Red Hat Summit Red Hat Summitサポートコンソール開発者トライアルの開始お問い合わせ

このコンテンツは選択した言語では利用できません。

10.2. Configure and Run Active-MQ using Encrypted Passwords

Configure Password Encryption
リンクのコピー

ActiveMQ allows you to encrypt passwords and store them in configuration files. To encrypt the password, perform the following steps:
  1. Run encrypt command. 
    $ bin/activemq encrypt --password encrypt123 --input password1
INFO: Using default configuration
...
Encrypted text: jkS8uzTLGwAoBzxEadnG6j7vkY1GD4Zt
    Copy to Clipboard Toggle word wrap
    Where password is a secret used by the encryptor and input is the password you want to encrypt.
    Note
    Special characters, such as $/^&, are not supported. Use only alphanumeric characters for passwords.
  2. Add the password to the configuration file. By default, the credentials are added to the $ACTIVEMQ_HOME/conf/credentials-enc.properties.
    The contents of the credentials-enc.properties use the ENC() function to wrap encrypted passwords.
  3. Instruct the property loader to encrypt variables while loading properties to the memory.
    Note
    The property loader used for encryption is $ACTIVEMQ_HOME/examples/conf/activemq-security.xml.
    The contents of the activemq-security.xml shows the configuration that ActiveMQ uses to load encrypted passwords. The ACTIVEMQ_ENCRYPTION_PASSWORD environment variable is used to load the encryptor password. The property loads then de-crypts the password from the credential-enc.properties file. 
    <bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
  <property name="algorithm" value="PBEWithMD5AndDES" />
  <property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD" />
</bean>
                                                                      
<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
  <property name="config" ref="environmentVariablesConfiguration" />
</bean> 
     
<bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
  <constructor-arg ref="configurationEncryptor" />
  <property name="location" value="file:${activemq.base}/conf/credentials-enc.properties"/>
</bean>
    Copy to Clipboard Toggle word wrap
  4. Add the property to the activemq-security.xml as shown here: 
    <simpleAuthenticationPlugin>
  <users>
    <authenticationUser username="system"
        password="${activemq.password}"
        groups="users,admins"/>
    <authenticationUser username="user"
        password="${guest.password}"
        groups="users"/>
    <authenticationUser username="guest"
        password="${guest.password}"
        groups="guests"/>
  </users>
</simpleAuthenticationPlugin>
    Copy to Clipboard Toggle word wrap

Run Active-MQ using Encrypted Passwords
リンクのコピー

To run the Active-MQ broker with encrypted password configuration, follow the following steps:
  1. Set environment variable for encryption 
     $ export ACTIVEMQ_ENCRYPTION_PASSWORD=encrypt123
    Copy to Clipboard Toggle word wrap
  2. Set the AMQ broker 
     $ bin/activemq start xbean:examples/conf/activemq-security.xml
    Copy to Clipboard Toggle word wrap
  3. Reset the environment variable for encryption 
     $ unset ACTIVEMQ_ENCRYPTION_PASSWORD
    Copy to Clipboard Toggle word wrap
    Resetting the environment is important to avoid saving passwords on your system.

Configuring the network connector
リンクのコピー

Given two brokers, Broker A and Broker B, where Broker A is configured to perform authentication, you can configure Broker B to log on to Broker A by setting the userName attribute and the password attribute in the networkConnector element, as follows: 
<beans ...>
    <broker ...>
        ...
        <networkConnectors>
            <networkConnector name="BrokerABridge"
                              userName="Username"
                              password="Password"
                              uri="static://(ssl://brokerA:61616)"/>
            ...
        </networkConnectors>

        ...
    </broker>
</beans>
Copy to Clipboard Toggle word wrap
If Broker A is configured to connect to Broker B, Broker A's networkConnector element must also be configured with username/password credentials, even if Broker B is not configured to perform authentication. This is because Broker A's authentication plug-in checks for Broker A's username.
トップに戻る
Red Hat logoGithubredditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。 最新の更新を見る.

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

Theme

© 2025 Red Hat