Hello Lorenz,
Indeed I figured it out by looking at the code. I actually had a wrong file
structure under META-INF/services and my encryptor wasn't visible.
As for the AES, it is "conditionally available" and in my case it was not
available. This is why I was seeing "None".
When I fixed the file structure, I could see my encryptor.
Thanks for your help!
Adel
________________________________
From: Lorenz Quack <quack.lor...@gmail.com>
Sent: Thursday, December 15, 2016 5:13:20 PM
To: users@qpid.apache.org
Subject: Re: [Qpid Java Broker] Providing external encryptor for configuration
Hello Adel,
you would set this like any other attribute. something like this:
curl -u username localhost:8080/api/v6.1/broker -X POST -d
'{"confidentialConfigurationEncryptionProvider":"AESKeyFile"}'
However, we only allow valid values to be set. The error message from
that curl command will tell you which the broker believes to be valid
values. judging from what you wrote I guess that list will be empty
since the web management console uses the
localhost:8080/service/metadata which also uses the valid values.
In the code the valid values for the encryptors are calculated here:
org.apache.qpid.server.model.AbstractContainer#getAvailableConfigurationEncrypters
which is referenced from the @ManagedAttribute annotation on
org.apache.qpid.server.model.Broker#getConfidentialConfigurationEncryptionProvider
I believe those annotations are resolved in the onResolve stage of
broker start up.
I think it should find your Encryptor if it is on the class path. Not
entirely sure what else could be going wrong.
Could you check what curl -u username localhost:8080/service/metadata
returns under
Broker -> Broker -> attributes ->
confidentialConfigurationEncryptionProvider -> validValues
Kind regards,
Lorenz
On 15/12/16 15:29, Adel Boutros wrote:
> Hello,
>
>
> I don't understand how I activate the encryptor in the broker attributes
> using the Management API as referenced here [1].
>
> When I open the web console and edit the broker attribute, the only value for
> "config encryption" is non.
>
>
> Did I miss something? Can you please assist?
>
>
> [1]:
> https://qpid.apache.org/releases/qpid-java-6.0.4/java-broker/book/Java-Broker-Management-Managing-Broker.html
>
>
> Regards,
>
> Adel
>
> ________________________________
> From: Adel Boutros
> Sent: Tuesday, December 13, 2016 6:49:10 PM
> To: users@qpid.apache.org
> Subject: Re: [Qpid Java Broker] Providing external encryptor for configuration
>
>
> Thanks Rob again!
>
>
> We had understood that by reading the code itself.
>
>
> Don't you thinking it would be a good idea adding this explanation to the
> Book?
>
>
> Regards,
>
> Adel
>
> ________________________________
> From: Rob Godfrey <rob.j.godf...@gmail.com>
> Sent: Tuesday, December 13, 2016 5:43:17 PM
> To: users@qpid.apache.org
> Subject: Re: [Qpid Java Broker] Providing external encryptor for configuration
>
> In order to be found, a configuration secret encrypter implementation
> requires an implementation of ConfigurationSecretEncrypterFactory which
> needs to be in the META-INF/services file for the jar in which your
> implementation provides the service (the Qpid codebase uses an annotation
> @Pluggable and an annotation proessor to generate the META-INF/sevices
> stuff automatically)
>
> -- Rob
>
> On 13 December 2016 at 16:33, Adel Boutros <adelbout...@live.com> wrote:
>
>> Thanks Rob!
>>
>>
>> Are there any requirements at the level of the packaging of classes for
>> example under META-INF/services as Java service loader does?
>>
>>
>> Regards,
>>
>> Adel
>>
>> ________________________________
>> From: Rob Godfrey <rob.j.godf...@gmail.com>
>> Sent: Tuesday, December 13, 2016 3:24:17 PM
>> To: users@qpid.apache.org
>> Subject: Re: [Qpid Java Broker] Providing external encryptor for
>> configuration
>>
>> Obviously the encrypter will have to be in the broker's classpath. If you
>> use the qpid-server shell script, then it sets the environment variable
>> QPID_CLASSPATH like so:
>>
>> QPID_LIBS="${QPID_HOME}/lib/*:${QPID_HOME}/lib/plugins/*:${
>> QPID_HOME}/lib/opt/*"
>>
>> QPID_CLASSPATH="${QPID_LIBS}"
>>
>> This is then used by qpid-run script to set the classpath for the broker.
>> So if you have not otherwise changed the script it looks like any of lib/ ,
>> lib/plugins or lib/opt/ would do.
>>
>> -- Rob
>>
>> On 13 December 2016 at 12:12, Adel Boutros <adelbout...@live.com> wrote:
>>
>>> Hello,
>>>
>>> In the Java Broker book, it is mentioned here [1] that the user can
>>> provide an external configuration encryptor by implementing
>>> ConfigurationSecretEncrypter.
>>>
>>> However, I couldn't find in the book where it describes the process. For
>>> example, where should I place my implementation? (under lib folder of the
>>> broker or somewhere else?)
>>>
>>> [1]: https://qpid.apache.org/releases/qpid-java-6.0.4/java-
>>> broker/book/Java-Broker-Security-Configuration-Encryption.html
>>>
>>> Regards,
>>> Adel
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
>>> For additional commands, e-mail: users-h...@qpid.apache.org
>>>
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org
