[
https://issues.apache.org/jira/browse/NIFI-15647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Villard resolved NIFI-15647.
-----------------------------------
Fix Version/s: 2.9.0
Assignee: Daniel Chaffelson
Resolution: Fixed
> JMSConnectionFactoryHandler does not configure SSL for ActiveMQ Artemis
> ConnectionFactory
> -----------------------------------------------------------------------------------------
>
> Key: NIFI-15647
> URL: https://issues.apache.org/jira/browse/NIFI-15647
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 2.7.2
> Reporter: Daniel Chaffelson
> Assignee: Daniel Chaffelson
> Priority: Major
> Fix For: 2.9.0
>
> Original Estimate: 1h
> Time Spent: 20m
> Remaining Estimate: 40m
>
> When an SSLContextService is configured on a JMSConnectionFactoryProvider
> using ActiveMQ Artemis
> (org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory), the trust
> store and key store settings from the SSLContextService are silently ignored.
> This causes AMQ219007 connection failures against SSL-enabled Artemis brokers.
> The root cause is that
> JMSConnectionFactoryHandler.setConnectionFactoryProperties() has
> vendor-specific SSL handling for Classic ActiveMQ (bean-style setters like
> setTrustStore), QPID JMS (setSslContext), and IBM MQ (setSSLSocketFactory),
> but no handling for ActiveMQ Artemis.
> Because the Artemis package name (org.apache.activemq.artemis) is a prefix
> match for the Classic ActiveMQ check (org.apache.activemq), the handler falls
> into the Classic ActiveMQ branch and attempts to call setTrustStore(),
> setKeyStore(), etc. These methods do not exist on the Artemis
> ConnectionFactory, so the reflection-based setter silently fails and SSL
> parameters are never applied.
> Artemis does not expose bean-style SSL setters. Instead, SSL configuration is
> parsed from query-string parameters on the broker URL:
> {code}
> tcp://host:port?sslEnabled=true&trustStorePath=/path/to/truststore&trustStorePassword=secret
> {code}
> The fix adds an Artemis-specific branch (checked before the Classic ActiveMQ
> branch) that augments the broker URL with SSL transport parameters from the
> SSLContextService, matching the existing pattern used for other JMS providers.
> See also NIFI-13522, which describes a related but distinct issue
> (javax/jakarta ClassCastException from using the wrong factory class). Users
> who resolve NIFI-13522 by switching to the correct Artemis factory class will
> encounter this issue next.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)