[jira] [Created] (NIFI-15647) JMSConnectionFactoryHandler does not configure SSL for ActiveMQ Artemis ConnectionFactory

Wed, 25 Feb 2026 08:52:49 -0800 

Daniel Chaffelson created NIFI-15647:
----------------------------------------

             Summary: JMSConnectionFactoryHandler does not configure SSL for 
ActiveMQ Artemis ConnectionFactory
                 Key: NIFI-15647
                 URL: https://issues.apache.org/jira/browse/NIFI-15647
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework
    Affects Versions: 2.7.2
            Reporter: Daniel Chaffelson


When an SSLContextService is configured on a JMSConnectionFactoryProvider using 
ActiveMQ Artemis 
(org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory), the trust 
store and key store settings from the SSLContextService are silently ignored. 
This causes AMQ219007 connection failures against SSL-enabled Artemis brokers.

The root cause is that 
JMSConnectionFactoryHandler.setConnectionFactoryProperties() has 
vendor-specific SSL handling for Classic ActiveMQ (bean-style setters like 
setTrustStore), QPID JMS (setSslContext), and IBM MQ (setSSLSocketFactory), but 
no handling for ActiveMQ Artemis.

Because the Artemis package name (org.apache.activemq.artemis) is a prefix 
match for the Classic ActiveMQ check (org.apache.activemq), the handler falls 
into the Classic ActiveMQ branch and attempts to call setTrustStore(), 
setKeyStore(), etc. These methods do not exist on the Artemis 
ConnectionFactory, so the reflection-based setter silently fails and SSL 
parameters are never applied.

Artemis does not expose bean-style SSL setters. Instead, SSL configuration is 
parsed from query-string parameters on the broker URL:

{code}
tcp://host:port?sslEnabled=true&trustStorePath=/path/to/truststore&trustStorePassword=secret
{code}

The fix adds an Artemis-specific branch (checked before the Classic ActiveMQ 
branch) that augments the broker URL with SSL transport parameters from the 
SSLContextService, matching the existing pattern used for other JMS providers.

See also NIFI-13522, which describes a related but distinct issue 
(javax/jakarta ClassCastException from using the wrong factory class). Users 
who resolve NIFI-13522 by switching to the correct Artemis factory class will 
encounter this issue next.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to