activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ar13 <andrew...@gmail.com>
Subject Re: Securing active MQ
Date Tue, 27 Jan 2009 22:06:49 GMT

OK 

I have been unable to get ActiveMQ to work in a system with two connected
networks

in the this set up 

system A has two NICs
NIC 0 connected to the public network
NIC 1 connected to a private network

I have configured AMQ to only listen on the private network for messages. I
have posted the configuration below. When the host machine has a host name
of either localhost or no host name then the configuration below allows AMQ
broker to start. However if the host gets a host name from the public
network then AMQ tries to resolve that hostname on the private interface and
fails to start. This happens even when the transport uri is configured with
the useLocalHost option.

Is there some basic error i am making ? We have other Apache foundation
tools ( such as Tomcat ) using this configuration successfully without a
problem.  I have posted the config file and the strack trace below.  I have
tried setting the broker name as well with no change. Is there some way to
disable the host resolution of AMQ ?

thanks

<!--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
   this work for additional information regarding copyright ownership.
   The ASF licenses this file to You under the Apache License, Version 2.0
   (the "License"); you may not use this file except in compliance with
   the License.  You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
-->
<!-- START SNIPPET: example -->
<beans
 xmlns="http://www.springframework.org/schema/beans"
 xmlns:amq="http://activemq.apache.org/schema/core"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
 http://activemq.apache.org/schema/core
http://activemq.apache.org/schema/core/activemq-core.xsd
 http://activemq.apache.org/camel/schema/spring
http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">

   <!-- Allows us to use system properties as variables in this
configuration file -->
   <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="locations">
          
<value>file:///${activemq.base}/conf/credentials.properties</value>
        </property>
   </bean>

   <broker xmlns="http://activemq.apache.org/schema/core"
brokerName="localhost" dataDirectory="${activemq.base}/data">

       <!-- Destination specific policies using destination names or
wildcards -->
       <destinationPolicy>
           <policyMap>
               <policyEntries>
                   <policyEntry queue=">" memoryLimit="5mb"/>
                   <policyEntry topic=">" memoryLimit="5mb">
                     <!-- you can add other policies too such as these
                       <dispatchPolicy>
                           <strictOrderDispatchPolicy/>
                       </dispatchPolicy>
                       <subscriptionRecoveryPolicy>
                           <lastImageSubscriptionRecoveryPolicy/>
                       </subscriptionRecoveryPolicy>
                     -->
                   </policyEntry>
               </policyEntries>
           </policyMap>
       </destinationPolicy>

       <!-- Use the following to configure how ActiveMQ is exposed in JMX
-->
       <managementContext>
           <managementContext createConnector="false"/>
       </managementContext>

       <!-- The store and forward broker networks ActiveMQ will listen to
-->
       <networkConnectors>
           <!-- by default just auto discover the other brokers -->
        <!--   <networkConnector name="default-nc"
uri="multicast://default"/> -->
           <!-- Example of a static configuration:
           <networkConnector name="host1 and host2"
uri="static://(tcp://host1:61616,tcp://host2:61616)"/>
           -->
       </networkConnectors>

       <persistenceAdapter>
           <amqPersistenceAdapter syncOnWrite="false"
directory="${activemq.base}/data" maxFileLength="20 mb"/>
       </persistenceAdapter>

       <!-- Use the following if you wish to configure the journal with JDBC
-->
       <!--
       <persistenceAdapter>
           <journaledJDBC dataDirectory="${activemq.base}/data"
dataSource="#postgres-ds"/>
       </persistenceAdapter>
       -->

       <!-- Or if you want to use pure JDBC without a journal -->
       <!--
       <persistenceAdapter>
           <jdbcPersistenceAdapter dataSource="#postgres-ds"/>
       </persistenceAdapter>
       -->

       <sslContext>
           <sslContext keyStore="file:${activemq.base}/conf/broker.ks"
keyStorePassword="password"
trustStore="file:${activemq.base}/conf/broker.ts"
trustStorePassword="password"/>
       </sslContext>

       <!--  The maximum about of space the broker will use before slowing
down producers -->
       <systemUsage>
           <systemUsage>
               <memoryUsage>
                   <memoryUsage limit="20 mb"/>
               </memoryUsage>
               <storeUsage>
                   <storeUsage limit="1 gb" name="foo"/>
               </storeUsage>
               <tempUsage>
                   <tempUsage limit="100 mb"/>
               </tempUsage>
           </systemUsage>
       </systemUsage>


       <!-- The transport connectors ActiveMQ will listen to -->
       <transportConnectors>
           <transportConnector name="openwire"
uri="tcp://192.168.98.101:61616?useLocalHost=true" />
       <!--    <transportConnector name="openwire"
uri="tcp://localhost:61616" discoveryUri="multicast://default"/>
           <transportConnector name="ssl" uri="ssl://localhost:61617"/>
           <transportConnector name="stomp" uri="stomp://localhost:61613"/>
           <transportConnector name="xmpp" uri="xmpp://localhost:61222"/>
-->
       </transportConnectors>

   </broker>

   <!--
   ** Lets deploy some Enterprise Integration Patterns inside the ActiveMQ
Message Broker
   ** For more details see
   **
   ** http://activemq.apache.org/enterprise-integration-patterns.html
   -->
   <camelContext id="camel"
xmlns="http://activemq.apache.org/camel/schema/spring">

       <!-- You can use a <package> element for each root package to search
for Java routes -->
       <package>org.foo.bar</package>

       <!-- You can use Spring XML syntax to define the routes here using
the <route> element -->
       <route>
           <from uri="activemq:example.A"/>
           <to uri="activemq:example.B"/>
       </route>
   </camelContext>

   <!--
   ** Lets configure some Camel endpoints
   **
   ** http://activemq.apache.org/camel/components.html
   -->

   <!-- configure the camel activemq component to use the current broker -->
   <bean id="activemq"
class="org.apache.activemq.camel.component.ActiveMQComponent" >
       <property name="connectionFactory">
         <bean class="org.apache.activemq.ActiveMQConnectionFactory">
           <property name="brokerURL"
value="vm://localhost?create=false&amp;waitForStart=10000" />
           <property name="userName" value="${activemq.username}"/>
           <property name="password" value="${activemq.password}"/>
         </bean>
       </property>
   </bean>



   <!-- Uncomment to create a command agent to respond to message based
admin commands on the ActiveMQ.Agent topic -->
   <!--
   <commandAgent xmlns="http://activemq.apache.org/schema/core"
brokerUrl="vm://localhost" username="${activemq.username}"
password="${activemq.password}"/>
   -->


   <!-- An embedded servlet engine for serving up the Admin console -->
   <jetty xmlns="http://mortbay.com/schemas/jetty/1.0">
       <connectors>
           <nioConnector port="8161"/>
       </connectors>

       <handlers>
           <webAppContext contextPath="/admin"
resourceBase="${activemq.base}/webapps/admin" logUrlOnStart="true"/>
           <webAppContext contextPath="/demo"
resourceBase="${activemq.base}/webapps/demo" logUrlOnStart="true"/>
           <webAppContext contextPath="/fileserver"
resourceBase="${activemq.base}/webapps/fileserver" logUrlOnStart="true"/>
       </handlers>
   </jetty>

   <!--  This xbean configuration file supports all the standard spring xml
configuration options -->

   <!-- Postgres DataSource Sample Setup -->
   <!--
   <bean id="postgres-ds" class="org.postgresql.ds.PGPoolingDataSource">
     <property name="serverName" value="localhost"/>
     <property name="databaseName" value="activemq"/>
     <property name="portNumber" value="0"/>
     <property name="user" value="activemq"/>
     <property name="password" value="activemq"/>
     <property name="dataSourceName" value="postgres"/>
     <property name="initialConnections" value="1"/>
     <property name="maxConnections" value="10"/>
   </bean>
   -->

   <!-- MySql DataSource Sample Setup -->
   <!--
   <bean id="mysql-ds" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
     <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
     <property name="url"
value="jdbc:mysql://localhost/activemq?relaxAutoCommit=true"/>
     <property name="username" value="activemq"/>
     <property name="password" value="activemq"/>
     <property name="maxActive" value="200"/>
     <property name="poolPreparedStatements" value="true"/>
   </bean>
   -->

   <!-- Oracle DataSource Sample Setup -->
   <!--
   <bean id="oracle-ds" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
     <property name="driverClassName"
value="oracle.jdbc.driver.OracleDriver"/>
     <property name="url" value="jdbc:oracle:thin:@localhost:1521:AMQDB"/>
     <property name="username" value="scott"/>
     <property name="password" value="tiger"/>
     <property name="maxActive" value="200"/>
     <property name="poolPreparedStatements" value="true"/>
   </bean>
   -->

   <!-- Embedded Derby DataSource Sample Setup -->
   <!--
   <bean id="derby-ds" class="org.apache.derby.jdbc.EmbeddedDataSource">
     <property name="databaseName" value="derbydb"/>
     <property name="createDatabase" value="create"/>
   </bean>
   -->

</beans>
<!-- END SNIPPET: example -->



2009-01-27 16:42:43,439 [erSimpleAppMain] INFO  DefaultCamelContext           
- JMX enabled. Using InstrumentationLifecycleStrategy.
2009-01-27 16:42:43,558 [erSimpleAppMain] ERROR BrokerService                 
- Failed to resolve localhost
2009-01-27 16:42:44,592 [erSimpleAppMain] INFO  BrokerService                 
- Using Persistence Adapter: AMQPersistenceAdapter(/opt/activemq/data)
2009-01-27 16:42:44,709 [erSimpleAppMain] INFO  AMQPersistenceAdapter         
- AMQStore starting using directory: /opt/activemq/data
2009-01-27 16:42:44,988 [erSimpleAppMain] INFO  KahaStore                     
- Kaha Store using data directory /opt/activemq/data/kr-store/state
2009-01-27 16:42:45,473 [erSimpleAppMain] INFO  AMQPersistenceAdapter         
- Active data files: []
2009-01-27 16:42:45,726 [erSimpleAppMain] INFO  BrokerService                 
- ActiveMQ 5.2.0 JMS Message Broker (localhost) is starting
2009-01-27 16:42:45,726 [erSimpleAppMain] INFO  BrokerService                 
- For help or more information please see: http://activemq.apache.org/
2009-01-27 16:42:45,820 [erSimpleAppMain] INFO  KahaStore                     
- Kaha Store using data directory /opt/activemq/data/kr-store/data
2009-01-27 16:42:46,126 [erSimpleAppMain] ERROR BrokerService                 
- Failed to start ActiveMQ JMS Message Broker. Reason: java.io.IOException:
Transport Connector could not be registered in JMX: Failed to bind to server
socket: tcp://192.168.98.101:61616?useLocalHost=true due to:
java.net.UnknownHostException: test_host.test_domain: test_host.test_domain
java.io.IOException: Transport Connector could not be registered in JMX:
Failed to bind to server socket:
tcp://192.168.98.101:61616?useLocalHost=true due to:
java.net.UnknownHostException: test_host.test_domain: test_host.test_domain
       at
org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:27)
       at
org.apache.activemq.broker.BrokerService.registerConnectorMBean(BrokerService.java:1434)
       at
org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:1893)
       at
org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:1844)
       at
org.apache.activemq.broker.BrokerService.start(BrokerService.java:480)
       at
org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:52)
       at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1368)
       at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1334)
       at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
       at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
       at java.security.AccessController.doPrivileged(Native Method)
       at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
       at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
       at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221)
       at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
       at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
       at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
       at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
       at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:729)
       at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:381)
       at
org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
       at
org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
       at
org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:96)
       at
org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:52)
       at
org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
       at
org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
       at
org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:115)
       at
org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
       at
org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57)
       at
org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:129)
       at
org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:57)
       at
org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:79)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at org.apache.activemq.console.Main.runTaskClass(Main.java:225)
       at org.apache.activemq.console.Main.main(Main.java:106)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at
org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240)
       at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: Failed to bind to server socket:
tcp://192.168.98.101:61616?useLocalHost=true due to:
java.net.UnknownHostException: test_host.test_domain: test_host.test_domain
       at
org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:33)
       at
org.apache.activemq.transport.tcp.TcpTransportServer.bind(TcpTransportServer.java:141)
       at
org.apache.activemq.transport.tcp.TcpTransportFactory.doBind(TcpTransportFactory.java:60)
       at
org.apache.activemq.transport.TransportFactory.bind(TransportFactory.java:131)
       at
org.apache.activemq.broker.TransportConnector.createTransportServer(TransportConnector.java:293)
       at
org.apache.activemq.broker.TransportConnector.getServer(TransportConnector.java:135)
       at
org.apache.activemq.broker.TransportConnector.asManagedConnector(TransportConnector.java:98)
       at
org.apache.activemq.broker.BrokerService.registerConnectorMBean(BrokerService.java:1428)
       ... 42 more
Caused by: java.net.UnknownHostException: test_host.test_domain:
test_host.test_domain
       at java.net.InetAddress.getLocalHost(Unknown Source)
       at
org.apache.activemq.transport.tcp.TcpTransportServer.bind(TcpTransportServer.java:133)
       ... 48 more
2009-01-27 16:42:46,129 [erSimpleAppMain] INFO  BrokerService                 
- ActiveMQ Message Broker (localhost, null) is shutting down
2009-01-27 16:42:46,129 [erSimpleAppMain] INFO  TransportConnector            
- Connector openwire Stopped
2009-01-27 16:42:46,204 [erSimpleAppMain] INFO  BrokerService                 
- ActiveMQ JMS Message Broker (localhost, null) stopped



-- 
View this message in context: http://www.nabble.com/Securing-active-MQ-tp21612521p21695484.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message