通过 IP 过滤从外部保护 ActiveMQ
我有一个 ActiveMQ 实例在面向外部的服务器上运行并公开 STOMP 接口。
我希望能够确保外部连接的客户端只能接收主题通知,而不能向主题本身发送任何内容。 任何内部连接的客户端都能够接收和发送。
我希望可以在主题或服务器级别设置一些规则,根据 IP 规则定义主题的权限,但我找不到任何对此的引用。
有谁对我如何做到这一点有任何建议,或者可能有其他方法来达到预期的效果?
I have an instance of ActiveMQ running on an externally facing server and exposing a STOMP interface.
I would like to be able to ensure that externally connected clients can only receive topic notifications, and not send anything to the topic themselves. Any internally connected clients will be able to both receive and send.
I was hoping there might be some rules I could set up on the topic or server level that define permissions to the topic based on IP rules, but I cant find any reference to this.
Does anyone have any suggestions on how I can do this, or perhaps alternative ways to reach the desired effect?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
目前,STOMP 传输在 IP 范围或内部与外部 IP 地址之间没有区别。
你可以使用用户角色吗? 拥有特殊用户和 内部联系的角色? 然后使用普通的访问控制列表,以便外部连接只能从主题消费而不能发布?
请参阅ActiveMQ 安全支持
There's not currently a distinction in the STOMP transport between IP ranges or internal v external IP addresses.
Could you use user roles though; having special users & roles for internal connections? Then use the normal access control lists so that external connections can only consume from topics and not publish?
See the ActiveMQ Security Support