activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Felix Koschmieder (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (AMQ-1754) org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
Date Tue, 24 Aug 2010 14:16:49 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=61368#action_61368
] 

Felix Koschmieder edited comment on AMQ-1754 at 8/24/10 10:16 AM:
------------------------------------------------------------------

Modifying the AMQ connection factory does not seem to be the ideal solution as is does not
work with failover connections.

Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.

The attached class is ready to be used in a spring context as follows:

{quote}
	<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory"
depends-on="amqSslTransportFactory">
      ...
    </bean>

    <bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory"
init-method="initialize">
        <property name="keyStore" value="classpath:keystore.ks"/>
        <property name="keyStorePassword" value="keystorepwd"/>
        <property name="trustStore" value="classpath:truststore.ts"/>
        <property name="trustStorePassword" value="truststorepwd"/>
  </bean>
{quote}

To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings
and change the logging framework as needed (currently slf4j).

Note that you don't need to override the method {{createServerSocketFactory()}} in a client
context. I have tested this with ActiveMQ 5.3.0.

      was (Author: fkoschmieder):
    Modifying the AMQ connection factory does not seem to be the ideal solution as is does
not work with failover connections.

Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.

The attached class is ready to be used in a spring context as follows:

{quote}
	<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory"
depends-on="amqSslTransportFactory">
      ...
    </bean>

    <bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory"
init-method="initialize">
        <property name="keyStore" value="classpath:keystore.ks"/>
        <property name="keyStorePassword" value="keystorepwd"/>
        <property name="trustStore" value="classpath:truststore.ts"/>
        <property name="trustStorePassword" value="truststorepwd"/>
  </bean>
{quote}

To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings
and change the logging framework as needed (currently slf4j).

I have tested this with ActiveMQ 5.3.0.
  
> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts
files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-1754
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1754
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Transport
>    Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
>         Environment: have tested with activemq-4.2.snapshot but should work with any
version.
>            Reporter: Sudip Shrestha
>             Fix For: NEEDS_REVIEWED
>
>         Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java,
ActiveMqSslTransportFactory.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create
client.ks/client.ts files for your jms client.  If you were to connect to the JMS server without
using the extended class would necessiate the user set the following system properties for
his VM: 
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then
the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword,
String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory
there by setting up the ConnectionFactory via SSL.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message