4 Replies Latest reply on Sep 23, 2013 5:50 PM by Justin Bertram

    JMS Over SSL (genericra.rar)

    Jiorgos Janik Newbie

      Hallo,

      does naybody know, how can I enable the genericra for SSL communication with a keystore and trustore?

        • 1. Re: JMS Over SSL (genericra.rar)
          Justin Bertram Master

          To what "genericra" are you referring specifically?

          • 2. Re: Re: JMS Over SSL (genericra.rar)
            Jiorgos Janik Newbie

            the third party rar adapter extends the genericra impl.

            The standard MDB

             

             

            <resource-adapter>
                                <archive>
                                    webm-jmsra.rar
                                </archive>
                                <transaction-support>XATransaction</transaction-support>
                                <config-property name="ProviderIntegrationMode">
                                    jndi
                                </config-property>
                                <config-property name="JndiProperties">
            <connection-definitions>
                                    <connection-definition class-name="com.sun.genericra.outbound.ManagedTopicConnectionFactory">
            

            is in this manner configured and I'm try to find out how is it possible to make it consume JMS messages over 2-way SSL. The   <config-property name="UserName"> and <config-property name="Password">

            are not enough since I need the keystore and trustore for the SSL.

            • 3. Re: JMS Over SSL (genericra.rar)
              xiang yingbing Master

              WHY NOT use Hornetq shipped with JBoss AS 7?

               

               

               

              jboss-messaging(HornetQ) SSL configuration in my standalone.xml:

              ...

                  <subsystem xmlns="urn:jboss:domain:messaging:1.3">
                      <hornetq-server>
                          <persistence-enabled>true</persistence-enabled>
                          <security-domain>nms-jaas-security-domain</security-domain>
                          <journal-file-size>102400</journal-file-size>
                          <journal-min-files>2</journal-min-files>

               

                          <connectors>
                              <netty-connector name="netty-ssl-connector" socket-binding="messaging">
                                  <param key="ssl-enabled" value="true"/>
                                  <param key="key-store-path" value="client.truststore"/>
                                  <param key="key-store-password" value="ybxiang_truststore_password"/>
                              </netty-connector>
                              <netty-connector name="netty-throughput" socket-binding="messaging-throughput">
                                  <param key="batch-delay" value="50"/>
                              </netty-connector>
                              <in-vm-connector name="in-vm" server-id="0"/>
                          </connectors>

               

                          <acceptors>
                              <netty-acceptor name="netty-ssl-acceptor" socket-binding="messaging">
                                  <param key="ssl-enabled" value="true"/>
                                  <param key="key-store-path" value="server.keystore"/>
                                  <param key="key-store-password" value="ybxiang_keystore_password"/>
                                  <param key="trust-store-path" value="client.truststore"/>
                                  <param key="trust-store-password" value="ybxiang_truststore_password"/>
                              </netty-acceptor>
                              <netty-acceptor name="netty-throughput" socket-binding="messaging-throughput">
                                  <param key="batch-delay" value="50"/>
                                  <param key="direct-deliver" value="false"/>
                              </netty-acceptor>
                              <in-vm-acceptor name="in-vm" server-id="0"/>
                          </acceptors>

               

                          <security-settings>
                              <security-setting match="#">
                                  <permission type="send" roles="admin jms_sender"/>
                                  <permission type="consume" roles="admin jms_consumer"/>
                                  <permission type="createDurableQueue" roles="admin jms_DurableQueue_creator"/>
                                  <permission type="deleteDurableQueue" roles="jms_DurableQueue_killer admin"/>
                                  <permission type="createNonDurableQueue" roles="admin jms_NonDurableQueue_creator"/>
                                  <permission type="deleteNonDurableQueue" roles="jms_NonDurableQueue_killer admin"/>
                              </security-setting>
                          </security-settings>

               

                          <address-settings>
                              <address-setting match="#">
                                  <dead-letter-address>jms.queue.DLQ</dead-letter-address>
                                  <expiry-address>jms.queue.ExpiryQueue</expiry-address>
                                  <redelivery-delay>0</redelivery-delay>
                                  <max-size-bytes>10485760</max-size-bytes>
                                  <address-full-policy>BLOCK</address-full-policy>
                                  <message-counter-history-day-limit>10</message-counter-history-day-limit>
                              </address-setting>
                          </address-settings>

               

                          <jms-connection-factories>
                              <connection-factory name="InVmConnectionFactory">
                                  <connectors>
                                      <connector-ref connector-name="in-vm"/>
                                  </connectors>
                                  <entries>
                                      <entry name="java:/ConnectionFactory"/>
                                  </entries>
                              </connection-factory>
                              <connection-factory name="RemoteConnectionFactory">
                                  <connectors>
                                      <connector-ref connector-name="netty-ssl-connector"/>
                                  </connectors>
                                  <entries>
                                      <entry name="java:jboss/exported/jms/RemoteConnectionFactory"/>
                                  </entries>
                              </connection-factory>
                              <pooled-connection-factory name="hornetq-ra">
                                  <transaction mode="xa"/>
                                  <connectors>
                                      <connector-ref connector-name="in-vm"/>
                                  </connectors>
                                  <entries>
                                      <entry name="java:/JmsXA"/>
                                  </entries>
                              </pooled-connection-factory>
                          </jms-connection-factories>

               

                          <jms-destinations>
                              <jms-queue name="testQueue">
                                  <entry name="queue/test"/>
                                  <entry name="java:jboss/exported/jms/queue/test"/>
                              </jms-queue>
                              <jms-topic name="testTopic">
                                  <entry name="topic/test"/>
                                  <entry name="java:jboss/exported/jms/topic/test"/>
                              </jms-topic>
                              <jms-topic name="nmsSOETopic">
                                  <entry name="topic/nmsSOE"/>
                                  <entry name="java:jboss/exported/jms/topic/nmsSOE"/>
                              </jms-topic>
                          </jms-destinations>
                      </hornetq-server>
                  </subsystem>
              • 4. Re: JMS Over SSL (genericra.rar)
                Justin Bertram Master

                Whether or not this RA can do 2-way SSL is a question you'll need to ask the people who wrote/support this RA.  This is not really a Wildfly issue.