-
1. Re: ESB ActiveMQ-based Message Broker with SSL
davsclaus Jan 17, 2011 11:09 AM (in response to blablablabla)Hi
You have put it into the right spot. I think the XSD is ordered A..Z. So you gotta insert the xml tags alphabetical.
And what version of Fuse ESB are you using?
-
2. Re: ESB ActiveMQ-based Message Broker with SSL
blablablabla Jan 18, 2011 4:48 AM (in response to davsclaus)You're right, man! It was all about the alphabetical ordering of tags within the . My current sslContext looks like this:
Howerver, there is still one little problem:
java.io.FileNotFoundException: OSGi resource[/opt/sia/apache-servicemix-4.2.0-fuse/etc/mybroker.ks|bnd.id=68|bnd.sym=activemq-broker.xml] cannot be resolved to URL because it does not exist
at org.springframework.osgi.io.OsgiBundleResource.getURL(OsgiBundleResource.java:228)
at org.springframework.osgi.io.OsgiBundleResource.getInputStream(OsgiBundleResource.java:180)
at org.apache.activemq.spring.SpringSslContext.createKeyManagerKeyStore(SpringSslContext.java:118)
at org.apache.activemq.spring.SpringSslContext.createKeyManagers(SpringSslContext.java:87)
at org.apache.activemq.spring.SpringSslContext.afterPropertiesSet(SpringSslContext.java:64)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:297)
at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:250
I mean, of course there is no file
/opt/sia/apache-servicemix-4.2.0-fuse/etc/mybroker.ks|bnd.id=68|bnd.sym=activemq-broker.xml
but there is definitely a file called /opt/sia/apache-servicemix-4.2.0-fuse/etc/mybroker.ks
any ideas? thanks in advance,
peter
p.s. I tried different locations of the files already - within and beyond {karaf.home}. unfortunately, it does not seem to make any difference to fuse
Edited by: blablablabla on Jan 18, 2011 9:48 AM
-
3. Re: ESB ActiveMQ-based Message Broker with SSL
davsclaus Jan 18, 2011 6:47 AM (in response to blablablabla)Can you try with the latest release of the Fuse ESB as we keep improving the product in each version, especially in terms of OSGi related issues.
-
4. Re: ESB ActiveMQ-based Message Broker with SSL
muellerc Jan 25, 2011 4:54 PM (in response to davsclaus)Hello!
This is still an issue in FUSE ESB 4.3 (see stacktrace) and really bad for my company. We use multiple Brokers located in different countries and we have to secure our connections.
Does anyone have a workaround for this issue? Preferred in FUSE ESB 4.2.
The only possible solution I can imagine is to use the Broker as a standalone Broker (not embedded in FUSE ESB)...
22:41:22,132 | ERROR | rint Extender: 3 | BlueprintContainerImpl | container.BlueprintContainerImpl 342 | 7 - org.apache.aries.blueprint - 0.2.0.incubating | Unable to start blueprint container for bundle activemq-broker.xml org.osgi.service.blueprint.container.ComponentDefinitionException: Error setting property: PropertyDescriptor <name: keyStore, getter: public org.springframework.core.io.Resource org.apache.activemq.spring.SpringSslContext.getKeyStore(), setter: [public void org.apache.activemq.spring.SpringSslContext.setKeyStore(org.springframework.core.io.Resource)] at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:827)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:793)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:774)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:740)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:819)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:793)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:774)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:740)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:219)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:147)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:624)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:315)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:213)[7:org.apache.aries.blueprint:0.2.0.incubating] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)[:1.6.0_22] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)[:1.6.0_22] at java.util.concurrent.FutureTask.run(FutureTask.java:138)[:1.6.0_22] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:98)[:1.6.0_22] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:206)[:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)[:1.6.0_22] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)[:1.6.0_22] at java.lang.Thread.run(Thread.java:680)[:1.6.0_22] Caused by: java.lang.Exception: Unable to convert value /Applications/apache-servicemix-4.3.0-fuse-03-00/etc/mybroker.ks to type interface org.springframework.core.io.Resource. Type interface org.springframework.core.io.Resource is an interface or an abstract class at org.apache.aries.blueprint.container.AggregateConverter.createObject(AggregateConverter.java:286)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.AggregateConverter.convertFromString(AggregateConverter.java:280)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.AggregateConverter.convert(AggregateConverter.java:151)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BlueprintRepository.convert(BlueprintRepository.java:373)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor.convert(ReflectionUtils.java:318)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.utils.ReflectionUtils$MethodPropertyDescriptor.internalSet(ReflectionUtils.java:416)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor.set(ReflectionUtils.java:302)[7:org.apache.aries.blueprint:0.2.0.incubating] at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:825)[7:org.apache.aries.blueprint:0.2.0.incubating] ... 22 more
Thanks in advance,
Christian
-
5. Re: ESB ActiveMQ-based Message Broker with SSL
muellerc Jan 25, 2011 5:02 PM (in response to muellerc)I also tryied to prefix the resource with "file:", but got the same exception:
<sslContext> <sslContext keyStore="file:${karaf.base}/etc/mybroker.ks" keyStorePassword="test123" trustStore="file:${karaf.base}/etc/mybroker.ts" trustStorePassword="test123"></sslContext> </sslContext>
I use the sslContext configuration from the "ActiveMQ in Action" book and copied the broker.ks and broker.ts from my apache-activemq-5.4.2-fuse-00-00 installation.
Christian
-
6. Re: ESB ActiveMQ-based Message Broker with SSL
muellerc Jan 25, 2011 5:34 PM (in response to muellerc)I have no luck to configure apache-activemq-5.4.2-fuse-00-00 with ssl. It starts and stops immediately without any log entry. Damm...
My configuration was:
<sslContext> <sslContext keyStore="${activemq.base}/etc/mybroker.ks" keyStorePassword="test123"></sslContext> </sslContext> <transportConnectors> <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"></transportConnector> <transportConnector name="ssl" uri="ssl://0.0.0.0:61617"></transportConnector> </transportConnectors>
Christian
-
7. Re: ESB ActiveMQ-based Message Broker with SSL
davsclaus Jan 26, 2011 1:50 AM (in response to muellerc)There is a AMQ security guide
http://fusesource.com/docs/broker/5.4/security/index.html
And an ESB security guide
http://fusesource.com/docs/esb/4.3/esb_security/index.html
There may be details in those that can help.
If you have a FuseSource subscription you can use those channels to get help faster and people active helping you out.
-
8. Re: ESB ActiveMQ-based Message Broker with SSL
wlsi Jan 26, 2011 5:06 AM (in response to davsclaus)Thanks for the links. I used the configuration described in to configure my default activemq-broker.xml to use SSL without any luck. I got the same exception.
I raised a 'private' JIRA for it .
http://fusesource.com/docs/esb/4.3/esb_security/SecureBroker-SSL.html
http://fusesource.com/issues/browse/DEV-2921
Christian
-
9. Re: ESB ActiveMQ-based Message Broker with SSL
wlsi Jan 26, 2011 5:29 AM (in response to davsclaus)I had success to configure a standalone ActiveMQ Broker with help from this tutorial :
ActiveMQ Broker configuration:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:amq="http://activemq.apache.org/schema/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd"> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <value>file:${activemq.base}/conf/credentials.properties</value> </property> </bean> <broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.base}/data" destroyApplicationContextOnStop="true"> <destinationPolicy> <policyMap> <policyEntries> <policyEntry topic=">" producerFlowControl="true" memoryLimit="1mb"> <pendingSubscriberPolicy> <vmCursor></vmCursor> </pendingSubscriberPolicy> </policyEntry> <policyEntry queue=">" producerFlowControl="true" memoryLimit="1mb"> </policyEntry> </policyEntries> </policyMap> </destinationPolicy> <managementContext> <managementContext createConnector="false"></managementContext> </managementContext> <persistenceAdapter> <kahaDB directory="${activemq.base}/data/kahadb"></kahaDB> </persistenceAdapter> <sslContext> <sslContext keyStore="file:${activemq.base}/conf/broker.ks" keyStorePassword="password" trustStore="file:${activemq.base}/conf/broker.ts" trustStorePassword="password"></sslContext> </sslContext> <transportConnectors> <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"></transportConnector> <transportConnector name="ssl" uri="ssl://0.0.0.0:61617"></transportConnector> </transportConnectors> </broker> <import resource="jetty.xml"></import> </beans>
activemq-broker.xml configuration in FUSE ESB 4.3:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0" xmlns:amq="http://activemq.apache.org/schema/core"> <!-- Allows us to use system properties as variables in this configuration file --> <ext:property-placeholder></ext:property-placeholder> <bean id="activemqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory"> <property name="brokerURL" value="ssl://localhost:61617"></property> </bean> <bean id="pooledConnectionFactory" class="org.apache.activemq.pool.PooledConnectionFactory"> <property name="maxConnections" value="8"></property> <property name="connectionFactory" ref="activemqConnectionFactory"></property> </bean> <bean id="resourceManager" class="org.apache.activemq.pool.ActiveMQResourceManager" init-method="recoverResource"> <property name="transactionManager" ref="transactionManager"></property> <property name="connectionFactory" ref="activemqConnectionFactory"></property> <property name="resourceName" value="activemq.default"></property> </bean> <reference id="transactionManager" interface="javax.transaction.TransactionManager"></reference> <service ref="pooledConnectionFactory" interface="javax.jms.ConnectionFactory"> <service-properties> <entry key="name" value="localhost"></entry> </service-properties> </service> </blueprint>
I could start the Broker and the ESB without any exceptions.
http://fusesource.com/docs/broker/5.4/security/SSL-Tutorial.html
Christian