camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: mina tcp ssl configuration
Date Wed, 14 Jul 2010 08:50:25 GMT
Hi

You can peak at the camel-netty source code how it does the SSL stuff
and you can most likely do something similar with Mina.
Its AFAIK to add a filter to it. And you can add those from the
endpoint using the filters option.

However why not consider migrating to Netty? It's much more active
maintained and developed than Apache Mina.
One of the key committers from Apache Mina was hired by JBoss and he
created Netty.



On Tue, Jul 13, 2010 at 4:41 PM, timcoat <tim@jeffcoat.net> wrote:
>
> Is it possible to setup a mina tcp Mutual Authentication connection similar
> to the netty one?
>
> For instance, in the section "An SSL/TCP based Netty consumer endpoint using
> Request-Reply communication" User Guide Version 2.3-SNAPSHOT  the setup for
> the truststore and keystore are configured. And it has an endpoint like this
>
> netty_ssl_endpoint =
>         "netty:tcp://localhost:5150sync=true&ssl=true&passphrase=#password"
>         + "&keyStoreFile=#ksf&trustStoreFile=#tsf";
>
> I want to do something like this to but for mina tcp.
>
> Below I have pieced together what I think might work to setup a ssl mina tcp
> connection. What I am unsure about is how to get both the truststore and
> keystore to mutually authenticate.  Or perhaps I am mistaken in thinking I
> need to have both the truststore and keystore configured? If anybody sees
> something that is incorrect please inform me.
>
> **************************************************************************************************************************************************************************************
> <code>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <beans xmlns="http://www.springframework.org/schema/beans"
>       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>       xmlns:osgi="http://camel.apache.org/schema/osgi"
>       xmlns:osgix="http://www.springframework.org/schema/osgi-compendium"
>       xmlns:ctx="http://www.springframework.org/schema/context"
>       xsi:schemaLocation="
>       http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>       http://camel.apache.org/schema/spring
> http://camel.apache.org/schema/spring/camel-spring.xsd
>       http://camel.apache.org/schema/osgi
> http://camel.apache.org/schema/osgi/camel-osgi.xsd
>       http://www.springframework.org/schema/osgi-compendium
> http://www.springframework.org/schema/osgi-compendium/spring-osgi-compendium.xsd
>       http://www.springframework.org/schema/context
> http://www.springframework.org/schema/context/spring-context.xsd
> ">
>
>  <osgi:camelContext xmlns="http://camel.apache.org/schema/spring">
>    <route>
>      <from uri="bean:myMinaConfig"/>
>      <convertBodyTo type="java.lang.String"/>
>      <to uri="activemq:queue:camel_secure"/>
>    </route>
>  </osgi:camelContext>
>        <bean id="myMinaConfig"
> class="org.apache.camel.component.mina.MinaConfiguration">
>                <property name="protocol" value="tcp" />
>                <property name="host" value="localhost" />
>                <property name="port" value="2121" />
>                <property name="sync" value="true" />
>                <property name="minaLogger" value="true" />
>                <property name="filters" ref="listFilters" />
>        </bean>
>        <bean id="listFilters" class="java.util.ArrayList">
>                <constructor-arg index="0" ref="sslFilterChainBuilder"/>
>        </bean>
>
>  <!-- The SSL configuration -->
>  <bean id="keystoreFactory"
> class="org.apache.mina.filter.ssl.KeyStoreFactory">
>    <property name="password" value="boguspw"/>
>    <property name="dataUrl"
> value="classpath:org/apache/mina/example/echoserver/ssl/bogus.cert"/>
>  </bean>
>
>  <bean id="keyStore" factory-bean="keystoreFactory"
> factory-method="newInstance"/>
>
>  <bean id="bogusTrustManagerFactory"
> class="org.apache.mina.filter.ssl.BogusTrustManagerFactory"/>
>
>  <!-- SSLContext to be used -->
>  <bean id="sslContextFactory"
> class="org.apache.mina.filter.ssl.SslContextFactory">
>    <property name="protocol" value="TLS"/>
>    <property name="keyManagerFactoryAlgorithm" value="SunX509"/>
>    <property name="keyManagerFactoryKeyStore"><ref
> local="keyStore"/></property>
>    <property name="keyManagerFactoryKeyStorePassword" value="boguspw"/>
>    <property name="trustManagerFactory"><ref
> local="bogusTrustManagerFactory"/></property>
>  </bean>
>
>  <bean id="sslContext" factory-bean="sslContextFactory"
> factory-method="newInstance"/>
>
>  <bean id="sslFilter" class="org.apache.mina.filter.ssl.SslFilter">
>    <constructor-arg ref="sslContext"/>
>  </bean>
>  <!-- The SSL filter chain. -->
>  <bean id="sslFilterChainBuilder"
> class="org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder">
>    <property name="filters">
>      <map>
>        <entry key="sslFilter" value-ref="sslFilter"/>
>      </map>
>    </property>
>  </bean>
>
>        <bean name="activemq" class="org.apache.camel.component.jms.JmsComponent">
>                <property name="connectionFactory">
>                        <bean class="org.apache.activemq.ActiveMQConnectionFactory">
>                                <property name="brokerURL" value="vm://default"
/>
>                        </bean>
>                </property>
>        </bean>
>
> </beans>
>
> ***********************************************************************************************************************************************************************************
> </code>
> --
> View this message in context: http://camel.465427.n5.nabble.com/mina-tcp-ssl-configuration-tp1046768p1046768.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>



-- 
Claus Ibsen
Apache Camel Committer

Author of Camel in Action: http://www.manning.com/ibsen/
Open Source Integration: http://fusesource.com
Blog: http://davsclaus.blogspot.com/
Twitter: http://twitter.com/davsclaus

Mime
View raw message