1 Reply Latest reply on Mar 14, 2013 8:17 AM by pjr69

    Enabling cluster autodiscovery + SSL from client side on code?

    pjr69
    pjr69 Mar 13, 2013 8:27 AM

      I have a clustered 2-node JBoss AS 7.1.1.Final (full-ha) running with some MDBs behind HornetQ. The MDBs are receiving JMS-messages sent from a client-desktop application from a different computer. The clients to not have theire own HornetQ Server-instances, they connect to the Servers running on JBoss-nodes. On the client side I get connected to a HornetQ Server with the following code:

       

      ...
      DiscoveryGroupConfiguration dgc = new DiscoveryGroupConfiguration("231.7.7.7", 9876);
      cf = HornetQJMSClient.createConnectionFactoryWithHA(dgc, JMSFactoryType.CF);
      connection = cf.createConnection("guest", "password!1");
      (create session, producer etc)
      ...

       

      All works very nicely as such, but now I need to switch to using SSL Transport and authenticate the server with a certificate so that the client knows that it's connecting to a proper server.

       

      I guess that the approach for configuring SSL for netty would be roughly something like (judging from the code that I've found on the net):
      ---
      Map<String, Object> connectionParams = new HashMap<String, Object>();
      connectionParams.put(org.hornetq.core.remoting.impl.netty.TransportConstants.SSL_ENABLED_PROP_NAME, true);
      (+ something else maybe)
      TransportConfiguration transportConfiguration = new TransportConfiguration("org.hornetq.core.remoting.impl.netty.NettyConnectorFactory", connectionParams);
      ServerLocator locator = HornetQClient.createServerLocatorWithHA(transportConfiguration);
      ClientSessionFactory sessionFactory = locator.createSessionFactory();
      ...

       

      But now there is no UDP-autodiscovery which is a requirement in our dynamic environment for locating services from the client.

      The server side configuration looks ok, plenty of examples on the net, but how do I configure Netty SSL Transport on the client side with just code? I don't understand how to integrate the TransportConfiguration + DiscoveryGroupConfiguration usage to enable SSL with auto-discovered HornetQ Server cluster???

       

      I can imagine that ServerLocator (or some other cluster change listener) is using DiscoveryGroupConfiguration to discover HornetQ Servers and then instantiating NettyConnectors from some internal NettyConnectorFactoryInstance (when cluster nodes are discovered) that I don't have access to and it spits out non-SSL NettyConnectors. Somehow I should be able to configure a specific NettyConnectorFactory-instance and convince the locator to use it when auto-discovering a new HQ Server node, right? How?

       

      (Using HornetQ 2.2.19.Final on the client side)

        • 1. Re: Enabling cluster autodiscovery + SSL from client side on code?
          pjr69
          pjr69 Mar 14, 2013 8:17 AM (in response to pjr69)

          RESOLVED: It was once again too easy and obvious...   There wasn't really any configuration to be done on the client side, just use the "ssl-enabled" example from HornetQ distribution, configured SSL-enabled acceptor/connector and broadcast-group on the server and put the keystore on the client it just worked. One thing mislead me: I was under the impression that the Netty connector forming on the client side must be configured on the client side as well by my code, but after browsing through HornetQ source code I realized that with the discovery-group mode, the client side connector is actually configured from the properties broadcasted from the server side, thus the SSL gets configured sorta "automagically" by the values I set on the standalone.xml-configuration file on JBoss. Well, live and learn...

           

          Very neat!

            • Actions