activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bain <tb...@alumni.duke.edu>
Subject Re: jaasAuthenticationPlugin ans sslContext in karaf
Date Mon, 20 Nov 2017 13:57:15 GMT
1. You referenced a forum post that told you how to do JAAS in this case;
can you please provide a link?

2. If you run a standalone broker without the JAAS plugin, do both
protocols work?  How about if you configure the standalone broker to use
JAAS directly rather than through Karaf? This sounds like it might be a
Karaf problem rather than an ActiveMQ problem, so let's try to diagnose
which side of the line it's on.

3. Have you posted this question to the Karaf mailing list and to
StackOverflow? If so, please provide links.

Tim

On Nov 20, 2017 6:28 AM, "MillieretXavier" <xaviermillieret@eaton.com>
wrote:

> Hi all,
>
> I use activeMq 5.12.3 embedded in karaf.
> I would like two connectors, one for openwire, and one for amqps
> here my activemq.xml (configuration)
>
> <beans
>     xmlns="http://www.springframework.org/schema/beans"
>     xmlns:amq="http://activemq.apache.org/schema/core"
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>     xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>   http://activemq.apache.org/schema/core
> http://activemq.apache.org/schema/core/activemq-core.xsd">
>
>     <broker xmlns="http://activemq.apache.org/schema/core"
>             brokerName="${broker-name}"
>             dataDirectory="${data}"
>             start="false"
>             populateJMSXUserID="true"
>             persistent="false">
>
>         <destinationPolicy>
>             <policyMap>
>                 <policyEntries>
>                     <policyEntry topic=">" producerFlowControl="true">
>                         <pendingMessageLimitStrategy>
>                             <constantPendingMessageLimitStrategy
> limit="1000"/>
>                         </pendingMessageLimitStrategy>
>                     </policyEntry>
>                     <policyEntry queue=">" producerFlowControl="true"
> memoryLimit="1mb">
>                     </policyEntry>
>                 </policyEntries>
>             </policyMap>
>         </destinationPolicy>
>
>         <managementContext>
>             <managementContext createConnector="false"/>
>         </managementContext>
>
>         <persistenceAdapter>
>             <kahaDB directory="${data}/kahadb"/>
>         </persistenceAdapter>
>
>
>         <plugins>
>             <jaasAuthenticationPlugin configuration="karaf"/>
>         </plugins>
>
>        <sslContext>
>             <sslContext
>                 keyStore="file:${amqps.ks}"
>                 keyStorePassword="${amqps.pwd}"
>                 trustStore="file:${amqps.ts}"
>                 trustStorePassword="${amqps.pwd}"/>
>        </sslContext>
>
>
>         <systemUsage>
>             <systemUsage>
>                 <memoryUsage>
>                     <memoryUsage limit="64 mb"/>
>                 </memoryUsage>
>                 <storeUsage>
>                     <storeUsage limit="50 gb"/>
>                 </storeUsage>
>                 <tempUsage>
>                     <tempUsage limit="1 gb"/>
>                 </tempUsage>
>             </systemUsage>
>         </systemUsage>
>
>         <transportConnectors>
>             <transportConnector name="openwire"
> uri="tcp://0.0.0.0:61616?maximumConnections=1000"/>
>
>             <transportConnector name="amqps"
> uri="amqp+ssl://0.0.0.0:5671?transport.transformer=jms&amp;
> needClientAuth=false"/>
>
>         </transportConnectors>
>     </broker>
>
> </beans>
>
>
>
> Unfortunately when I remove the jaas plugin, the amqps connector works but
> the openwire not, and when I put jaas plugin it's the reverse!!!
>
>
> I saw on forum, I must use the jaasDualAuthenticationPlugin
>
> I try this
> <jaasDualAuthenticationPlugin configuration="karaf"
> sslConfiguration="karaf-2"/>
>
> But unfortunately it's the same behavior !!!
> I let the ssl context configuration at the same place (activemq.xml)
> and put this inside a xml file
>
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
>            xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
>
> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
>
>
>     <ext:property-placeholder placeholder-prefix="$["
> placeholder-suffix="]"/>
>
>     <jaas:config name="karaf-2" rank="1">
>       <jaas:module
> className="org.apache.activemq.jaas.TextFileCertificateLoginModule"
> flags="required">
>         debug=true
>
> org.apache.activemq.jaas.textfiledn.user="file:C:/Temp/dns.properties"
>
> org.apache.activemq.jaas.textfiledn.group="file:C:/Temp/groups.properties"
>       </jaas:module>
>     </jaas:config>
>
>
>     <jaas:keystore xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.1.0"
>                name="ks"
>                rank="2"
>
> path="file:C:/xav/eaton/workspace/emc4j/emc4j-ipm/
> packaging/target/emc4j-ipm-1.60.2-SNAPSHOT/emc4j-ipm-1.60.
> 2-SNAPSHOT/etc/emc4j.ks"
>                keystorePassword="pwd"/>
>
>     <jaas:keystore xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.1.0"
>                name="ts"
>                rank="2"
>
> path="file:C:/xav/eaton/workspace/emc4j/emc4j-ipm/
> packaging/target/emc4j-ipm-1.60.2-SNAPSHOT/emc4j-ipm-1.60.
> 2-SNAPSHOT/etc/emc4j.ts"
>                keystorePassword="pwd"/>
>
> </blueprint>
>
>
>  I am lost, so any help will be appreciate.
>
> Regards
>
>
>
>
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message