" value="/hawtio" /> <!--新的web管理平台---> <property name="war" value="${activemq.home}/webapps/hawtio" /> <property name="logUrlOnStart" value="true" /> </bean> <bean class="org.eclipse.jetty.webapp.WebAppContext"> <property name="contextPath" value="/admin" /> <!--老的web管理平台---> <property name="resourceBase" value="${activemq.home}/webapps/admin" /> <property name="logUrlOnStart" value="true" /> </bean> <bean class="org.eclipse.jetty.server.handler.ResourceHandler"> <property name="directoriesListed" value="false" /> <property name="welcomeFiles"> <list> <value>index.html</value> </list> </property> <!---自动加载webapps下面的资源--> <property name="resourceBase" value="${activemq.home}/webapps/" /> </bean> <bean id="defaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"> <property name="serveIcon" value="false" /> </bean> </list> </property> </bean> </property> </bean>
3、启动后,在浏览器中即可访问
http://127.0.0.1:8161/
包含三个项目:
(1)Manage ActiveMQ broker 新的管理平台
(2)Manage ActiveMQ broker using the old console 老的管理平台
(3)一些DEMO。
老的系统平台登录所需的配置文件
conf/jetty-realm.properties,只是基于BasicAuthenticator
# Defines users that can access the web (console, demo, etc.) # username: password [,rolename ...] admin: admin, admin
新的系统所需的平台配置,基于
conf/login.config
activemq {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
conf/users.properties
admin=admin
conf/groups.properties
admins=admin
4、安全校验原理,待续
太匆忙了,先写到这。。。