activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Casey <jamesc....@gmail.com>
Subject Re: Help with mutual authentication using ActiveMQ 5.3
Date Thu, 27 May 2010 12:08:24 GMT
Hi Mohan,

I don't have any experience with Karaf, and it looks like the problem
is on that side.  have you created the truststore in the same way as
for activemq, importing the CAs.  The '
javax.net.ssl.SSLHandshakeException: null cert chain' can happen when
one side doesn't trust the full cert chain of the client.

James.


On 26 May 2010 00:28, mvtiru <mvtiruvaiyaru@gmail.com> wrote:
>
> Thank you James. I am able to get over the orginal exception I report after
> commenting out the Jetty.xml import in ActiveMQ. Thanks for your pointer.
> That helped.  But now to the next big problem in the same chain - As ever,
> all your help is greatly appreciated.
>
> Thanking in advance.
>
> Scenario - Mutual Authentication not working with Fuse and ActiveMQ - Client
> (Fuse-Karaf) and Server (ActiveMQ)
>
> Cannot get mutual authentication to work. I am trying to connect my services
> deployed in Fuse Karaf container to connect to the ActiveMQ using mutual
> authentication. I believe I have followed the example (SSL/TLS Tutorial for
> ActiveMQ 5.3) and I have deployed the client and server side certificates
> correctly (broker.ts and client.ts under
> D:\progress\fuse-message-broker-5.3.1-00-00\conf). Following is the
> exception message I get on the Fuse log
>
> D:\Fuse\bin>karaf
> ____ _ __ __ _
> __| ___ _ ____ _() ___ __| \/ ()_ __
> ___ \ / _ \ '__\ \ / / |/ __/ _ \ |\/| | \ \/ /
> __) | __/ | \ V /| | (| __/ | | | |> <
> ___/ _|| _/ ||__|| ||/_/_\
>
> Apache ServiceMix (4.2.0-fuse-01-00)
>
> it '<tab>' for a list of available commands
> nd '[cmd] --help' for help on a specific command.
>
> araf@root> Exception in thread "SpringOsgiExtenderThread-57"
> org.springframework.beans.factory.BeanCreationException: Error creatin
> bean with name 'ExampleObjectService_NORTH' defined in URL
> [bundleentry://195.fwk6460907/META-INF/spring/camel-context.xml]: Invoc
> tion of init method failed; nested exception is
> org.apache.camel.RuntimeCamelException:
> org.springframework.jms.UncategorizedJmsExc
> ption: Uncategorized exception occured during JMS processing; nested
> exception is javax.jms.JMSException: Could not connect to brok
> r URL: ssl://localhost:61617. Reason: java.net.SocketException: Software
> caused connection abort: recv failed
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFa
> tory.java:1338)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFact
> ry.java:473)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.jav
> :409)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactor
> .java:380)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222
>
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
> at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.
> ava:429)
> at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext
> java:728)
> at
> org.springframework.osgi.context.support.AbstractDelegatedExecutionApplicationContext.access$1600(AbstractDelegatedExecut
> onApplicationContext.java:69)
> at
> org.springframework.osgi.context.support.AbstractDelegatedExecutionApplicationContext$4.run(AbstractDelegatedExecutionApp
> icationContext.java:355)
> at
> org.springframework.osgi.util.internal.PrivilegedUtils.executeWithCustomTCCL(PrivilegedUtils.java:85)
> at
> org.springframework.osgi.context.support.AbstractDelegatedExecutionApplicationContext.completeRefresh(AbstractDelegatedEx
> cutionApplicationContext.java:320)
> at
> org.springframework.osgi.extender.internal.dependencies.startup.DependencyWaiterApplicationContextExecutor$CompleteRefres
> Task.run(DependencyWaiterApplicationContextExecutor.java:136)
> at java.lang.Thread.run(Thread.java:619)
> aused by: org.apache.camel.RuntimeCamelException:
> org.springframework.jms.UncategorizedJmsException: Uncategorized exception
> occure
> during JMS processing; nested exception is javax.jms.JMSException: Could not
> connect to broker URL: ssl://localhost:61617. Reason:
> java.net.SocketException: Software caused connection abort: recv failed
> at
> org.apache.camel.util.ObjectHelper.wrapRuntimeCamelException(ObjectHelper.java:1055)
> at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:100)
> at
> org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:98)
> at
> org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:111)
> at
> org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:118)
> at
> ge.energy.ssi.spf.service_registry.endpoint.ServiceRegistryInvoker.sendMessage(ServiceRegistryInvoker.java:98)
> at
> ge.energy.ssi.spf.service_registry.endpoint.ServiceRegistryInvoker.registerServiceEPR(ServiceRegistryInvoker.java:214)
> at ge.energy.ssi.spf.SPFEndpoint.afterPropertiesSet(SPFEndpoint.java:188)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBea
> Factory.java:1369)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFa
> tory.java:1335)
> ... 17 more
> aused by: org.springframework.jms.UncategorizedJmsException: Uncategorized
> exception occured during JMS processing; nested exceptio
> is javax.jms.JMSException: Could not connect to broker URL:
> ssl://localhost:61617. Reason: java.net.SocketException: Software caus
> d connection abort: recv failed
> at
> org.springframework.jms.support.JmsUtils.convertJmsAccessException(JmsUtils.java:308)
> at
> org.springframework.jms.support.JmsAccessor.convertJmsAccessException(JmsAccessor.java:168)
> at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:474)
> at
> org.apache.camel.component.jms.JmsConfiguration$CamelJmsTemplate.send(JmsConfiguration.java:195)
> at org.apache.camel.component.jms.JmsProducer.doSend(JmsProducer.java:375)
> at
> org.apache.camel.component.jms.JmsProducer.processInOnly(JmsProducer.java:320)
> at org.apache.camel.component.jms.JmsProducer.process(JmsProducer.java:150)
> at
> org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:179)
> at
> org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:161)
> at org.apache.camel.impl.ProducerCache.doInProducer(ProducerCache.java:146)
> at org.apache.camel.impl.ProducerCache.sendExchange(ProducerCache.java:160)
>
> Meanwhile following is the exception message I get it on ActiveMQ console:
>
> Heap sizes: current=5056k free=4280k max=520256k
> JVM args: -Dcom.sun.management.jmxremote -Xmx512M
> -Dorg.apache.activemq.UseDedicatedTaskRunner=true
> -Djava.util.logging.config.f
> ile=logging.properties
> -Djavax.net.ssl.keyStore=D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ks
> -Djavax.net.ssl.keyStoreP
> assword=password
> -Djavax.net.ssl.trustStore=D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ts
> -Djavax.net.ssl.trustStorePas
> sword=password
> -Dactivemq.classpath=D:\progress\fuse-message-broker-5.3.1-00-00\bin\../conf;
> -Dactivemq.home=D:\progress\fuse-messag
> e-broker-5.3.1-00-00\bin\..
> -Dactivemq.base=D:\progress\fuse-message-broker-5.3.1-00-00\bin\..
> ACTIVEMQ_HOME: D:\progress\fuse-message-broker-5.3.1-00-00\bin\..
> ACTIVEMQ_BASE: D:\progress\fuse-message-broker-5.3.1-00-00\bin\..
> Loading message broker from: xbean:activemq.xml
> INFO | Using Persistence Adapter:
> org.apache.activemq.store.kahadb.KahaDBPersistenceAdapter@26e9f9
> INFO | Replayed 1 operations from the journal in 0.016 seconds.
> INFO | ActiveMQ 5.3.1-fuse-00-00 JMS Message Broker (localhost) is starting
> INFO | For help or more information please see: http://activemq.apache.org/
> INFO | Listening for connections at: tcp://T00643344:61616
> INFO | Connector openwire Started
> INFO | Listening for connections at:
> ssl://localhost:61617?needClientAuth=true
> INFO | Connector ssl Started
> INFO | Logging to org.slf4j.impl.JCLLoggerAdapter(org.mortbay.log) via
> org.mortbay.log.Slf4jLog
> INFO | jetty-6.1.14
> INFO | Started SslSocketConnector@localhost:8443
> INFO | Connector https Started
> INFO | ActiveMQ JMS Message Broker (localhost,
> ID:T00643344-1506-1274823661984-0:0) started
> ERROR | Could not accept connection : javax.net.ssl.SSLHandshakeException:
> null cert chain
>
> Meanwhile on the Activemq.xml file following is the broker configuration
> file:
>
> <beans
> xmlns="http://www.springframework.org/schema/beans"
> xmlns:amq="http://activemq.apache.org/schema/core"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> http://activemq.apache.org/schema/core
> http://activemq.apache.org/schema/core/activemq-core.xsd">
>
> <!-- Allows us to use system properties as variables in this configuration
> file -->
> <bean
> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
> <property name="locations">
> <value>file:${activemq.base}/conf/credentials.properties</value>
> </property>
> </bean>
>
> <!--
> The <broker> element is used to configure the ActiveMQ broker.
> -->
> <broker xmlns="http://activemq.apache.org/schema/core"
> brokerName="localhost" dataDirectory="${activemq.base}/data"
> destroyApplicationContextOnStop="true">
> <plugins>
> <!-jaasCertificateAuthenticationPlugin/->
> <jaasCertificateAuthenticationPlugin configuration="CertLogin" />
> </plugins>
>
> <!--
> For better performances use VM cursor and small memory limit.
> For more information, see:
>
> http://activemq.apache.org/message-cursors.html
>
> Also, if your producer is "hanging", it's probably due to producer flow
> control.
> For more information, see:
> http://activemq.apache.org/producer-flow-control.html
> -->
>
> <destinationPolicy>
> <policyMap>
> <policyEntries>
> <policyEntry topic=">" producerFlowControl="true" memoryLimit="1mb">
> <pendingSubscriberPolicy>
> <vmCursor />
> </pendingSubscriberPolicy>
> </policyEntry>
> <policyEntry queue=">" producerFlowControl="true" memoryLimit="1mb">
> <!-- Use VM cursor for better latency
> For more information, see:
>
> http://activemq.apache.org/message-cursors.html
>
> <pendingQueuePolicy>
> <vmQueueCursor/>
> </pendingQueuePolicy>
> -->
> </policyEntry>
> </policyEntries>
> </policyMap>
> </destinationPolicy>
>
> <!--
> The managementContext is used to configure how ActiveMQ is exposed in
> JMX. By default, ActiveMQ uses the MBean server that is started by
> the JVM. For more information, see:
>
> http://activemq.apache.org/jmx.html
> -->
> <managementContext>
> <managementContext createConnector="false"/>
> </managementContext>
>
> <!--
> Configure message persistence for the broker. The default persistence
> mechanism is the KahaDB store (identified by the kahaDB tag).
> For more information, see:
>
> http://activemq.apache.org/persistence.html
> -->
> <persistenceAdapter>
> <kahaDB directory="${activemq.base}/data/kahadb"/>
> </persistenceAdapter>
>
> <!--
> The systemUsage controls the maximum amount of space the broker will
> use before slowing down producers. For more information, see:
>
> http://activemq.apache.org/producer-flow-control.html
>
> <systemUsage>
> <systemUsage>
> <memoryUsage>
> <memoryUsage limit="20 mb"/>
> </memoryUsage>
> <storeUsage>
> <storeUsage limit="1 gb" name="foo"/>
> </storeUsage>
> <tempUsage>
> <tempUsage limit="100 mb"/>
> </tempUsage>
> </systemUsage>
> </systemUsage>
> -->
>
> <!--
> The transport connectors expose ActiveMQ over a given protocol to
> clients and other brokers. For more information, see:
>
> http://activemq.apache.org/configuring-transports.html
> -->
> <transportConnectors>
> <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
> <transportConnector name="ssl"
> uri="ssl://localhost:61617?needClientAuth=true"/>
> <!-transportConnector name="ssl" uri="ssl://localhost:61617"/->
>
> <transportConnector name="https" uri="https://localhost:8443"/>
>
> </transportConnectors>
>
> <sslContext>
> <sslContext
> keyStore="file:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ks"
> keyStorePassword="password"
> trustStore="file:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ts"
> trustStorePassword="password"/>
> </sslContext>
> </broker>
>
> <!--
> Uncomment to enable Camel
> Take a look at activemq-camel.xml for more details
>
> <import resource="camel.xml"/>
> -->
>
> <!--
> Enable web consoles, REST and Ajax APIs and demos
> Take a look at activemq-jetty.xml for more details
> -->
> <!-import resource="jetty.xml"/->
>
> </beans>
>
> and I have the following files in the ActiveMQ conf directory
> D:\progress\fuse-message-broker-5.3.1-00-00\conf
> D:\progress\fuse-message-broker-5.3.1-00-00\example>dir
> D:\progress\fuse-message-broker-5.3.1-00-00\conf
> Volume in drive D is Data
> Volume Serial Number is 9CC3-8C34
>
> Directory of D:\progress\fuse-message-broker-5.3.1-00-00\conf
>
> 05/25/2010 04:13 PM <DIR> .
> 05/25/2010 04:13 PM <DIR> ..
> 05/11/2010 11:30 AM 2,496 activemq-command.xml
> 05/11/2010 11:30 AM 12,134 activemq-demo.xml
> 05/11/2010 11:30 AM 4,319 activemq-dynamic-network-broker1.xml
> 05/11/2010 11:30 AM 4,424 activemq-dynamic-network-broker2.xml
> 05/11/2010 11:30 AM 4,002 activemq-jdbc.xml
> 05/11/2010 11:30 AM 3,348 activemq-scalability.xml
> 05/11/2010 11:30 AM 4,284 activemq-security.xml
> 05/19/2010 08:54 AM 6,840 activemq-ssl.xml
> 05/11/2010 11:30 AM 4,268 activemq-static-network-broker1.xml
> 05/11/2010 11:30 AM 4,267 activemq-static-network-broker2.xml
> 05/11/2010 11:30 AM 5,345 activemq-stomp.xml
> 05/11/2010 11:30 AM 3,486 activemq-throughput.xml
> 05/20/2010 10:14 PM 6,692 activemq-working.xml
> 05/25/2010 04:11 PM 6,262 activemq.xml
> 05/11/2010 11:30 AM 592 broker-localhost.cert
> 05/11/2010 11:30 AM 1,370 broker.ks
> 05/18/2010 03:45 PM 1,284 broker.ts
> 05/11/2010 11:30 AM 2,697 camel.xml
> 05/11/2010 11:30 AM 1,357 client.ks
> 05/11/2010 11:30 AM 665 client.ts
> 05/18/2010 03:45 PM 588 client_cert
> 05/11/2010 11:30 AM 53 credentials.properties
> 05/11/2010 11:30 AM 53 credentials.properties.orig
> 05/25/2010 04:33 PM 1,184 groups.properties
> 05/18/2010 05:27 PM 1,151 groups.properties.orig
> 05/11/2010 11:30 AM 493 installsession_log.xml
> 05/11/2010 11:30 AM 4,318 jetty.xml
> 05/11/2010 11:30 AM 2,289 log4j.properties
> 05/11/2010 11:30 AM 1,233 logging.properties
> 05/25/2010 04:14 PM 1,930 login.config
> 05/18/2010 05:21 PM 2,046 login.config.orig
> 05/25/2010 04:32 PM 1,161 users.properties
> 05/18/2010 05:26 PM 1,090 users.properties.orig
> 33 File(s) 97,721 bytes
> 2 Dir(s) 52,872,163,328 bytes free
>
> I am not sure if I am doing something wrong but it is the same behaviour
> when I was trying to run the out of box activemq sample consumer in mutual
> authentication mode..
>
> Any help is greatly appreciated.
>
> Thanks!
> Mohan Tiruvaiyaru
> mtiruvaiyaru@gmail.com
>
>
>
>
> James Casey-2 wrote:
>>
>> Hi Mohan,
>>
>> can you send your entire activemq.xml ?
>>
>> I think it could be caused by Jetty connecting to activemq for the
>> admin webapp.  Firstly could you try and disable Jetty completely and
>> see if the problem goes way.
>>
>> cheers,
>>
>> James.
>> --
>>
>> On 19 May 2010 00:19, mvtiru <mvtiruvaiyaru@gmail.com> wrote:
>>>
>>> Hi,
>>> I am trying to get mutual authentication working with ActiveMQ 5.3 and I
>>> am
>>> getting the below security exceptin when I try to bring up the activmq
>>> after
>>> trying to use JaasCertificateAuthenticationPlugin.
>>>
>>> snippet of ActiveMq.conf
>>>
>>>        <plugins>
>>>                    <!--jaasCertificateAuthenticationPlugin/-->
>>>                    <jaasCertificateAuthenticationPlugin
>>> configuration="activemq-domain"
>>> />
>>>        </plugins>
>>>
>>> Exception
>>>
>>>  INFO | For help or more information please see:
>>> http://activemq.apache.org/
>>>  INFO | Listening for connections at: tcp://T00643344:61616
>>>  INFO | Connector openwire Started
>>>  INFO | Listening for connections at:
>>> ssl://localhost:61617?needClientAuth=true
>>>  INFO | Connector ssl Started
>>>  INFO | Logging to org.slf4j.impl.JCLLoggerAdapter(org.mortbay.log) via
>>> org.mortbay.log.Slf4jLog
>>>  INFO | jetty-6.1.14
>>>  INFO | Started SslSocketConnector@localhost:8443
>>>  INFO | Connector https Started
>>>  INFO | ActiveMQ JMS Message Broker (localhost,
>>> ID:T00643344-3232-1274218221553-0:0) started
>>>  INFO | jetty-6.1.14
>>>  INFO | ActiveMQ WebConsole initialized.
>>>  INFO | Initializing Spring FrameworkServlet 'dispatcher'
>>>  INFO | ActiveMQ Console at http://0.0.0.0:8161/admin
>>>  INFO | Initializing Spring root WebApplicationContext
>>>  INFO | Connector vm://localhost Started
>>>  WARN | Failed to add Connection
>>> java.lang.SecurityException: Unable to authenticate transport without SSL
>>> certificate.
>>>        at
>>> org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:7
>>> 5)
>>>        at
>>> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
>>>        at
>>> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:676)
>>>        at
>>> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134)
>>>        at
>>> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:300)
>>>        at
>>> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:178)
>>>        at
>>> org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
>>>        at
>>> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
>>>        at
>>> org.apache.activemq.transport.vm.VMTransport.iterate(VMTransport.java:219)
>>>        at
>>> org.apache.activemq.thread.DedicatedTaskRunner.runTask(DedicatedTaskRunner.java:98)
>>>        at
>>> org.apache.activemq.thread.DedicatedTaskRunner$1.run(DedicatedTaskRunner.java:36)
>>>
>>>
>>> I am  trying to run using the default certificates provided as a part of
>>> ActiveMq installation and have all the SSL environment variables set.
>>>
>>> Snippet of the ActiveMq broker configuration showing the certificates
>>>
>>>
>>>        <sslContext>
>>>        <sslContext
>>> keyStore="file:D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ks"
>>>                            keyStorePassword="password"
>>>
>>> trustStore="file:D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ts"
>>>                            trustStorePassword="password"/>
>>>        </sslContext>
>>>
>>>
>>> Is there anything else I am missing??
>>>
>>> Appreciate your help.
>>>
>>> Mohan
>>>
>>> --
>>> View this message in context:
>>> http://old.nabble.com/Help-with-mutual-authentication-using-ActiveMQ-5.3-tp28602073p28602073.html
>>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>>
>>>
>>
>>
>
> --
> View this message in context: http://old.nabble.com/Help-with-mutual-authentication-using-ActiveMQ-5.3-tp28602073p28674316.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>

Mime
View raw message