[jira] Updated: (AMQ-1754) org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate client.ks/client.ts files to enable convenient use of JNDI via SSL.

[Felix Koschmieder (JIRA)]

     [ 
https://issues.apache.org/activemq/browse/AMQ-1754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Felix Koschmieder updated AMQ-1754:
-----------------------------------

    Attachment: ActiveMqSslTransportFactory.java

Modifying the AMQ connection factory does not seem to be the ideal solution as 
is does not work with failover connections.

Instead, we can create a new SSL transport factory that keeps a AMQ-specific 
SSL context.

The attached class is ready to be used in a spring context as follows:

{monospaced}
        <bean id="amqConnectionFactory" 
class="org.apache.activemq.ActiveMQConnectionFactory" 
depends-on="amqSslTransportFactory">
                <property name="brokerURL" value="${jms.client.brokerUrl}"/>
                <property name="userName" value="${jms.client.username}"/>
                <property name="password" value="${jms.client.password}"/>
                <property name="transportListener" 
ref="loggingAmqTransportListener"/>
    </bean>

    <bean id="amqSslTransportFactory" 
class="org.apache.activemq.ActiveMQSslTransportFactory" 
init-method="initialize">
        <property name="keyStore" value="classpath:keystore.ks"/>
        <property name="keyStorePassword" value="keystorepwd"/>
        <property name="trustStore" value="classpath:truststore.ts"/>
        <property name="trustStorePassword" value="truststorepwd"/>
  </bean>
{monospaced}

To make it work outside of Spring, just replace the keyStore/trustStore 
attributes by Strings and change the logging framework as needed (currently 
slf4j).

I have tested this with ActiveMQ 5.3.0.

> org.apache.activemq.ActiveMQSslConnectionFactory extended to incorporate 
> client.ks/client.ts files to enable convenient use of JNDI via SSL.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-1754
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1754
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Transport
>    Affects Versions: 4.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 5.0.0, 5.1.0
>         Environment: have tested with activemq-4.2.snapshot but should work 
> with any version.
>            Reporter: Sudip Shrestha
>             Fix For: NEEDS_REVIEWED
>
>         Attachments: ActiveMQSslConnectionFactory.java, 
> ActiveMQSslConnectionFactoryx.java, ActiveMqSslTransportFactory.java
>
>
> Steps to use this class:
> - Follow instrucations at http://activemq.apache.org/how-do-i-use-ssl.html, 
> to create client.ks/client.ts files for your jms client.  If you were to 
> connect to the JMS server without using the extended class would necessiate 
> the user set the following system properties for his VM: 
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
> - Instead of the above, if used the attached class 
> ActiveMQSslConnectionFactoryx then the constructor public 
> ActiveMQSslConnectionFactoryx(String keyStore, String keyStorePassword, 
> String trustStore) calls the setKeyAndTrustManagers() method of the 
> org.apache.activemq.ActiveMQSslConnectionFactory there by setting up the 
> ConnectionFactory via SSL.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.