activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mvtiru <mvtiruvaiy...@gmail.com>
Subject Re: Help with mutual authentication using ActiveMQ 5.3
Date Tue, 25 May 2010 22:28:28 GMT

Thank you James. I am able to get over the orginal exception I report after
commenting out the Jetty.xml import in ActiveMQ. Thanks for your pointer.
That helped.  But now to the next big problem in the same chain - As ever,
all your help is greatly appreciated.

Thanking in advance.

Scenario - Mutual Authentication not working with Fuse and ActiveMQ - Client
(Fuse-Karaf) and Server (ActiveMQ)

Cannot get mutual authentication to work. I am trying to connect my services
deployed in Fuse Karaf container to connect to the ActiveMQ using mutual
authentication. I believe I have followed the example (SSL/TLS Tutorial for
ActiveMQ 5.3) and I have deployed the client and server side certificates
correctly (broker.ts and client.ts under
D:\progress\fuse-message-broker-5.3.1-00-00\conf). Following is the
exception message I get on the Fuse log

D:\Fuse\bin>karaf
____ _ __ __ _
__| ___ _ ____ _() ___ __| \/ ()_ __
___ \ / _ \ '__\ \ / / |/ __/ _ \ |\/| | \ \/ /
__) | __/ | \ V /| | (| __/ | | | |> <
___/ _|| _/ ||__|| ||/_/_\

Apache ServiceMix (4.2.0-fuse-01-00)

it '<tab>' for a list of available commands
nd '[cmd] --help' for help on a specific command.

araf@root> Exception in thread "SpringOsgiExtenderThread-57"
org.springframework.beans.factory.BeanCreationException: Error creatin
bean with name 'ExampleObjectService_NORTH' defined in URL
[bundleentry://195.fwk6460907/META-INF/spring/camel-context.xml]: Invoc
tion of init method failed; nested exception is
org.apache.camel.RuntimeCamelException:
org.springframework.jms.UncategorizedJmsExc
ption: Uncategorized exception occured during JMS processing; nested
exception is javax.jms.JMSException: Could not connect to brok
r URL: ssl://localhost:61617. Reason: java.net.SocketException: Software
caused connection abort: recv failed
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFa
tory.java:1338)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFact
ry.java:473)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.jav
:409)
at java.security.AccessController.doPrivileged(Native Method)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactor
.java:380)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222

at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.
ava:429)
at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext
java:728)
at
org.springframework.osgi.context.support.AbstractDelegatedExecutionApplicationContext.access$1600(AbstractDelegatedExecut
onApplicationContext.java:69)
at
org.springframework.osgi.context.support.AbstractDelegatedExecutionApplicationContext$4.run(AbstractDelegatedExecutionApp
icationContext.java:355)
at
org.springframework.osgi.util.internal.PrivilegedUtils.executeWithCustomTCCL(PrivilegedUtils.java:85)
at
org.springframework.osgi.context.support.AbstractDelegatedExecutionApplicationContext.completeRefresh(AbstractDelegatedEx
cutionApplicationContext.java:320)
at
org.springframework.osgi.extender.internal.dependencies.startup.DependencyWaiterApplicationContextExecutor$CompleteRefres
Task.run(DependencyWaiterApplicationContextExecutor.java:136)
at java.lang.Thread.run(Thread.java:619)
aused by: org.apache.camel.RuntimeCamelException:
org.springframework.jms.UncategorizedJmsException: Uncategorized exception
occure
during JMS processing; nested exception is javax.jms.JMSException: Could not
connect to broker URL: ssl://localhost:61617. Reason:
java.net.SocketException: Software caused connection abort: recv failed
at
org.apache.camel.util.ObjectHelper.wrapRuntimeCamelException(ObjectHelper.java:1055)
at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:100)
at
org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:98)
at
org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:111)
at
org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:118)
at
ge.energy.ssi.spf.service_registry.endpoint.ServiceRegistryInvoker.sendMessage(ServiceRegistryInvoker.java:98)
at
ge.energy.ssi.spf.service_registry.endpoint.ServiceRegistryInvoker.registerServiceEPR(ServiceRegistryInvoker.java:214)
at ge.energy.ssi.spf.SPFEndpoint.afterPropertiesSet(SPFEndpoint.java:188)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBea
Factory.java:1369)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFa
tory.java:1335)
... 17 more
aused by: org.springframework.jms.UncategorizedJmsException: Uncategorized
exception occured during JMS processing; nested exceptio
is javax.jms.JMSException: Could not connect to broker URL:
ssl://localhost:61617. Reason: java.net.SocketException: Software caus
d connection abort: recv failed
at
org.springframework.jms.support.JmsUtils.convertJmsAccessException(JmsUtils.java:308)
at
org.springframework.jms.support.JmsAccessor.convertJmsAccessException(JmsAccessor.java:168)
at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:474)
at
org.apache.camel.component.jms.JmsConfiguration$CamelJmsTemplate.send(JmsConfiguration.java:195)
at org.apache.camel.component.jms.JmsProducer.doSend(JmsProducer.java:375)
at
org.apache.camel.component.jms.JmsProducer.processInOnly(JmsProducer.java:320)
at org.apache.camel.component.jms.JmsProducer.process(JmsProducer.java:150)
at
org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:179)
at
org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:161)
at org.apache.camel.impl.ProducerCache.doInProducer(ProducerCache.java:146)
at org.apache.camel.impl.ProducerCache.sendExchange(ProducerCache.java:160)

Meanwhile following is the exception message I get it on ActiveMQ console:

Heap sizes: current=5056k free=4280k max=520256k
JVM args: -Dcom.sun.management.jmxremote -Xmx512M
-Dorg.apache.activemq.UseDedicatedTaskRunner=true
-Djava.util.logging.config.f
ile=logging.properties
-Djavax.net.ssl.keyStore=D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ks
-Djavax.net.ssl.keyStoreP
assword=password
-Djavax.net.ssl.trustStore=D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ts
-Djavax.net.ssl.trustStorePas
sword=password
-Dactivemq.classpath=D:\progress\fuse-message-broker-5.3.1-00-00\bin\../conf;
-Dactivemq.home=D:\progress\fuse-messag
e-broker-5.3.1-00-00\bin\..
-Dactivemq.base=D:\progress\fuse-message-broker-5.3.1-00-00\bin\..
ACTIVEMQ_HOME: D:\progress\fuse-message-broker-5.3.1-00-00\bin\..
ACTIVEMQ_BASE: D:\progress\fuse-message-broker-5.3.1-00-00\bin\..
Loading message broker from: xbean:activemq.xml
INFO | Using Persistence Adapter:
org.apache.activemq.store.kahadb.KahaDBPersistenceAdapter@26e9f9
INFO | Replayed 1 operations from the journal in 0.016 seconds.
INFO | ActiveMQ 5.3.1-fuse-00-00 JMS Message Broker (localhost) is starting
INFO | For help or more information please see: http://activemq.apache.org/
INFO | Listening for connections at: tcp://T00643344:61616
INFO | Connector openwire Started
INFO | Listening for connections at:
ssl://localhost:61617?needClientAuth=true
INFO | Connector ssl Started
INFO | Logging to org.slf4j.impl.JCLLoggerAdapter(org.mortbay.log) via
org.mortbay.log.Slf4jLog
INFO | jetty-6.1.14
INFO | Started SslSocketConnector@localhost:8443
INFO | Connector https Started
INFO | ActiveMQ JMS Message Broker (localhost,
ID:T00643344-1506-1274823661984-0:0) started
ERROR | Could not accept connection : javax.net.ssl.SSLHandshakeException:
null cert chain

Meanwhile on the Activemq.xml file following is the broker configuration
file:

<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:amq="http://activemq.apache.org/schema/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core
http://activemq.apache.org/schema/core/activemq-core.xsd">

<!-- Allows us to use system properties as variables in this configuration
file -->
<bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.base}/conf/credentials.properties</value>
</property>
</bean>

<!--
The <broker> element is used to configure the ActiveMQ broker.
-->
<broker xmlns="http://activemq.apache.org/schema/core"
brokerName="localhost" dataDirectory="${activemq.base}/data"
destroyApplicationContextOnStop="true">
<plugins>
<!-jaasCertificateAuthenticationPlugin/->
<jaasCertificateAuthenticationPlugin configuration="CertLogin" />
</plugins>

<!--
For better performances use VM cursor and small memory limit.
For more information, see:

http://activemq.apache.org/message-cursors.html

Also, if your producer is "hanging", it's probably due to producer flow
control.
For more information, see:
http://activemq.apache.org/producer-flow-control.html
-->

<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" producerFlowControl="true" memoryLimit="1mb">
<pendingSubscriberPolicy>
<vmCursor />
</pendingSubscriberPolicy>
</policyEntry>
<policyEntry queue=">" producerFlowControl="true" memoryLimit="1mb">
<!-- Use VM cursor for better latency
For more information, see:

http://activemq.apache.org/message-cursors.html

<pendingQueuePolicy>
<vmQueueCursor/>
</pendingQueuePolicy>
-->
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>

<!--
The managementContext is used to configure how ActiveMQ is exposed in
JMX. By default, ActiveMQ uses the MBean server that is started by
the JVM. For more information, see:

http://activemq.apache.org/jmx.html
-->
<managementContext>
<managementContext createConnector="false"/>
</managementContext>

<!--
Configure message persistence for the broker. The default persistence
mechanism is the KahaDB store (identified by the kahaDB tag).
For more information, see:

http://activemq.apache.org/persistence.html
-->
<persistenceAdapter>
<kahaDB directory="${activemq.base}/data/kahadb"/>
</persistenceAdapter>

<!--
The systemUsage controls the maximum amount of space the broker will
use before slowing down producers. For more information, see:

http://activemq.apache.org/producer-flow-control.html

<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage limit="20 mb"/>
</memoryUsage>
<storeUsage>
<storeUsage limit="1 gb" name="foo"/>
</storeUsage>
<tempUsage>
<tempUsage limit="100 mb"/>
</tempUsage>
</systemUsage>
</systemUsage>
-->

<!--
The transport connectors expose ActiveMQ over a given protocol to
clients and other brokers. For more information, see:

http://activemq.apache.org/configuring-transports.html
-->
<transportConnectors>
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
<transportConnector name="ssl"
uri="ssl://localhost:61617?needClientAuth=true"/>
<!-transportConnector name="ssl" uri="ssl://localhost:61617"/->

<transportConnector name="https" uri="https://localhost:8443"/>

</transportConnectors>

<sslContext>
<sslContext
keyStore="file:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ks"
keyStorePassword="password"
trustStore="file:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ts"
trustStorePassword="password"/>
</sslContext>
</broker>

<!--
Uncomment to enable Camel
Take a look at activemq-camel.xml for more details

<import resource="camel.xml"/>
-->

<!--
Enable web consoles, REST and Ajax APIs and demos
Take a look at activemq-jetty.xml for more details
-->
<!-import resource="jetty.xml"/->

</beans>

and I have the following files in the ActiveMQ conf directory
D:\progress\fuse-message-broker-5.3.1-00-00\conf
D:\progress\fuse-message-broker-5.3.1-00-00\example>dir
D:\progress\fuse-message-broker-5.3.1-00-00\conf
Volume in drive D is Data
Volume Serial Number is 9CC3-8C34

Directory of D:\progress\fuse-message-broker-5.3.1-00-00\conf

05/25/2010 04:13 PM <DIR> .
05/25/2010 04:13 PM <DIR> ..
05/11/2010 11:30 AM 2,496 activemq-command.xml
05/11/2010 11:30 AM 12,134 activemq-demo.xml
05/11/2010 11:30 AM 4,319 activemq-dynamic-network-broker1.xml
05/11/2010 11:30 AM 4,424 activemq-dynamic-network-broker2.xml
05/11/2010 11:30 AM 4,002 activemq-jdbc.xml
05/11/2010 11:30 AM 3,348 activemq-scalability.xml
05/11/2010 11:30 AM 4,284 activemq-security.xml
05/19/2010 08:54 AM 6,840 activemq-ssl.xml
05/11/2010 11:30 AM 4,268 activemq-static-network-broker1.xml
05/11/2010 11:30 AM 4,267 activemq-static-network-broker2.xml
05/11/2010 11:30 AM 5,345 activemq-stomp.xml
05/11/2010 11:30 AM 3,486 activemq-throughput.xml
05/20/2010 10:14 PM 6,692 activemq-working.xml
05/25/2010 04:11 PM 6,262 activemq.xml
05/11/2010 11:30 AM 592 broker-localhost.cert
05/11/2010 11:30 AM 1,370 broker.ks
05/18/2010 03:45 PM 1,284 broker.ts
05/11/2010 11:30 AM 2,697 camel.xml
05/11/2010 11:30 AM 1,357 client.ks
05/11/2010 11:30 AM 665 client.ts
05/18/2010 03:45 PM 588 client_cert
05/11/2010 11:30 AM 53 credentials.properties
05/11/2010 11:30 AM 53 credentials.properties.orig
05/25/2010 04:33 PM 1,184 groups.properties
05/18/2010 05:27 PM 1,151 groups.properties.orig
05/11/2010 11:30 AM 493 installsession_log.xml
05/11/2010 11:30 AM 4,318 jetty.xml
05/11/2010 11:30 AM 2,289 log4j.properties
05/11/2010 11:30 AM 1,233 logging.properties
05/25/2010 04:14 PM 1,930 login.config
05/18/2010 05:21 PM 2,046 login.config.orig
05/25/2010 04:32 PM 1,161 users.properties
05/18/2010 05:26 PM 1,090 users.properties.orig
33 File(s) 97,721 bytes
2 Dir(s) 52,872,163,328 bytes free

I am not sure if I am doing something wrong but it is the same behaviour
when I was trying to run the out of box activemq sample consumer in mutual
authentication mode..

Any help is greatly appreciated.

Thanks!
Mohan Tiruvaiyaru
mtiruvaiyaru@gmail.com




James Casey-2 wrote:
> 
> Hi Mohan,
> 
> can you send your entire activemq.xml ?
> 
> I think it could be caused by Jetty connecting to activemq for the
> admin webapp.  Firstly could you try and disable Jetty completely and
> see if the problem goes way.
> 
> cheers,
> 
> James.
> --
> 
> On 19 May 2010 00:19, mvtiru <mvtiruvaiyaru@gmail.com> wrote:
>>
>> Hi,
>> I am trying to get mutual authentication working with ActiveMQ 5.3 and I
>> am
>> getting the below security exceptin when I try to bring up the activmq
>> after
>> trying to use JaasCertificateAuthenticationPlugin.
>>
>> snippet of ActiveMq.conf
>>
>>        <plugins>
>>                    <!--jaasCertificateAuthenticationPlugin/-->
>>                    <jaasCertificateAuthenticationPlugin
>> configuration="activemq-domain"
>> />
>>        </plugins>
>>
>> Exception
>>
>>  INFO | For help or more information please see:
>> http://activemq.apache.org/
>>  INFO | Listening for connections at: tcp://T00643344:61616
>>  INFO | Connector openwire Started
>>  INFO | Listening for connections at:
>> ssl://localhost:61617?needClientAuth=true
>>  INFO | Connector ssl Started
>>  INFO | Logging to org.slf4j.impl.JCLLoggerAdapter(org.mortbay.log) via
>> org.mortbay.log.Slf4jLog
>>  INFO | jetty-6.1.14
>>  INFO | Started SslSocketConnector@localhost:8443
>>  INFO | Connector https Started
>>  INFO | ActiveMQ JMS Message Broker (localhost,
>> ID:T00643344-3232-1274218221553-0:0) started
>>  INFO | jetty-6.1.14
>>  INFO | ActiveMQ WebConsole initialized.
>>  INFO | Initializing Spring FrameworkServlet 'dispatcher'
>>  INFO | ActiveMQ Console at http://0.0.0.0:8161/admin
>>  INFO | Initializing Spring root WebApplicationContext
>>  INFO | Connector vm://localhost Started
>>  WARN | Failed to add Connection
>> java.lang.SecurityException: Unable to authenticate transport without SSL
>> certificate.
>>        at
>> org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:7
>> 5)
>>        at
>> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
>>        at
>> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:676)
>>        at
>> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134)
>>        at
>> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:300)
>>        at
>> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:178)
>>        at
>> org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
>>        at
>> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
>>        at
>> org.apache.activemq.transport.vm.VMTransport.iterate(VMTransport.java:219)
>>        at
>> org.apache.activemq.thread.DedicatedTaskRunner.runTask(DedicatedTaskRunner.java:98)
>>        at
>> org.apache.activemq.thread.DedicatedTaskRunner$1.run(DedicatedTaskRunner.java:36)
>>
>>
>> I am  trying to run using the default certificates provided as a part of
>> ActiveMq installation and have all the SSL environment variables set.
>>
>> Snippet of the ActiveMq broker configuration showing the certificates
>>
>>
>>        <sslContext>
>>        <sslContext
>> keyStore="file:D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ks"
>>                            keyStorePassword="password"
>>
>> trustStore="file:D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ts"
>>                            trustStorePassword="password"/>
>>        </sslContext>
>>
>>
>> Is there anything else I am missing??
>>
>> Appreciate your help.
>>
>> Mohan
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Help-with-mutual-authentication-using-ActiveMQ-5.3-tp28602073p28602073.html
>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>
>>
> 
> 

-- 
View this message in context: http://old.nabble.com/Help-with-mutual-authentication-using-ActiveMQ-5.3-tp28602073p28674316.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message