You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2012/11/25 16:42:10 UTC
svn commit: r1413364 - in /qpid/trunk/qpid: doc/book/src/programming/
java/client/src/main/java/org/apache/qpid/client/
java/client/src/main/java/org/apache/qpid/jms/
java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/
java/client...
Author: robbie
Date: Sun Nov 25 15:42:06 2012
New Revision: 1413364
URL: http://svn.apache.org/viewvc?rev=1413364&view=rev
Log:
QPID-4468: restore connection level ssl option to provide compatibility with older client configuration, add ability to override brokerlist ssl option
Modified:
qpid/trunk/qpid/doc/book/src/programming/Programming-In-Apache-Qpid.xml
qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java
qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/ConnectionURL.java
qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java
qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/connectionurl/ConnectionURLTest.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
Modified: qpid/trunk/qpid/doc/book/src/programming/Programming-In-Apache-Qpid.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/programming/Programming-In-Apache-Qpid.xml?rev=1413364&r1=1413363&r2=1413364&view=diff
==============================================================================
--- qpid/trunk/qpid/doc/book/src/programming/Programming-In-Apache-Qpid.xml (original)
+++ qpid/trunk/qpid/doc/book/src/programming/Programming-In-Apache-Qpid.xml Sun Nov 25 15:42:06 2012
@@ -3087,6 +3087,22 @@ spout - -content "$(cat rdu.xml | sed -e
</para>
</entry>
</row>
+ <row>
+ <entry>
+ ssl
+ </entry>
+ <entry>
+ boolean
+ </entry>
+ <entry>
+ <para>
+ If <literal>ssl='true'</literal>, use SSL for all broker connections. Overrides any per-broker settings in the brokerlist (see below) entries. If not specified, the brokerlist entry for each given broker is used to determine whether SSL is used.
+ </para>
+ <para>
+ Introduced in version 0.22.
+ </para>
+ </entry>
+ </row>
</tbody>
</tgroup>
</table>
@@ -3237,6 +3253,7 @@ spout - -content "$(cat rdu.xml | sed -e
trust_store_password
</entry>
<entry>
+ --
</entry>
<entry>
Trust store password
@@ -3247,6 +3264,7 @@ spout - -content "$(cat rdu.xml | sed -e
key_store
</entry>
<entry>
+ --
</entry>
<entry>
path to key store
@@ -3271,7 +3289,9 @@ spout - -content "$(cat rdu.xml | sed -e
Boolean
</entry>
<entry>
- If <literal>ssl='true'</literal>, the JMS client will encrypt the connection using SSL.
+ <para>If <literal>ssl='true'</literal>, the JMS client will encrypt the connection to this broker using SSL.</para>
+
+ <para>This can also be set/overridden for all brokers using the <link linkend="section-jms-connection-url">Connection URL</link> options.</para>
</entry>
</row>
<row>
@@ -3292,7 +3312,7 @@ spout - -content "$(cat rdu.xml | sed -e
ssl_cert_alias
</entry>
<entry>
-
+ --
</entry>
<entry>
If multiple certificates are present in the keystore, the alias will be used to extract the correct certificate.
Modified: qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java?rev=1413364&r1=1413363&r2=1413364&view=diff
==============================================================================
--- qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java (original)
+++ qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_0_10.java Sun Nov 25 15:42:06 2012
@@ -33,6 +33,7 @@ import org.apache.qpid.configuration.Cli
import org.apache.qpid.framing.ProtocolVersion;
import org.apache.qpid.jms.BrokerDetails;
import org.apache.qpid.jms.ChannelLimitReachedException;
+import org.apache.qpid.jms.ConnectionURL;
import org.apache.qpid.jms.Session;
import org.apache.qpid.properties.ConnectionStartProperties;
import org.apache.qpid.protocol.AMQConstant;
@@ -214,7 +215,8 @@ public class AMQConnectionDelegate_0_10
+ "********");
}
- ConnectionSettings conSettings = retriveConnectionSettings(brokerDetail);
+ ConnectionSettings conSettings = retrieveConnectionSettings(brokerDetail);
+
_qpidConnection.setConnectionDelegate(new ClientConnectionDelegate(conSettings, _conn.getConnectionURL()));
_qpidConnection.connect(conSettings);
@@ -420,7 +422,7 @@ public class AMQConnectionDelegate_0_10
return featureSupported;
}
- private ConnectionSettings retriveConnectionSettings(BrokerDetails brokerDetail)
+ private ConnectionSettings retrieveConnectionSettings(BrokerDetails brokerDetail)
{
ConnectionSettings conSettings = brokerDetail.buildConnectionSettings();
@@ -442,6 +444,24 @@ public class AMQConnectionDelegate_0_10
conSettings.setHeartbeatInterval(getHeartbeatInterval(brokerDetail));
+ //Check connection-level ssl override setting
+ String connectionSslOption = _conn.getConnectionURL().getOption(ConnectionURL.OPTIONS_SSL);
+ if(connectionSslOption != null)
+ {
+ boolean connUseSsl = Boolean.parseBoolean(connectionSslOption);
+ boolean brokerlistUseSsl = conSettings.isUseSSL();
+
+ if( connUseSsl != brokerlistUseSsl)
+ {
+ conSettings.setUseSSL(connUseSsl);
+
+ if (_logger.isDebugEnabled())
+ {
+ _logger.debug("Applied connection ssl option override, setting UseSsl to: " + connUseSsl );
+ }
+ }
+ }
+
return conSettings;
}
Modified: qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java?rev=1413364&r1=1413363&r2=1413364&view=diff
==============================================================================
--- qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java (original)
+++ qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/client/AMQConnectionDelegate_8_0.java Sun Nov 25 15:42:06 2012
@@ -40,6 +40,7 @@ import org.apache.qpid.framing.TxSelectB
import org.apache.qpid.framing.TxSelectOkBody;
import org.apache.qpid.jms.BrokerDetails;
import org.apache.qpid.jms.ChannelLimitReachedException;
+import org.apache.qpid.jms.ConnectionURL;
import org.apache.qpid.ssl.SSLContextFactory;
import org.apache.qpid.transport.ConnectionSettings;
import org.apache.qpid.transport.network.NetworkConnection;
@@ -100,6 +101,24 @@ public class AMQConnectionDelegate_8_0 i
ConnectionSettings settings = brokerDetail.buildConnectionSettings();
settings.setProtocol(brokerDetail.getTransport());
+ //Check connection-level ssl override setting
+ String connectionSslOption = _conn.getConnectionURL().getOption(ConnectionURL.OPTIONS_SSL);
+ if(connectionSslOption != null)
+ {
+ boolean connUseSsl = Boolean.parseBoolean(connectionSslOption);
+ boolean brokerlistUseSsl = settings.isUseSSL();
+
+ if( connUseSsl != brokerlistUseSsl)
+ {
+ settings.setUseSSL(connUseSsl);
+
+ if (_logger.isDebugEnabled())
+ {
+ _logger.debug("Applied connection ssl option override, setting UseSsl to: " + connUseSsl );
+ }
+ }
+ }
+
SecurityLayer securityLayer = SecurityLayerFactory.newInstance(settings);
OutgoingNetworkTransport transport = Transport.getOutgoingTransportInstance(getProtocolVersion());
Modified: qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/ConnectionURL.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/ConnectionURL.java?rev=1413364&r1=1413363&r2=1413364&view=diff
==============================================================================
--- qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/ConnectionURL.java (original)
+++ qpid/trunk/qpid/java/client/src/main/java/org/apache/qpid/jms/ConnectionURL.java Sun Nov 25 15:42:06 2012
@@ -44,6 +44,13 @@ public interface ConnectionURL
public static final String OPTIONS_FAILOVER_CYCLE = "cyclecount";
/**
+ * This option is used to apply a connection level override of
+ * the {@value BrokerDetails#OPTIONS_SSL} option values in the
+ * {@value ConnectionURL#OPTIONS_BROKERLIST};
+ */
+ public static final String OPTIONS_SSL = "ssl";
+
+ /**
* This option is only applicable for 0-8/0-9/0-9-1 protocols connection
* <p>
* It tells the client to delegate the requeue/DLQ decision to the
Modified: qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java?rev=1413364&r1=1413363&r2=1413364&view=diff
==============================================================================
--- qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java (original)
+++ qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java Sun Nov 25 15:42:06 2012
@@ -143,4 +143,25 @@ public class BrokerDetailsTest extends T
assertEquals("Unexpected toString", expectedToString, actualToString);
}
+
+ public void testDefaultSsl() throws URLSyntaxException
+ {
+ String brokerURL = "tcp://localhost:5672";
+ AMQBrokerDetails broker = new AMQBrokerDetails(brokerURL);
+
+ assertNull("default value should be null", broker.getProperty(BrokerDetails.OPTIONS_SSL));
+ }
+
+ public void testOverridingSsl() throws URLSyntaxException
+ {
+ String brokerURL = "tcp://localhost:5672?ssl='true'";
+ AMQBrokerDetails broker = new AMQBrokerDetails(brokerURL);
+
+ assertTrue("value should be true", Boolean.valueOf(broker.getProperty(BrokerDetails.OPTIONS_SSL)));
+
+ brokerURL = "tcp://localhost:5672?ssl='false''&maxprefetch='1'";
+ broker = new AMQBrokerDetails(brokerURL);
+
+ assertFalse("value should be false", Boolean.valueOf(broker.getProperty(BrokerDetails.OPTIONS_SSL)));
+ }
}
Modified: qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/connectionurl/ConnectionURLTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/connectionurl/ConnectionURLTest.java?rev=1413364&r1=1413363&r2=1413364&view=diff
==============================================================================
--- qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/connectionurl/ConnectionURLTest.java (original)
+++ qpid/trunk/qpid/java/client/src/test/java/org/apache/qpid/test/unit/client/connectionurl/ConnectionURLTest.java Sun Nov 25 15:42:06 2012
@@ -30,7 +30,6 @@ import org.apache.qpid.url.URLSyntaxExce
public class ConnectionURLTest extends TestCase
{
-
public void testFailoverURL() throws URLSyntaxException
{
String url = "amqp://ritchiem:bob@/test?brokerlist='tcp://localhost:5672;tcp://fancyserver:3000/',failover='roundrobin?cyclecount='100''";
@@ -563,5 +562,34 @@ public class ConnectionURLTest extends T
assertNull("Reject behaviour option was not as expected",
connectionurl.getOption(ConnectionURL.OPTIONS_REJECT_BEHAVIOUR));
}
+
+ /**
+ * Verify that when the ssl option is not specified, asking for the option returns null,
+ * such that this can later be used to verify it wasnt specified.
+ */
+ public void testDefaultSsl() throws URLSyntaxException
+ {
+ String url = "amqp://guest:guest@/test?brokerlist='tcp://localhost:5672'&foo='bar'";
+ ConnectionURL connectionURL = new AMQConnectionURL(url);
+
+ assertNull("default ssl value should be null", connectionURL.getOption(ConnectionURL.OPTIONS_SSL));
+ }
+
+ /**
+ * Verify that when the ssl option is specified, asking for the option returns the value,
+ * such that this can later be used to verify what value it was specified as.
+ */
+ public void testOverridingSsl() throws URLSyntaxException
+ {
+ String url = "amqp://guest:guest@/test?brokerlist='tcp://localhost:5672'&ssl='true'";
+ ConnectionURL connectionURL = new AMQConnectionURL(url);
+
+ assertTrue("value should be true", Boolean.valueOf(connectionURL.getOption(ConnectionURL.OPTIONS_SSL)));
+
+ url = "amqp://guest:guest@/test?brokerlist='tcp://localhost:5672'&ssl='false'";
+ connectionURL = new AMQConnectionURL(url);
+
+ assertFalse("value should be false", Boolean.valueOf(connectionURL.getOption(ConnectionURL.OPTIONS_SSL)));
+ }
}
Modified: qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java?rev=1413364&r1=1413363&r2=1413364&view=diff
==============================================================================
--- qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java (original)
+++ qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java Sun Nov 25 15:42:06 2012
@@ -28,6 +28,7 @@ import static org.apache.qpid.test.utils
import org.apache.commons.configuration.ConfigurationException;
import org.apache.qpid.client.AMQConnectionURL;
import org.apache.qpid.client.AMQTestConnection_0_10;
+import org.apache.qpid.jms.ConnectionURL;
import org.apache.qpid.test.utils.QpidBrokerTestCase;
import javax.jms.Connection;
@@ -78,6 +79,54 @@ public class SSLTest extends QpidBrokerT
}
}
+ /**
+ * Create an SSL connection using the SSL system properties for the trust and key store, but using
+ * the {@link ConnectionURL} ssl='true' option to indicate use of SSL at a Connection level,
+ * without specifying anything at the {@link ConnectionURL#OPTIONS_BROKERLIST} level.
+ */
+ public void testSslConnectionOption() throws Exception
+ {
+ if (shouldPerformTest())
+ {
+ //Start the broker (NEEDing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, true, false);
+ super.setUp();
+
+ //Create URL enabling SSL at the connection rather than brokerlist level
+ String url = "amqp://guest:guest@test/?ssl='true'&brokerlist='tcp://localhost:%s'";
+ url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT);
+
+ Connection con = getConnection(new AMQConnectionURL(url));
+ assertNotNull("connection should be successful", con);
+ Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
+ assertNotNull("create session should be successful", ssn);
+ }
+ }
+
+ /**
+ * Create an SSL connection using the SSL system properties for the trust and key store, but using
+ * the {@link ConnectionURL} ssl='true' option to indicate use of SSL at a Connection level,
+ * overriding the false setting at the {@link ConnectionURL#OPTIONS_BROKERLIST} level.
+ */
+ public void testSslConnectionOptionOverridesBrokerlistOption() throws Exception
+ {
+ if (shouldPerformTest())
+ {
+ //Start the broker (NEEDing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, true, false);
+ super.setUp();
+
+ //Create URL enabling SSL at the connection, overriding the false at the brokerlist level
+ String url = "amqp://guest:guest@test/?ssl='true'&brokerlist='tcp://localhost:%s?ssl='false''";
+ url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT);
+
+ Connection con = getConnection(new AMQConnectionURL(url));
+ assertNotNull("connection should be successful", con);
+ Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
+ assertNotNull("create session should be successful", ssn);
+ }
+ }
+
public void testCreateSSLConnectionUsingSystemProperties() throws Exception
{
if (shouldPerformTest())
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org