12 Replies Latest reply on Aug 30, 2017 11:24 AM by Justin Bertram

    HornetQ ssl connection receiver MDB

    ravi narayanan Expert

      Hi all,

      we are trying to connect to remote HornetQ server to get the messages from queue using SSL connection from another application in Jboss EAP 6.4.

      HornerQ server 2.3.5 is running in Jboss EAP 6.1

       

       

      Hornetq Server configuration is as below.

       

      Connector config:

      <connector name="netty-ssl" socket-binding="ssl-messaging">
        <param key="ssl-enabled" value="true"/>
        <param key="trust-store-path" value="<JBOSS_HOME>/opt/security/truststore.jks"/>
        <param key="trust-store-password" value="changeit"/>
        </connector>

       

      Acceptor config:

      <acceptor name="netty-ssl" socket-binding="ssl-messaging">
        <param key="ssl-enabled" value="true"/>
        <param key="key-store-path" value="<JBOSS_HOME>//opt/security/keystore.jks"/>
        <param key="key-store-password" value="p@ssw0rd"/>
        </acceptor>

       

      Port config:

      <socket-binding name="ssl-messaging" port="25014"/>

       

      Connection factor settings.

       

        <connection-factory name="SSLRemoteConnectionFactory">
        <connectors>
        <connector-ref connector-name="netty-ssl"/>
        </connectors>
        <entries>
        <entry name="java:jboss/exported/jms/SSLRemoteConnectionFactory"/>
        </entries>
        </connection-factory>

       

       

      In client side we have done the below configuration:

       

      for sending the messages we are doing a remote jndi lookp for the SSLRemoteConnectionFactory and the connection is working perfectly fine.

       

      for receiving message we have usedMDB to listen remote server queue.

       

      MDB configuration is as below ejb-jar.xml.

      <message-driven xmlns="" id="MessageDriven_ClientAppACKListener">

        <description>Message Driven Bean for JMS Listener ClientAppACKListener</description>

        <ejb-name>ClientAppACKListener</ejb-name>

        <ejb-class>com.pega.pegarules.internal.etier.mdb.PRJMSListenerBoot</ejb-class>

        <messaging-type>javax.jms.MessageListener</messaging-type>

        <transaction-type>Bean</transaction-type>

        <message-destination-type>javax.jms.Queue</message-destination-type>

        <activation-config>

        <activation-config-property>

        <activation-config-property-name>destinationType</activation-config-property-name>

        <activation-config-property-value>javax.jms.Queue</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>destination</activation-config-property-name>

        <activation-config-property-value>POLICY.ACK</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>connectorClassName</activation-config-property-name>

        <activation-config-property-value>org.hornetq.core.remoting.impl.netty.NettyConnectorFactory</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>connectionParameters</activation-config-property-name>

        <activation-config-property-value>host=sl055542.domain.org;port=25014</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>user</activation-config-property-name>

        <activation-config-property-value>guest</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>password</activation-config-property-name>

        <activation-config-property-value>guest@123</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>maxSession</activation-config-property-name>

        <activation-config-property-value>2</activation-config-property-value>

        </activation-config-property>

        </activation-config>

        <env-entry>

        <env-entry-name>PRListener</env-entry-name>

        <env-entry-type>java.lang.String</env-entry-type>

        <env-entry-value>ClientAppACKListener</env-entry-value>

        </env-entry>

        <env-entry>

        <env-entry-name>UseCMT</env-entry-name>

        <env-entry-type>java.lang.String</env-entry-type>

        <env-entry-value>false</env-entry-value>

        </env-entry>

        <ejb-local-ref id="EJBLocalRef_ClientAppACKListener_EngineBMTLocal">

        <description/>

        <ejb-ref-name>ejb/EngineBMTLocal</ejb-ref-name>

        <ejb-ref-type>Session</ejb-ref-type>

        <local-home>com.pega.pegarules.internal.etier.interfaces.EngineLocalHome</local-home>

        <local>com.pega.pegarules.internal.etier.interfaces.EngineLocal</local>

        <ejb-link>EngineBMT</ejb-link>

        </ejb-local-ref>

        <ejb-local-ref id="EJBLocalRef_ClientAppACKListener_EngineCMTLocal">

        <description/>

        <ejb-ref-name>ejb/EngineCMTLocal</ejb-ref-name>

        <ejb-ref-type>Session</ejb-ref-type>

        <local-home>com.pega.pegarules.internal.etier.interfaces.EngineLocalHome</local-home>

        <local>com.pega.pegarules.internal.etier.interfaces.EngineLocal</local>

        <ejb-link>EngineCMT</ejb-link>

        </ejb-local-ref>

        </message-driven>

       

       

      We are unable to connect to HornetQ and we are getting the exception HornetQException[errorType=CONNECTION_TIMEDOUT message=HQ119013: Timed out waiting to receive cluster topology. Group:null]

      Can you please let us know what is wrong with our configuration.Non SSL connections are working perfectly fine.

       

      Message was edited by: ravi narayanan

        • 1. Re: HornetQ ssl connection receiver MDB
          Justin Bertram Master

          Couple of things:

          • Your ejb-jar.xml refers to "ConnectionParametes" which is not a valid activation configuration property.  The proper name is "ConnectionParameters" (notice the 'r' near the end).
          • You have not specified ssl-enabled=true or the proper trust-store-path or trust-store-password in your ejb-jar.xml.  Therefore the MDB will not be able to connect via SSL.
          • For sending messages I would recommend you configure a pooled-connection-factory to connect to the remote broker and use that instead of the "SSLRemoteConnectionFactory" one you have configured now.
          • 2. Re: HornetQ ssl connection receiver MDB
            ravi narayanan Expert

            Hello Justin,

            1.)Apologies regarding the point 1 it is typo i have corrected it my original post .

            2.)Can you please tell me the activation config property for  ssl-enabled=true or the proper trust-store-path or trust-store-password in  ejb-jar.xml iam not ale to find in internet.An example will be really helpful.

            3.)What are the advantages of configuring the pooled-connection-factory to connect to the remote broker instead of the current implementation remote JNDI lookp to "SSLRemoteConnectionFactory" i would need a valid reason to convince my team since this connection is already working.

            Thanks in advance.

            • 3. Re: HornetQ ssl connection receiver MDB
              Justin Bertram Master

              You specify the SSL related configuration in the MDB's "ConnectionParameters" activation configuration property as key=value pairs separated by a semi-colon just like host and port.

               

              The main advantages of using a pooled-connection-factory are...

              1. Pooling.  If you're managing your own pool of connections then the built-in pooling functionality of the pooled-connection-factory will simplify your code.  If you aren't managing your own pool of connections and rather actually creating a physical connection every time you send a message then the pooled-connection-factory will save you from this terrible, performance-killing anti-pattern.
              2. Automatic JTA transaction enlistment.  I doubt you're using JTA transactions as manually working with the transaction manager and enlisting your resources would be crazy, but it's worth noting that if you ever needed to use JTA transactions it's really easy.
              3. Easy configuration & management.  It's super easy to change the configuration of the pooled-connection-factory via XML or other management interface.  This makes it simple to change the size of the pool, what host and port the pool connects to, etc.
              1 of 1 people found this helpful
              • 4. Re: HornetQ ssl connection receiver MDB
                ravi narayanan Expert

                Hi Justin,

                 

                Thanks for your reply:

                 

                for the SSL related configuration do you mean something like this?

                 

                <activation-config-property-name>connectionParameters</activation-config-property-name>

                  <activation-config-property-value>host=sl055542.agcs.allianz;port=25014;ssl-enabled=true;trust-store-path=/opt/jboss/ServerTruststore.jks;trust-store-password=changeit</activation-config-property-value>

                  </activation-config-property>

                 

                And for the  HornetQException[errorType=CONNECTION_TIMEDOUT message=HQ119013: Timed out waiting to receive cluster topology. Group:null] in Redhat solutions they tell it might be be because of version mismatch between client and server do you have any view on it?

                 

                Client fails with Error: HornetQConnectionTimedOutException[errorType=CONNECTION_TIMEDOUT message=HQ119013: Timed out wa…

                 

                • 5. Re: HornetQ ssl connection receiver MDB
                  ravi narayanan Expert

                  Dear Justin,

                  i have asked my team to try with the above ssl configuration parameter.

                  can you please confirm if it is correct?

                  thanks in advance...

                  • 6. Re: HornetQ ssl connection receiver MDB
                    Justin Bertram Master

                    Yes, that looks correct to me.

                    • 7. Re: HornetQ ssl connection receiver MDB
                      ravi narayanan Expert

                      Hello Justin,

                      As per your below recommendations 

                       

                      For sending messages I would recommend you configure a pooled-connection-factory to connect to the remote broker and use that instead of the "SSLRemoteConnectionFactory" one you have configured now.

                       

                      Iam planning to implement the pooled-connection-factory,i have below queries

                       

                      1.) can you please confirm if the below configuration is correct. A sample configuration will be really helpful.

                       

                       

                      <pooled-connection-factory name="hornetq-ra">

                                        <min-pool-size>5</min-pool-size>

                                       <max-pool-size>100</max-pool-size>

                                              <transaction mode="xa"/>

                                              <connectors>

                                                  <connector-ref connector-name="netty-ssl"/>

                                              </connectors>

                                              <entries>

                                                  <entry name="java:jboss/exported/jms/SSLRemoteConnectionFactory"/>

                                              </entries>

                      </pooled-connection-factory>

                       

                      2.) Once the pooled connection factory is defined can i do a remote JNDI lookup to the pooled connection factory defined.

                       

                       

                       

                       

                       

                      • 8. Re: HornetQ ssl connection receiver MDB
                        Justin Bertram Master

                        I may have misunderstood what you were using the SSLRemoteConnectionFactory for.  I assumed that your MDB was using it to send messages.  If that's the case, then the <pooled-connection-factory> should be configured on the server where the MDB is hosted.  JCA-based connection factories like the <pooled-connection-factory> cannot be looked up and used by remote clients.

                        • 9. Re: HornetQ ssl connection receiver MDB
                          ravi narayanan Expert

                          Dear Justin,

                           

                          We are not using MDBs for sending messages we are currently doing a remote JNDI lookup to SSLRemoteConnectionFactory .

                          • 10. Re: HornetQ ssl connection receiver MDB
                            Justin Bertram Master

                            But both the "client" and "server" are running in JBoss EAP, right?

                            • 11. Re: HornetQ ssl connection receiver MDB
                              ravi narayanan Expert

                              Yes Client runs in Jboss EAP 6.4 and Server runs in Jboss EAP 6.1 in Different server.

                              • 12. Re: HornetQ ssl connection receiver MDB
                                Justin Bertram Master

                                Since the client is running JBoss EAP 6.4 then you'd want to configure a local <pooled-connection-factory> to point to the remote JBoss EAP 6.1 server.  Then your client would use that <pooled-connection-factory> to send messages.