[
https://issues.apache.org/jira/browse/AMQ-8403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17882109#comment-17882109
]
Gary D Motts commented on AMQ-8403:
-----------------------------------
I encountered this same problem in AMQ V 5.16.7, using JDK 1.8 and RHEL open
jdk - jdk-8u422. The work around mentioned above only *partially* worked,
meaning I could start ActiveMQ but I encountered an exception starting the AMQ
web console. I am need of a stronger algorithm that is FIPS compatible,
PBEWithMD5AndDES is too weak.
Any suggestions?
ID:usatl-s-vas5156.ess.hitachienergy.com-18441-1726496969317-0:1) started
INFO | jvm 1 | 2024/09/16 10:29:29 | INFO | For help or more information
please see: http://activemq.apache.org
INFO | jvm 1 | 2024/09/16 10:29:30 | WARN | Failed startup of context
o.e.j.w.WebAppContext@69632cdc\{ActiveMQ
Console,/admin,file:///ventyx/opt/abb/soi/soi-2.1.0/activemq/webapps/admin/,UNAVAILABLE}
INFO | jvm 1 | 2024/09/16 10:29:30 |
org.jasypt.exceptions.EncryptionOperationNotPossibleException
INFO | jvm 1 | 2024/09/16 10:29:30 | at
org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1169)[jasypt-1.9.3.jar:]
INFO | jvm 1 | 2024/09/16 10:29:30 | at
org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:738)[jasypt-1.9.3.jar:]
INFO | jvm 1 | 2024/09/16 10:29:30 | at
org.jasypt.properties.PropertyValueEncryptionUtils.decrypt(PropertyValueEncryptionUtils.java:72)[jasypt-1.9.3.jar:]
INFO | jvm 1 | 2024/09/16 10:29:30 | at
org.jasypt.spring4.properties.EncryptableProper
Used this configuration :
<!-- Allows us to use encrypted system properties as variables in this
configuration file -->
<bean id="environmentVariablesConfiguration"
class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="{*}PBEWITHHMACSHA256ANDAES_256{*}" />
<property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD" />
*<property name="ivGenerator">*
*<bean class="org.jasypt.iv.RandomIvGenerator"/>*
*</property>*
</bean>
<bean id="configurationEncryptor"
class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config" ref="environmentVariablesConfiguration" />
</bean>
<bean id="propertyConfigurer"
class="org.jasypt.spring4.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location"
value="file:${activemq.conf}/credentials-enc.properties"/>
</bean>
> enhancement to https://activemq.apache.org/encrypted-passwords page
> -------------------------------------------------------------------
>
> Key: AMQ-8403
> URL: https://issues.apache.org/jira/browse/AMQ-8403
> Project: ActiveMQ Classic
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 5.16.3
> Environment: Failed with...
> activemq 5.16.3 + the existing configuration on the encrypted-passwords page
> + the following Java release.
> {code:java}
> java version "1.8.0_05"
> Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
> Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode)
> {code}
> Works with...
> activemq 5.16.3 + the configuration provided in the description of this
> improvement request + the following newer Java 8 release.
> {code:java}
> openjdk version "1.8.0_292"
> OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_292-b10)
> OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.292-b10, mixed mode)
> {code}
> I tried with/without the unlimited strength crypto extensions and it worked
> both ways with the solution provided above.
> Reporter: Nathan
> Priority: Minor
>
> Some newer crypto's need a slightly different different approach to
> configuration which the encrypted-passwords page does not cover.
> I suggest using the following config.
> The addition of the ivGenerator property and the use of newer Java 8 releases
> ensured it worked for me.
>
> {code:java}
> <bean id="environmentVariablesConfiguration"
> class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
> <property name="algorithm" value="PBEWITHHMACSHA256ANDAES_256" />
> <property name="ivGenerator">
> <bean class="org.jasypt.iv.RandomIvGenerator"/>
> </property>
> <property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD" />
> </bean>
> <bean id="configurationEncryptor"
> class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
> <property name="config" ref="environmentVariablesConfiguration" />
> </bean>
> <bean id="propertyConfigurer"
> class="org.jasypt.spring4.properties.EncryptablePropertyPlaceholderConfigurer">
> <constructor-arg ref="configurationEncryptor" />
> <property name="location"
> value="file:${activemq.base}/conf/credentials-enc.properties"/>
> </bean>
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
