[jira] [Resolved] (NIFI-15647) JMSConnectionFactoryHandler does not configure SSL for ActiveMQ Artemis ConnectionFactory

Thu, 26 Feb 2026 06:32:37 -0800 


     [ 
https://issues.apache.org/jira/browse/NIFI-15647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pierre Villard resolved NIFI-15647.
-----------------------------------
    Fix Version/s: 2.9.0
         Assignee: Daniel Chaffelson
       Resolution: Fixed

> JMSConnectionFactoryHandler does not configure SSL for ActiveMQ Artemis 
> ConnectionFactory
> -----------------------------------------------------------------------------------------
>
>                 Key: NIFI-15647
>                 URL: https://issues.apache.org/jira/browse/NIFI-15647
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 2.7.2
>            Reporter: Daniel Chaffelson
>            Assignee: Daniel Chaffelson
>            Priority: Major
>             Fix For: 2.9.0
>
>   Original Estimate: 1h
>          Time Spent: 20m
>  Remaining Estimate: 40m
>
> When an SSLContextService is configured on a JMSConnectionFactoryProvider 
> using ActiveMQ Artemis 
> (org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory), the trust 
> store and key store settings from the SSLContextService are silently ignored. 
> This causes AMQ219007 connection failures against SSL-enabled Artemis brokers.
> The root cause is that 
> JMSConnectionFactoryHandler.setConnectionFactoryProperties() has 
> vendor-specific SSL handling for Classic ActiveMQ (bean-style setters like 
> setTrustStore), QPID JMS (setSslContext), and IBM MQ (setSSLSocketFactory), 
> but no handling for ActiveMQ Artemis.
> Because the Artemis package name (org.apache.activemq.artemis) is a prefix 
> match for the Classic ActiveMQ check (org.apache.activemq), the handler falls 
> into the Classic ActiveMQ branch and attempts to call setTrustStore(), 
> setKeyStore(), etc. These methods do not exist on the Artemis 
> ConnectionFactory, so the reflection-based setter silently fails and SSL 
> parameters are never applied.
> Artemis does not expose bean-style SSL setters. Instead, SSL configuration is 
> parsed from query-string parameters on the broker URL:
> {code}
> tcp://host:port?sslEnabled=true&trustStorePath=/path/to/truststore&trustStorePassword=secret
> {code}
> The fix adds an Artemis-specific branch (checked before the Classic ActiveMQ 
> branch) that augments the broker URL with SSL transport parameters from the 
> SSLContextService, matching the existing pattern used for other JMS providers.
> See also NIFI-13522, which describes a related but distinct issue 
> (javax/jakarta ClassCastException from using the wrong factory class). Users 
> who resolve NIFI-13522 by switching to the correct Artemis factory class will 
> encounter this issue next.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to