[
https://issues.apache.org/jira/browse/NIFI-15647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18061375#comment-18061375
]
ASF subversion and git services commented on NIFI-15647:
--------------------------------------------------------
Commit 41a9406ae671c9e7afbb9ccbc9a51f8ee0165bb7 in nifi's branch
refs/heads/main from Chaffelson
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=41a9406ae6 ]
NIFI-15647 Add SSL configuration support for ActiveMQ Artemis JMS connections
JMSConnectionFactoryHandler now augments the broker URL with SSL transport
parameters (sslEnabled, trustStorePath, keyStorePath, etc.) when an
SSLContextService is configured and the connection factory implementation
is ActiveMQ Artemis. Previously, Artemis SSL settings were silently ignored
because Artemis does not expose bean-style SSL setters like Classic ActiveMQ.
This closes #10936.
Signed-off-by: Pierre Villard <[email protected]>
> JMSConnectionFactoryHandler does not configure SSL for ActiveMQ Artemis
> ConnectionFactory
> -----------------------------------------------------------------------------------------
>
> Key: NIFI-15647
> URL: https://issues.apache.org/jira/browse/NIFI-15647
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 2.7.2
> Reporter: Daniel Chaffelson
> Priority: Major
> Original Estimate: 1h
> Time Spent: 20m
> Remaining Estimate: 40m
>
> When an SSLContextService is configured on a JMSConnectionFactoryProvider
> using ActiveMQ Artemis
> (org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory), the trust
> store and key store settings from the SSLContextService are silently ignored.
> This causes AMQ219007 connection failures against SSL-enabled Artemis brokers.
> The root cause is that
> JMSConnectionFactoryHandler.setConnectionFactoryProperties() has
> vendor-specific SSL handling for Classic ActiveMQ (bean-style setters like
> setTrustStore), QPID JMS (setSslContext), and IBM MQ (setSSLSocketFactory),
> but no handling for ActiveMQ Artemis.
> Because the Artemis package name (org.apache.activemq.artemis) is a prefix
> match for the Classic ActiveMQ check (org.apache.activemq), the handler falls
> into the Classic ActiveMQ branch and attempts to call setTrustStore(),
> setKeyStore(), etc. These methods do not exist on the Artemis
> ConnectionFactory, so the reflection-based setter silently fails and SSL
> parameters are never applied.
> Artemis does not expose bean-style SSL setters. Instead, SSL configuration is
> parsed from query-string parameters on the broker URL:
> {code}
> tcp://host:port?sslEnabled=true&trustStorePath=/path/to/truststore&trustStorePassword=secret
> {code}
> The fix adds an Artemis-specific branch (checked before the Classic ActiveMQ
> branch) that augments the broker URL with SSL transport parameters from the
> SSLContextService, matching the existing pattern used for other JMS providers.
> See also NIFI-13522, which describes a related but distinct issue
> (javax/jakarta ClassCastException from using the wrong factory class). Users
> who resolve NIFI-13522 by switching to the correct Artemis factory class will
> encounter this issue next.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
