[
https://issues.apache.org/jira/browse/AMQ-8403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17882443#comment-17882443
]
Gary D Motts commented on AMQ-8403:
-----------------------------------
[~ndk] - Huge thanks for this workaround. I updated webconsole-embedded.xml
with similar configurations as activemq.xml (inlcluding the ivGenerator
property) and AMQ starts without error and was able to access the console.
PBEWithMD5AndDES is such a weak algorithm and this solution is much more secure
using a 256 bit key for encryption. AGREE WITH YOU THE APACHE DOCUMENTATION
NEEDS UPDATED.
> enhancement to https://activemq.apache.org/encrypted-passwords page
> -------------------------------------------------------------------
>
> Key: AMQ-8403
> URL: https://issues.apache.org/jira/browse/AMQ-8403
> Project: ActiveMQ Classic
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 5.16.3
> Environment: Failed with...
> activemq 5.16.3 + the existing configuration on the encrypted-passwords page
> + the following Java release.
> {code:java}
> java version "1.8.0_05"
> Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
> Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode)
> {code}
> Works with...
> activemq 5.16.3 + the configuration provided in the description of this
> improvement request + the following newer Java 8 release.
> {code:java}
> openjdk version "1.8.0_292"
> OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_292-b10)
> OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.292-b10, mixed mode)
> {code}
> I tried with/without the unlimited strength crypto extensions and it worked
> both ways with the solution provided above.
> Reporter: Nathan
> Priority: Minor
>
> Some newer crypto's need a slightly different different approach to
> configuration which the encrypted-passwords page does not cover.
> I suggest using the following config.
> The addition of the ivGenerator property and the use of newer Java 8 releases
> ensured it worked for me.
>
> {code:java}
> <bean id="environmentVariablesConfiguration"
> class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
> <property name="algorithm" value="PBEWITHHMACSHA256ANDAES_256" />
> <property name="ivGenerator">
> <bean class="org.jasypt.iv.RandomIvGenerator"/>
> </property>
> <property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD" />
> </bean>
> <bean id="configurationEncryptor"
> class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
> <property name="config" ref="environmentVariablesConfiguration" />
> </bean>
> <bean id="propertyConfigurer"
> class="org.jasypt.spring4.properties.EncryptablePropertyPlaceholderConfigurer">
> <constructor-arg ref="configurationEncryptor" />
> <property name="location"
> value="file:${activemq.base}/conf/credentials-enc.properties"/>
> </bean>
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
