Re: [I] ManagementContext should support sslContext injection [activemq]

Mon, 23 Feb 2026 03:57:25 -0800 


asaxena14 commented on issue #1699:
URL: https://github.com/apache/activemq/issues/1699#issuecomment-3944335736

   Hi @jeanouii ,
   
   I was also looking into the same issue. After reviewing your PR and the 
original context of AMQ-9857, I believe we should also consider adding a 
broker-level SSL fallback into ManagementContext, as this aligns closely with 
the original intent of the issue.
   
   **From the issue context (AMQ-9857):**
   
   <img width="965" height="159" alt="Image" 
src="https://github.com/user-attachments/assets/34e0330e-578f-45f8-9690-57ae1061adc1";
 />
   
   Today, users can define SSL once in activemq.xml (broker <sslContext>) and 
reuse it for transport connectors. However, JMX requires a separate SSL setup 
(often via JVM com.sun.management.jmxremote.* arguments), which forces users to 
duplicate SSL configuration. The goal is to avoid configuring SSL twice and 
allow a single source of truth in broker configuration.
   
   **Suggested logic in BrokerService.startManagementContext():**
   
   If managementContext.getSslContext() == null and 
brokerService.getSslContext() != null, set management SSL from broker SSL.
   Then start management context as usual.
   
   To address, I have included additional logic in my PR:
   https://github.com/apache/activemq/pull/1710
   
   Adding these changes:
   - Will preserves existing explicit behaviour: if 
managementContext.sslContext is set, that value still wins.
   - It removes duplication for the common case: users define broker SSL once, 
and JMX automatically inherits it.
   - It aligns JMX behavior with transport connectors, which already benefit 
from broker-level SSL defaults.
   - It directly addresses the issue’s main pain point: duplicate SSL config 
between transport and JMX.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to