9 Replies Latest reply on Jan 26, 2011 5:29 AM by wlsi

    ESB ActiveMQ-based Message Broker with SSL

    blablablabla
    blablablabla Jan 17, 2011 10:48 AM

      Hi there,

       

      I've been having trouble setting up ssl transportConnector in ActiveMQ-based message broker within Fuse ESB - for some reason I keep getting the following exception:

       

      org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'sslContext'. One of '{"http://activemq.apache.org/schema/core":taskRunnerFactory, "http://activemq.apache.org/schema/core":tempDataStore, "http://activemq.apache.org/schema/core":transportConnectorURIs, "http://activemq.apache.org/schema/core":transportConnectors, WC[##other:"http://activemq.apache.org/schema/core"]}' is expected.

       

      The only thing I changed in the {$karaf.home}/etc/activemq-broker.xml file was adding this:

       

              *

                  <transportConnector name="ssl" uri="ssl://0.0.0.0:61617"/>

               

       

      Edited by: blablablabla on Jan 17, 2011 3:22 PM

       

      Edited by: blablablabla on Jan 17, 2011 3:47 PM

      • 712 Views
      • Tags:
        • 1. Re: ESB ActiveMQ-based Message Broker with SSL
          davsclaus
          davsclaus Jan 17, 2011 11:09 AM (in response to blablablabla)

          Hi

           

          You have put it into the right spot. I think the XSD is ordered A..Z. So you gotta insert the xml tags alphabetical.

           

          And what version of Fuse ESB are you using?

            • Actions
          • 2. Re: ESB ActiveMQ-based Message Broker with SSL
            blablablabla
            blablablabla Jan 18, 2011 4:48 AM (in response to davsclaus)

            You're right, man! It was all about the alphabetical ordering of tags within the . My current sslContext looks like this:

             

             

             

            Howerver, there is still one little problem:

             

            java.io.FileNotFoundException: OSGi resource[/opt/sia/apache-servicemix-4.2.0-fuse/etc/mybroker.ks|bnd.id=68|bnd.sym=activemq-broker.xml] cannot be resolved to URL because it does not exist

                    at org.springframework.osgi.io.OsgiBundleResource.getURL(OsgiBundleResource.java:228)

                    at org.springframework.osgi.io.OsgiBundleResource.getInputStream(OsgiBundleResource.java:180)

                    at org.apache.activemq.spring.SpringSslContext.createKeyManagerKeyStore(SpringSslContext.java:118)

                    at org.apache.activemq.spring.SpringSslContext.createKeyManagers(SpringSslContext.java:87)

                    at org.apache.activemq.spring.SpringSslContext.afterPropertiesSet(SpringSslContext.java:64)

                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                    at java.lang.reflect.Method.invoke(Unknown Source)

                    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:297)

                    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:250

             

            I mean, of course there is no file

            /opt/sia/apache-servicemix-4.2.0-fuse/etc/mybroker.ks|bnd.id=68|bnd.sym=activemq-broker.xml

            but there is definitely a file called /opt/sia/apache-servicemix-4.2.0-fuse/etc/mybroker.ks

             

            any ideas? thanks in advance,

             

            peter

             

            p.s. I tried different locations of the files already - within and beyond {karaf.home}. unfortunately, it does not seem to make any difference to fuse

             

            Edited by: blablablabla on Jan 18, 2011 9:48 AM

              • Actions
            • 3. Re: ESB ActiveMQ-based Message Broker with SSL
              davsclaus
              davsclaus Jan 18, 2011 6:47 AM (in response to blablablabla)

              Can you try with the latest release of the Fuse ESB as we keep improving the product in each version, especially in terms of OSGi related issues.

                • Actions
              • 4. Re: ESB ActiveMQ-based Message Broker with SSL
                muellerc
                muellerc Jan 25, 2011 4:54 PM (in response to davsclaus)

                Hello!

                 

                This is still an issue in FUSE ESB 4.3 (see stacktrace) and really bad for my company. We use multiple Brokers located in different countries and we have to secure our connections.

                Does anyone have a workaround for this issue? Preferred in FUSE ESB 4.2.

                 

                The only possible solution I can imagine is to use the Broker as a standalone Broker (not embedded in FUSE ESB)...

                 

                22:41:22,132 | ERROR | rint Extender: 3 | BlueprintContainerImpl           | container.BlueprintContainerImpl  342 | 7 - org.apache.aries.blueprint - 0.2.0.incubating | Unable to start blueprint container for bundle activemq-broker.xml
org.osgi.service.blueprint.container.ComponentDefinitionException: Error setting property: PropertyDescriptor <name: keyStore, getter: public org.springframework.core.io.Resource org.apache.activemq.spring.SpringSslContext.getKeyStore(), setter: [public void org.apache.activemq.spring.SpringSslContext.setKeyStore(org.springframework.core.io.Resource)]
     at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:827)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:793)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:774)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:740)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:819)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:793)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BeanRecipe.setProperties(BeanRecipe.java:774)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:740)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:219)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:147)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:624)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:315)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:213)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)[:1.6.0_22]
     at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)[:1.6.0_22]
     at java.util.concurrent.FutureTask.run(FutureTask.java:138)[:1.6.0_22]
     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:98)[:1.6.0_22]
     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:206)[:1.6.0_22]
     at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)[:1.6.0_22]
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)[:1.6.0_22]
     at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
Caused by: java.lang.Exception: Unable to convert value /Applications/apache-servicemix-4.3.0-fuse-03-00/etc/mybroker.ks to type interface org.springframework.core.io.Resource. Type interface org.springframework.core.io.Resource is an interface or an abstract class
     at org.apache.aries.blueprint.container.AggregateConverter.createObject(AggregateConverter.java:286)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.AggregateConverter.convertFromString(AggregateConverter.java:280)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.AggregateConverter.convert(AggregateConverter.java:151)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BlueprintRepository.convert(BlueprintRepository.java:373)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor.convert(ReflectionUtils.java:318)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.utils.ReflectionUtils$MethodPropertyDescriptor.internalSet(ReflectionUtils.java:416)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.utils.ReflectionUtils$PropertyDescriptor.set(ReflectionUtils.java:302)[7:org.apache.aries.blueprint:0.2.0.incubating]
     at org.apache.aries.blueprint.container.BeanRecipe.setProperty(BeanRecipe.java:825)[7:org.apache.aries.blueprint:0.2.0.incubating]
     ... 22 more

                 

                Thanks in advance,

                Christian

                  • Actions
                • 5. Re: ESB ActiveMQ-based Message Broker with SSL
                  muellerc
                  muellerc Jan 25, 2011 5:02 PM (in response to muellerc)

                  I also tryied to prefix the resource with "file:", but got the same exception:

                   

                  <sslContext>
  <sslContext keyStore="file:${karaf.base}/etc/mybroker.ks"
    keyStorePassword="test123"
    trustStore="file:${karaf.base}/etc/mybroker.ts"
    trustStorePassword="test123"></sslContext>
</sslContext>

                   

                  I use the sslContext configuration from the "ActiveMQ in Action" book and copied the broker.ks and broker.ts from my apache-activemq-5.4.2-fuse-00-00 installation.

                   

                  Christian

                    • Actions
                  • 6. Re: ESB ActiveMQ-based Message Broker with SSL
                    muellerc
                    muellerc Jan 25, 2011 5:34 PM (in response to muellerc)

                    I have no luck to configure apache-activemq-5.4.2-fuse-00-00 with ssl. It starts and stops immediately without any log entry. Damm...

                     

                    My configuration was:

                     

                            <sslContext>
            <sslContext keyStore="${activemq.base}/etc/mybroker.ks"
                keyStorePassword="test123"></sslContext>
        </sslContext>

        <transportConnectors>
            <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"></transportConnector>
            <transportConnector name="ssl" uri="ssl://0.0.0.0:61617"></transportConnector>
        </transportConnectors>

                     

                    Christian

                      • Actions
                    • 7. Re: ESB ActiveMQ-based Message Broker with SSL
                      davsclaus
                      davsclaus Jan 26, 2011 1:50 AM (in response to muellerc)

                      There is a AMQ security guide

                      http://fusesource.com/docs/broker/5.4/security/index.html

                       

                      And an ESB security guide

                      http://fusesource.com/docs/esb/4.3/esb_security/index.html

                       

                      There may be details in those that can help.

                       

                      If you have a FuseSource subscription you can use those channels to get help faster and people active helping you out.

                        • Actions
                      • 8. Re: ESB ActiveMQ-based Message Broker with SSL
                        wlsi
                        wlsi Jan 26, 2011 5:06 AM (in response to davsclaus)

                        Thanks for the links. I used the configuration described in to configure my default activemq-broker.xml to use SSL without any luck. I got the same exception.

                        I raised a 'private' JIRA for it .

                         

                        http://fusesource.com/docs/esb/4.3/esb_security/SecureBroker-SSL.html

                        http://fusesource.com/issues/browse/DEV-2921

                         

                        Christian

                          • Actions
                        • 9. Re: ESB ActiveMQ-based Message Broker with SSL
                          wlsi
                          wlsi Jan 26, 2011 5:29 AM (in response to davsclaus)

                          I had success to configure a standalone ActiveMQ Broker with help from this tutorial :

                           

                          ActiveMQ Broker configuration:

                          <beans
  xmlns="http://www.springframework.org/schema/beans"
  xmlns:amq="http://activemq.apache.org/schema/core"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">

    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="locations">
            <value>file:${activemq.base}/conf/credentials.properties</value>
        </property>      
    </bean>

    <broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.base}/data" destroyApplicationContextOnStop="true">
              
        <destinationPolicy>
            <policyMap>
              <policyEntries>
                <policyEntry topic=">" producerFlowControl="true" memoryLimit="1mb">
                  <pendingSubscriberPolicy>
                    <vmCursor></vmCursor>
                  </pendingSubscriberPolicy>
                </policyEntry>
                <policyEntry queue=">" producerFlowControl="true" memoryLimit="1mb">
                </policyEntry>
              </policyEntries>
            </policyMap>
        </destinationPolicy>         

        <managementContext>
            <managementContext createConnector="false"></managementContext>
        </managementContext>

        <persistenceAdapter>
            <kahaDB directory="${activemq.base}/data/kahadb"></kahaDB>
        </persistenceAdapter>

          
        <sslContext>
            <sslContext keyStore="file:${activemq.base}/conf/broker.ks"
                        keyStorePassword="password"
                        trustStore="file:${activemq.base}/conf/broker.ts"
                        trustStorePassword="password"></sslContext>
        </sslContext>

        <transportConnectors>
            <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"></transportConnector>
            <transportConnector name="ssl" uri="ssl://0.0.0.0:61617"></transportConnector>
        </transportConnectors>

    </broker>

    <import resource="jetty.xml"></import>
    
</beans>

                           

                          activemq-broker.xml configuration in FUSE ESB 4.3:

                          <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
           xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"
           xmlns:amq="http://activemq.apache.org/schema/core">

    <!-- Allows us to use system properties as variables in this configuration file -->
    <ext:property-placeholder></ext:property-placeholder>

    <bean id="activemqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">

        <property name="brokerURL" value="ssl://localhost:61617"></property>
    </bean>

    <bean id="pooledConnectionFactory" class="org.apache.activemq.pool.PooledConnectionFactory">
        <property name="maxConnections" value="8"></property>
        <property name="connectionFactory" ref="activemqConnectionFactory"></property>
    </bean>

    <bean id="resourceManager" class="org.apache.activemq.pool.ActiveMQResourceManager" init-method="recoverResource">
          <property name="transactionManager" ref="transactionManager"></property>
          <property name="connectionFactory" ref="activemqConnectionFactory"></property>
          <property name="resourceName" value="activemq.default"></property>
    </bean>

    <reference id="transactionManager" interface="javax.transaction.TransactionManager"></reference>

    <service ref="pooledConnectionFactory" interface="javax.jms.ConnectionFactory">
        <service-properties>
            <entry key="name" value="localhost"></entry>
        </service-properties>
    </service>
</blueprint>

                           

                          I could start the Broker and the ESB without any exceptions.

                           

                          http://fusesource.com/docs/broker/5.4/security/SSL-Tutorial.html

                           

                          Christian

                            • Actions