[jira] Updated: (AMQ-1754) org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.

["Felix Koschmieder (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Koschmieder updated AMQ-1754:
-----------------------------------

    Attachment: ActiveMqSslTransportFactory.java

Modifying the AMQ connection factory does not seem to be the ideal solution as is does not work with failover connections.

Instead, we can create a new SSL transport factory that keeps a AMQ-specific SSL context.

The attached class is ready to be used in a spring context as follows:

{monospaced}
	<bean id="amqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory" depends-on="amqSslTransportFactory">
		<property name="brokerURL" value="${jms.client.brokerUrl}"/>
		<property name="userName" value="${jms.client.username}"/>
		<property name="password" value="${jms.client.password}"/>
		<property name="transportListener" ref="loggingAmqTransportListener"/>
    </bean>

    <bean id="amqSslTransportFactory" class="org.apache.activemq.ActiveMQSslTransportFactory" init-method="initialize">
        <property name="keyStore" value="classpath:keystore.ks"/>
        <property name="keyStorePassword" value="keystorepwd"/>
        <property name="trustStore" value="classpath:truststore.ts"/>
        <property name="trustStorePassword" value="truststorepwd"/>
  </bean>
{monospaced}

To make it work outside of Spring, just replace the keyStore/trustStore attributes by Strings and change the logging framework as needed (currently slf4j).

I have tested this with ActiveMQ 5.3.0.

> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-1754
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1754
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Transport
>    Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
>         Environment: have tested with activemq-4.2.snapshot but should work with any version.
>            Reporter: Sudip Shrestha
>             Fix For: NEEDS_REVIEWED
>
>         Attachments: ActiveMQSslConnectionFactory.java, ActiveMQSslConnectionFactoryx.java, ActiveMqSslTransportFactory.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, to create client.ks/client.ts files for your jms client.  If you were to connect to the JMS server without using the extended class would necessiate the user set the following system properties for his VM: 
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class ActiveMQSslConnectionFactoryx then the constructor public ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, String trustStore) calls the setKeyAndTrustManagers() method of the org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the ConnectionFactory via SSL.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.