Daniel Chaffelson created NIFI-15647:
----------------------------------------
Summary: JMSConnectionFactoryHandler does not configure SSL for
ActiveMQ Artemis ConnectionFactory
Key: NIFI-15647
URL: https://issues.apache.org/jira/browse/NIFI-15647
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Affects Versions: 2.7.2
Reporter: Daniel Chaffelson
When an SSLContextService is configured on a JMSConnectionFactoryProvider using
ActiveMQ Artemis
(org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory), the trust
store and key store settings from the SSLContextService are silently ignored.
This causes AMQ219007 connection failures against SSL-enabled Artemis brokers.
The root cause is that
JMSConnectionFactoryHandler.setConnectionFactoryProperties() has
vendor-specific SSL handling for Classic ActiveMQ (bean-style setters like
setTrustStore), QPID JMS (setSslContext), and IBM MQ (setSSLSocketFactory), but
no handling for ActiveMQ Artemis.
Because the Artemis package name (org.apache.activemq.artemis) is a prefix
match for the Classic ActiveMQ check (org.apache.activemq), the handler falls
into the Classic ActiveMQ branch and attempts to call setTrustStore(),
setKeyStore(), etc. These methods do not exist on the Artemis
ConnectionFactory, so the reflection-based setter silently fails and SSL
parameters are never applied.
Artemis does not expose bean-style SSL setters. Instead, SSL configuration is
parsed from query-string parameters on the broker URL:
{code}
tcp://host:port?sslEnabled=true&trustStorePath=/path/to/truststore&trustStorePassword=secret
{code}
The fix adds an Artemis-specific branch (checked before the Classic ActiveMQ
branch) that augments the broker URL with SSL transport parameters from the
SSLContextService, matching the existing pattern used for other JMS providers.
See also NIFI-13522, which describes a related but distinct issue
(javax/jakarta ClassCastException from using the wrong factory class). Users
who resolve NIFI-13522 by switching to the correct Artemis factory class will
encounter this issue next.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)