I have a clustered 2-node JBoss AS 7.1.1.Final (full-ha) running with some MDBs behind HornetQ. The MDBs are receiving JMS-messages sent from a client-desktop application from a different computer. The clients to not have theire own HornetQ Server-instances, they connect to the Servers running on JBoss-nodes. On the client side I get connected to a HornetQ Server with the following code:
DiscoveryGroupConfiguration dgc = new DiscoveryGroupConfiguration("22.214.171.124", 9876);
cf = HornetQJMSClient.createConnectionFactoryWithHA(dgc, JMSFactoryType.CF);
connection = cf.createConnection("guest", "password!1");
(create session, producer etc)
All works very nicely as such, but now I need to switch to using SSL Transport and authenticate the server with a certificate so that the client knows that it's connecting to a proper server.
I guess that the approach for configuring SSL for netty would be roughly something like (judging from the code that I've found on the net):
Map<String, Object> connectionParams = new HashMap<String, Object>();
(+ something else maybe)
TransportConfiguration transportConfiguration = new TransportConfiguration("org.hornetq.core.remoting.impl.netty.NettyConnectorFactory", connectionParams);
ServerLocator locator = HornetQClient.createServerLocatorWithHA(transportConfiguration);
ClientSessionFactory sessionFactory = locator.createSessionFactory();
But now there is no UDP-autodiscovery which is a requirement in our dynamic environment for locating services from the client.
The server side configuration looks ok, plenty of examples on the net, but how do I configure Netty SSL Transport on the client side with just code? I don't understand how to integrate the TransportConfiguration + DiscoveryGroupConfiguration usage to enable SSL with auto-discovered HornetQ Server cluster???
I can imagine that ServerLocator (or some other cluster change listener) is using DiscoveryGroupConfiguration to discover HornetQ Servers and then instantiating NettyConnectors from some internal NettyConnectorFactoryInstance (when cluster nodes are discovered) that I don't have access to and it spits out non-SSL NettyConnectors. Somehow I should be able to configure a specific NettyConnectorFactory-instance and convince the locator to use it when auto-discovering a new HQ Server node, right? How?
(Using HornetQ 2.2.19.Final on the client side)