12 Replies Latest reply on Aug 30, 2017 11:24 AM by jbertram

HornetQ ssl connection receiver MDB

ravi21588 Aug 1, 2017 4:52 AM

Hi all,

we are trying to connect to remote HornetQ server to get the messages from queue using SSL connection from another application in Jboss EAP 6.4.

HornerQ server 2.3.5 is running in Jboss EAP 6.1

Hornetq Server configuration is as below.

Connector config:

<connector name="netty-ssl" socket-binding="ssl-messaging"> <param key="ssl-enabled" value="true"/> <param key="trust-store-path" value="<JBOSS_HOME>/opt/security/truststore.jks"/> <param key="trust-store-password" value="changeit"/> </connector>

Acceptor config:

<acceptor name="netty-ssl" socket-binding="ssl-messaging"> <param key="ssl-enabled" value="true"/> <param key="key-store-path" value="<JBOSS_HOME>//opt/security/keystore.jks"/> <param key="key-store-password" value="p@ssw0rd"/> </acceptor>

Port config:

<socket-binding name="ssl-messaging" port="25014"/>

Connection factor settings.

<connection-factory name="SSLRemoteConnectionFactory"> <connectors> <connector-ref connector-name="netty-ssl"/> </connectors> <entries> <entry name="java:jboss/exported/jms/SSLRemoteConnectionFactory"/> </entries> </connection-factory>

In client side we have done the below configuration:

for sending the messages we are doing a remote jndi lookp for the SSLRemoteConnectionFactory and the connection is working perfectly fine.

for receiving message we have usedMDB to listen remote server queue.

MDB configuration is as below ejb-jar.xml.

<message-driven xmlns="" id="MessageDriven_ClientAppACKListener">

<description>Message Driven Bean for JMS Listener ClientAppACKListener</description>

<ejb-name>ClientAppACKListener</ejb-name>

<ejb-class>com.pega.pegarules.internal.etier.mdb.PRJMSListenerBoot</ejb-class>

<messaging-type>javax.jms.MessageListener</messaging-type>

<transaction-type>Bean</transaction-type>

<message-destination-type>javax.jms.Queue</message-destination-type>

<activation-config>

<activation-config-property>

<activation-config-property-name>destinationType</activation-config-property-name>

<activation-config-property-value>javax.jms.Queue</activation-config-property-value>

</activation-config-property>

<activation-config-property>

<activation-config-property-name>destination</activation-config-property-name>

<activation-config-property-value>POLICY.ACK</activation-config-property-value>

</activation-config-property>

<activation-config-property>

<activation-config-property-name>connectorClassName</activation-config-property-name>

<activation-config-property-value>org.hornetq.core.remoting.impl.netty.NettyConnectorFactory</activation-config-property-value>

</activation-config-property>

<activation-config-property>

<activation-config-property-name>connectionParameters</activation-config-property-name>

<activation-config-property-value>host=sl055542.domain.org;port=25014</activation-config-property-value>

</activation-config-property>

<activation-config-property>

<activation-config-property-name>user</activation-config-property-name>

<activation-config-property-value>guest</activation-config-property-value>

</activation-config-property>

<activation-config-property>

<activation-config-property-name>password</activation-config-property-name>

<activation-config-property-value>guest@123</activation-config-property-value>

</activation-config-property>

<activation-config-property>

<activation-config-property-name>maxSession</activation-config-property-name>

<activation-config-property-value>2</activation-config-property-value>

</activation-config-property>

</activation-config>

<env-entry>

<env-entry-name>PRListener</env-entry-name>

<env-entry-type>java.lang.String</env-entry-type>

<env-entry-value>ClientAppACKListener</env-entry-value>

</env-entry>

<env-entry>

<env-entry-name>UseCMT</env-entry-name>

<env-entry-type>java.lang.String</env-entry-type>

<env-entry-value>false</env-entry-value>

</env-entry>

<ejb-local-ref id="EJBLocalRef_ClientAppACKListener_EngineBMTLocal">

<ejb-ref-name>ejb/EngineBMTLocal</ejb-ref-name>

<ejb-ref-type>Session</ejb-ref-type>

<local-home>com.pega.pegarules.internal.etier.interfaces.EngineLocalHome</local-home>

<local>com.pega.pegarules.internal.etier.interfaces.EngineLocal</local>

<ejb-link>EngineBMT</ejb-link>

</ejb-local-ref>

<ejb-local-ref id="EJBLocalRef_ClientAppACKListener_EngineCMTLocal">

<ejb-ref-name>ejb/EngineCMTLocal</ejb-ref-name>

<ejb-ref-type>Session</ejb-ref-type>

<local-home>com.pega.pegarules.internal.etier.interfaces.EngineLocalHome</local-home>

<local>com.pega.pegarules.internal.etier.interfaces.EngineLocal</local>

<ejb-link>EngineCMT</ejb-link>

</ejb-local-ref>

</message-driven>

We are unable to connect to HornetQ and we are getting the exception HornetQException[errorType=CONNECTION_TIMEDOUT message=HQ119013: Timed out waiting to receive cluster topology. Group:null]

Can you please let us know what is wrong with our configuration.Non SSL connections are working perfectly fine.

Message was edited by: ravi narayanan

1. Re: HornetQ ssl connection receiver MDB

jbertram Jul 26, 2017 6:17 PM (in response to ravi21588)
Couple of things:
Your ejb-jar.xml refers to "ConnectionParametes" which is not a valid activation configuration property. The proper name is "ConnectionParameters" (notice the 'r' near the end).
You have not specified ssl-enabled=true or the proper trust-store-path or trust-store-password in your ejb-jar.xml. Therefore the MDB will not be able to connect via SSL.
For sending messages I would recommend you configure a pooled-connection-factory to connect to the remote broker and use that instead of the "SSLRemoteConnectionFactory" one you have configured now.
Actions
2. Re: HornetQ ssl connection receiver MDB

ravi21588 Jul 27, 2017 2:01 AM (in response to jbertram)

Hello Justin,
1.)Apologies regarding the point 1 it is typo i have corrected it my original post .
2.)Can you please tell me the activation config property for ssl-enabled=true or the proper trust-store-path or trust-store-password in ejb-jar.xml iam not ale to find in internet.An example will be really helpful.
3.)What are the advantages of configuring the pooled-connection-factory to connect to the remote broker instead of the current implementation remote JNDI lookp to "SSLRemoteConnectionFactory" i would need a valid reason to convince my team since this connection is already working.
Thanks in advance.
Actions
3. Re: HornetQ ssl connection receiver MDB

jbertram Jul 27, 2017 12:10 PM (in response to ravi21588)
You specify the SSL related configuration in the MDB's "ConnectionParameters" activation configuration property as key=value pairs separated by a semi-colon just like host and port.

The main advantages of using a pooled-connection-factory are...
Pooling. If you're managing your own pool of connections then the built-in pooling functionality of the pooled-connection-factory will simplify your code. If you aren't managing your own pool of connections and rather actually creating a physical connection every time you send a message then the pooled-connection-factory will save you from this terrible, performance-killing anti-pattern.
Automatic JTA transaction enlistment. I doubt you're using JTA transactions as manually working with the transaction manager and enlisting your resources would be crazy, but it's worth noting that if you ever needed to use JTA transactions it's really easy.
Easy configuration & management. It's super easy to change the configuration of the pooled-connection-factory via XML or other management interface. This makes it simple to change the size of the pool, what host and port the pool connects to, etc.
1 of 1 people found this helpful
Actions
4. Re: HornetQ ssl connection receiver MDB

ravi21588 Jul 27, 2017 12:26 PM (in response to jbertram)

Hi Justin,

Thanks for your reply:

for the SSL related configuration do you mean something like this?

<activation-config-property-name>connectionParameters</activation-config-property-name>
<activation-config-property-value>host=sl055542.agcs.allianz;port=25014;ssl-enabled=true;trust-store-path=/opt/jboss/ServerTruststore.jks;trust-store-password=changeit</activation-config-property-value>
</activation-config-property>

And for the HornetQException[errorType=CONNECTION_TIMEDOUT message=HQ119013: Timed out waiting to receive cluster topology. Group:null] in Redhat solutions they tell it might be be because of version mismatch between client and server do you have any view on it?

Client fails with Error: HornetQConnectionTimedOutException[errorType=CONNECTION_TIMEDOUT message=HQ119013: Timed out wa…
Actions
5. Re: HornetQ ssl connection receiver MDB

ravi21588 Jul 31, 2017 2:39 AM (in response to ravi21588)

Dear Justin,
i have asked my team to try with the above ssl configuration parameter.
can you please confirm if it is correct?
thanks in advance...
Actions
6. Re: HornetQ ssl connection receiver MDB

jbertram Jul 31, 2017 6:19 PM (in response to ravi21588)

Yes, that looks correct to me.
Actions
7. Re: HornetQ ssl connection receiver MDB

ravi21588 Aug 30, 2017 5:41 AM (in response to jbertram)

Hello Justin,
As per your below recommendations

For sending messages I would recommend you configure a pooled-connection-factory to connect to the remote broker and use that instead of the "SSLRemoteConnectionFactory" one you have configured now.

Iam planning to implement the pooled-connection-factory,i have below queries

1.) can you please confirm if the below configuration is correct. A sample configuration will be really helpful.

<pooled-connection-factory name="hornetq-ra">
                  <min-pool-size>5</min-pool-size>
                 <max-pool-size>100</max-pool-size>
                        <transaction mode="xa"/>
                        <connectors>
                            <connector-ref connector-name="netty-ssl"/>
                        </connectors>
                        <entries>
                            <entry name="java:jboss/exported/jms/SSLRemoteConnectionFactory"/>
                        </entries>
</pooled-connection-factory>

2.) Once the pooled connection factory is defined can i do a remote JNDI lookup to the pooled connection factory defined.

HornetQ ssl connection receiver MDB
Actions
8. Re: HornetQ ssl connection receiver MDB

jbertram Aug 30, 2017 10:17 AM (in response to ravi21588)

I may have misunderstood what you were using the SSLRemoteConnectionFactory for. I assumed that your MDB was using it to send messages. If that's the case, then the <pooled-connection-factory> should be configured on the server where the MDB is hosted. JCA-based connection factories like the <pooled-connection-factory> cannot be looked up and used by remote clients.
Actions
9. Re: HornetQ ssl connection receiver MDB

ravi21588 Aug 30, 2017 10:50 AM (in response to jbertram)

Dear Justin,

We are not using MDBs for sending messages we are currently doing a remote JNDI lookup to SSLRemoteConnectionFactory .
Actions
10. Re: HornetQ ssl connection receiver MDB

jbertram Aug 30, 2017 10:55 AM (in response to ravi21588)

But both the "client" and "server" are running in JBoss EAP, right?
Actions
11. Re: HornetQ ssl connection receiver MDB

ravi21588 Aug 30, 2017 11:20 AM (in response to jbertram)

Yes Client runs in Jboss EAP 6.4 and Server runs in Jboss EAP 6.1 in Different server.
Actions
12. Re: HornetQ ssl connection receiver MDB

jbertram Aug 30, 2017 11:24 AM (in response to ravi21588)

Since the client is running JBoss EAP 6.4 then you'd want to configure a local <pooled-connection-factory> to point to the remote JBoss EAP 6.1 server. Then your client would use that <pooled-connection-factory> to send messages.
Actions

Go to original post