You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by claysea <se...@emc.com> on 2010/04/22 20:33:39 UTC
Apache camelContext jmxAgent for SSL
How can I configure the camelContext jmxAgent to use SSL keystore
authentication?
I have enabled the JMX agent in the camelContext:
<camel:camelContext id="camelContext">
<camel:jmxAgent id="agent" disabled="false"
createConnector="true"
usePlatformMBeanServer="true"
registryPort="8443"/>
The list of jmxAgent properties does not provide a way to enable SSL or
identify the keystore and password.
I have enabled the following JMX properties in the JVM at startup:
-Dcom.sun.management.jmxremote.port=8443
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=true
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true
However, I can still access my org.apache.camel mbeans from my remote
JConsole w/o any authentication.
FYI - I am using Spring/JDK 1.5.
Thanks
--
View this message in context: http://old.nabble.com/Apache-camelContext-jmxAgent-for-SSL-tp28332944p28332944.html
Sent from the Camel Development mailing list archive at Nabble.com.
Re: Apache camelContext jmxAgent for SSL
Posted by claysea <se...@emc.com>.
I was able to get the working as follows:
<camel:camelContext id="camelContext">
<camel:jmxAgent id="jmxAgent" disabled="false"
createConnector="false">
</camel:camelContext>
<bean id="rmiRegistry"
class="org.springframework.remoting.rmi.RmiRegistryFactoryBean">
<property name="port" value="8091"/>
</bean>
<bean id="jmxConnector"
class="org.springframework.jmx.support.ConnectorServerFactoryBean"
depends-on="rmiRegistry">
<property name="objectName" value="connector:name=rmi"/>
<property name="serviceUrl"
value="service:jmx:rmi://localhost:8090/jndi/rmi://localhost:8091/myapp"/>
<property name="environment">
<map>
<!-- JMX password authentication -->
<entry key="jmx.remote.x.password.file"
value="C:/Temp/jmx/jmxremote.password"/>
<entry key="jmx.remote.x.access.file"
value="C:/Temp/jmx/jmxremote.access"/>
<!-- JMX SSL authentication -->
<entry key="jmx.remote.rmi.client.socket.factory">
<bean class="javax.rmi.ssl.SslRMIClientSocketFactory"/>
</entry>
<entry key="jmx.remote.rmi.server.socket.factory">
<bean class="javax.rmi.ssl.SslRMIServerSocketFactory"/>
</entry>
</map>
</property>
</bean>
--
View this message in context: http://old.nabble.com/Apache-camelContext-jmxAgent-for-SSL-tp28332944p28760951.html
Sent from the Camel Development mailing list archive at Nabble.com.
Re: Apache camelContext jmxAgent for SSL
Posted by muhammad siddique <ab...@gmail.com>.
Here is the modified version if you chose to use ssl client authentication vs
plain text file
<bean id="jmxConnector"
class="org.springframework.jmx.support.ConnectorServerFactoryBean"
depends-on="rmiRegistry">
<property name="objectName" value="connector:name=rmi"/>
<property name="serviceUrl"
value="service:jmx:rmi://localhost:1098/jndi/rmi://localhost:1099/myapp"/>
<property name="environment">
<map>
<entry key="jmx.remote.rmi.client.socket.factory">
<bean class="javax.rmi.ssl.SslRMIClientSocketFactory"/>
</entry>
<entry key="jmx.remote.rmi.server.socket.factory">
<bean class="javax.rmi.ssl.SslRMIServerSocketFactory"/>
</entry>
<entry key="jmx.remote.rmi.server.socket.factory">
<bean class="javax.rmi.ssl.SslRMIServerSocketFactory" >
<constructor-arg index="0" > <null
/></constructor-arg>
<constructor-arg index="1" > <null
/></constructor-arg>
<constructor-arg index="2" value="true" />
</bean>
</entry>
</map>
</property>
</bean>
--
View this message in context: http://camel.465427.n5.nabble.com/Apache-camelContext-jmxAgent-for-SSL-tp493488p5733581.html
Sent from the Camel Development mailing list archive at Nabble.com.
Re: Apache camelContext jmxAgent for SSL
Posted by Claus Ibsen <cl...@gmail.com>.
Hi
Do you mind looking what it takes in the JMX API to setup SSL on the connector?
Maybe there is something missing / we need to do. Despite you have set
those JVM system properties.
Feel free to create a ticket in JIRA about this.
On Thu, Apr 22, 2010 at 8:33 PM, claysea <se...@emc.com> wrote:
>
> How can I configure the camelContext jmxAgent to use SSL keystore
> authentication?
>
> I have enabled the JMX agent in the camelContext:
>
> <camel:camelContext id="camelContext">
> <camel:jmxAgent id="agent" disabled="false"
> createConnector="true"
> usePlatformMBeanServer="true"
> registryPort="8443"/>
>
> The list of jmxAgent properties does not provide a way to enable SSL or
> identify the keystore and password.
>
> I have enabled the following JMX properties in the JVM at startup:
> -Dcom.sun.management.jmxremote.port=8443
> -Dcom.sun.management.jmxremote.authenticate=true
> -Dcom.sun.management.jmxremote.ssl=true
> -Dcom.sun.management.jmxremote.ssl.need.client.auth=true
>
>
> However, I can still access my org.apache.camel mbeans from my remote
> JConsole w/o any authentication.
>
> FYI - I am using Spring/JDK 1.5.
>
> Thanks
> --
> View this message in context: http://old.nabble.com/Apache-camelContext-jmxAgent-for-SSL-tp28332944p28332944.html
> Sent from the Camel Development mailing list archive at Nabble.com.
>
>
--
Claus Ibsen
Apache Camel Committer
Author of Camel in Action: http://www.manning.com/ibsen/
Open Source Integration: http://fusesource.com
Blog: http://davsclaus.blogspot.com/
Twitter: http://twitter.com/davsclaus