qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Godfrey <rob.j.godf...@gmail.com>
Subject Re: Specifying SSL information in URL for AMQP 1.0
Date Mon, 07 Oct 2013 07:39:59 GMT
Hi Matthew,

adding the ssl parameters seems like a sensible addition to the JMS AMQP
1.0 client - can you raise a JIRA for that:
https://issues.apache.org/jira/secure/CreateIssue!default.jspa?selectedProjectId=10450and
we can look to include that for the next release.

As to failover, I think that is better handled at an application level
(either directly, or using a library or framework which provides such
behaviour).  Since there is currently no special handling of failover in
AMQP, the functionality would be common with any JMS provider and as such
should be able to be built on top of the JMS client rather than within it.
Moreover our experience around failover is that depending on the
application use case the type of failover required can be very different
(transient topic subscriptions and transacted persistent point to point
generally (but not always) require different failover semantics for
example).

Hope this helps,
Rob


On 4 October 2013 18:21, Robbie Gemmell <robbie.gemmell@gmail.com> wrote:

> The 1.0 client does not currently have any built in failover functionality.
>
> Robbie
>
> On 4 October 2013 16:44, Matthew Rich <Matthew.Rich@qxlva.com> wrote:
>
> > Hi Robbie,
> >
> > The scenario I am talking about was the second one, where I will be using
> > distinct client certificates for SSL client-auth to different
> connections.
> >
> > Basically, I would like to be able to provide an SSL context down through
> > to the connection in a similar way to how other APIs work or as the URL
> > parameters allowed in the client for the earlier protocols.
> >
> > I believe the failover params also used to be available through the
> > connection URL, is there an alternate mechanism for specifying these in
> the
> > AMQP 1.0 client library?
> >
> > Thanks for your responses.
> >
> >
> >
> > --
> > Matthew Rich
> >
> > -----Original Message-----
> > From: Robbie Gemmell [mailto:robbie.gemmell@gmail.com]
> > Sent: 04 October 2013 15:51
> > To: users@qpid.apache.org
> > Subject: Re: Specifying SSL information in URL for AMQP 1.0
> >
> > Do you mean multiple brokers using distinct certificates, or multiple
> > connections (toone or many brokers) using distinct client certificates
> for
> > SSL client-auth purposes?
> >
> > The former would just require adding multiple entries to the configured
> > truststore, whereas the latter would obviously require either the ability
> > to set distinct keystores or ability to specify which key should be used
> > from multiple entries in a single store, which I don't believe the 1.0
> > client can currently do (mainly as its existance came primarily from
> > prototying work undertaken during creation of the AMQP 1.0 specification
> > itself).
> >
> > Robbie
> >
> > On 4 October 2013 13:59, mrich <Matthew.Rich@qxlva.com> wrote:
> >
> > > Hi Robbie,
> > >
> > > Thanks for the clarification, I thought as much (as posted in my
> 'edited'
> > > original post), I was just hoping there is some other way of dictating
> > > this, which presumably there is not (without creating my own factory I
> > > guess)
> > >
> > > The problem I have is if you think of a scenario where you need to
> > > send messages to multiple queues that are represented by different
> > > clients and therefore secured by different certificates meaning I
> > > cannot use the global
> > > (JVM) settings.
> > >
> > > Do you believe that the API should provide a way of customising the
> > > security information on a per connection/factory basis, which would
> > > warrant a jira issue being raised?
> > >
> > > Thanks for your patient response.
> > >
> > >
> > >
> > > --
> > > View this message in context:
> > > http://qpid.2158936.n2.nabble.com/Specifying-SSL-information-in-URL-fo
> > > r-AMQP-1-0-tp7598974p7599000.html Sent from the Apache Qpid users
> > > mailing list archive at Nabble.com.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For
> > > additional commands, e-mail: users-help@qpid.apache.org
> > >
> > >
> >
> >
> > ______________________________________________________________________
> > This email has been scanned by the Symantec Email Security.cloud service.
> > For more information please visit
> http://www.symanteccloud.com______________________________________________________________________
> >
> > ______________________________________________________________________
> >
> > The Company gives no warranty as to the accuracy or completeness of
> > electronic mail messages sent over the Internet and accepts no
> > responsibility for changes made after it was sent. Any opinion expressed
> in
> > this email may be personal to the author, may not necessarily reflect the
> > opinions of the Company or its affiliates and may be subject to change
> > without notice.
> >
> > The information contained in this communication is confidential and/or
> > proprietary business or technical data. If you are not the intended
> > recipient, you are hereby notified that any dissemination, copying or
> > distribution of this communication, or the taking of any action in
> reliance
> > on the contents of this communication, is strictly prohibited. If you
> have
> > received this communication in error, please immediately notify us
> > electronically by return message, and delete or destroy all copies of
> this
> > communication.
> >
> > Quicksilva Limited, Reg No 3860799, Incorporated at Companies House,
> > Cardiff.
> > Registered Office: Langley Gate, Swindon Road, Chippenham, Wiltshire,
> SN15
> > 5SE.  Vat Reg No 762 8082 16.
> >
> > ______________________________________________________________________
> > This email has been scanned by the Symantec Email Security.cloud service.
> > For more information please visit http://www.symanteccloud.com
> > ______________________________________________________________________
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > For additional commands, e-mail: users-help@qpid.apache.org
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message