分指 定角色即权限信息； org.apache.shiro.realm.text.PropertiesRealm： user.username=password,role1,role2 指定用户 名/密码及其角色；role.role1=permission1,permission2 指定角色及权限信息； org.apache.shiro.realm.jdbc.JdbcRealm：通过 sql 查询相应的信息，如“select from users where username = ?”获取用户密码及盐；“select role_name from user_roles where username = ?” 获取用户角色；“select permission from roles_permissions where role_name = ?”获取角色对 应的权限信息；也可以调用相应的 api 进行自定义 sql； 授权，也叫访问控制，即在应用中控制谁能访问哪些资源（如访问页面/编辑数据/页面操作 等）。在授权中需了解的几个关键对象：主体（Subject）、资源（Resource）、权限（Permission）、 角色（Role）。 主体 主体，即访问应用的用户，在 Shiro 中使用 Subject 代表该用户。用户只有授权后才允许访 问相应的资源。 资源 在应用中用户可以访问的任何东西，比如访问 JSP 页面、查看/编辑某些数据、访问某个业

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 42.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2. Upgrading from 2.28.0 • Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure management.xml either by changing the default-access (not recommended) or specifically configuring a role-access for the particular MBean in question.  This applies to all MBean access including directly

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 42.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2. Upgrading from 2.28.0 • Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure management.xml either by changing the default-access (not recommended) or specifically configuring a role-access for the particular MBean in question.  This applies to all MBean access including directly

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 42.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2. Upgrading from 2.28.0 • Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure management.xml either by changing the default-access (not recommended) or specifically configuring a role-access for the particular MBean in question.  This applies to all MBean access including directly

Upgrading from older versions Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure management.xml either by changing the default-access (not recommended) or specifically configuring a role-access for the particular MBean in question. Note: this applies to all Versions 9 MBean access impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They will now need Versions 13 createNonDurableQueue as well. Again, this only has potential

Upgrading from older versions Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure management.xml either by changing the default-access (not recommended) or specifically configuring a role-access for the particular MBean in question. Note: this applies to all MBean access including directly impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They will now need createNonDurableQueue as well. Again, this only has potential impact for MQTT

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269 43.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2. Upgrading from 2.28.0 • Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure management.xml either by changing the default-access (not recommended) or specifically configuring a role-access for the particular MBean in question.  This applies to all MBean access including directly

impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They will now need createNonDurableQueue as well. Again, this only has potential impact for MQTT specific username and role during the authentication process. ii. When login.config is configured with the CertificateLoginModule which causes users to be assigned a username and role corresponding to add --user guest --password guest --role admin Versions 14 Use this instead: ./artemis user add --user-command-user guest --user-command-password guest --role admin In short, use user-command-user

impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They will now need createNonDurableQueue as well. Again, this only has potential impact for MQTT specific username and role during the authentication process. ii. When login.config is configured with the CertificateLoginModule which causes users to be assigned a username and role corresponding to changed. Instead of using something like this: ./artemis user add --user guest --password guest --role admin Use this instead: In short, use user-command-user in lieu of user and user-command-

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 43.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2. Upgrading from 2.28.0 • Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure management.xml either by changing the default-access (not recommended) or specifically configuring a role-access for the particular MBean in question.  This applies to all MBean access including directly