6 Replies Latest reply on Jul 31, 2017 6:19 PM by Justin Bertram

    HornetQ ssl connection receiver MDB

    ravi narayanan Expert

      Hi all,

      we are trying to connect to remote HornetQ server to get the messages from queue using SSL connection from another application in Jboss EAP 6.4.

      HornerQ server 2.3.5 is running in Jboss EAP 6.1

       

       

      Hornetq Server configuration is as below.

       

      Connector config:

      <connector name="netty-ssl" socket-binding="ssl-messaging">
        <param key="ssl-enabled" value="true"/>
        <param key="trust-store-path" value="<JBOSS_HOME>/opt/security/truststore.jks"/>
        <param key="trust-store-password" value="changeit"/>
        </connector>

       

      Acceptor config:

      <acceptor name="netty-ssl" socket-binding="ssl-messaging">
        <param key="ssl-enabled" value="true"/>
        <param key="key-store-path" value="<JBOSS_HOME>//opt/security/keystore.jks"/>
        <param key="key-store-password" value="p@ssw0rd"/>
        </acceptor>

       

      Port config:

      <socket-binding name="ssl-messaging" port="25014"/>

       

      Connection factor settings.

       

        <connection-factory name="SSLRemoteConnectionFactory">
        <connectors>
        <connector-ref connector-name="netty-ssl"/>
        </connectors>
        <entries>
        <entry name="java:jboss/exported/jms/SSLRemoteConnectionFactory"/>
        </entries>
        </connection-factory>

       

       

      In client side we have done the below configuration:

       

      for sending the messages we are doing a remote jndi lookp for the SSLRemoteConnectionFactory and the connection is working perfectly fine.

       

      for receiving message we have usedMDB to listen remote server queue.

       

      MDB configuration is as below ejb-jar.xml.

      <message-driven xmlns="" id="MessageDriven_ClientAppACKListener">

        <description>Message Driven Bean for JMS Listener ClientAppACKListener</description>

        <ejb-name>ClientAppACKListener</ejb-name>

        <ejb-class>com.pega.pegarules.internal.etier.mdb.PRJMSListenerBoot</ejb-class>

        <messaging-type>javax.jms.MessageListener</messaging-type>

        <transaction-type>Bean</transaction-type>

        <message-destination-type>javax.jms.Queue</message-destination-type>

        <activation-config>

        <activation-config-property>

        <activation-config-property-name>destinationType</activation-config-property-name>

        <activation-config-property-value>javax.jms.Queue</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>destination</activation-config-property-name>

        <activation-config-property-value>POLICY.ACK</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>connectorClassName</activation-config-property-name>

        <activation-config-property-value>org.hornetq.core.remoting.impl.netty.NettyConnectorFactory</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>connectionParameters</activation-config-property-name>

        <activation-config-property-value>host=sl055542.domain.org;port=25014</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>user</activation-config-property-name>

        <activation-config-property-value>guest</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>password</activation-config-property-name>

        <activation-config-property-value>guest@123</activation-config-property-value>

        </activation-config-property>

        <activation-config-property>

        <activation-config-property-name>maxSession</activation-config-property-name>

        <activation-config-property-value>2</activation-config-property-value>

        </activation-config-property>

        </activation-config>

        <env-entry>

        <env-entry-name>PRListener</env-entry-name>

        <env-entry-type>java.lang.String</env-entry-type>

        <env-entry-value>ClientAppACKListener</env-entry-value>

        </env-entry>

        <env-entry>

        <env-entry-name>UseCMT</env-entry-name>

        <env-entry-type>java.lang.String</env-entry-type>

        <env-entry-value>false</env-entry-value>

        </env-entry>

        <ejb-local-ref id="EJBLocalRef_ClientAppACKListener_EngineBMTLocal">

        <description/>

        <ejb-ref-name>ejb/EngineBMTLocal</ejb-ref-name>

        <ejb-ref-type>Session</ejb-ref-type>

        <local-home>com.pega.pegarules.internal.etier.interfaces.EngineLocalHome</local-home>

        <local>com.pega.pegarules.internal.etier.interfaces.EngineLocal</local>

        <ejb-link>EngineBMT</ejb-link>

        </ejb-local-ref>

        <ejb-local-ref id="EJBLocalRef_ClientAppACKListener_EngineCMTLocal">

        <description/>

        <ejb-ref-name>ejb/EngineCMTLocal</ejb-ref-name>

        <ejb-ref-type>Session</ejb-ref-type>

        <local-home>com.pega.pegarules.internal.etier.interfaces.EngineLocalHome</local-home>

        <local>com.pega.pegarules.internal.etier.interfaces.EngineLocal</local>

        <ejb-link>EngineCMT</ejb-link>

        </ejb-local-ref>

        </message-driven>

       

       

      We are unable to connect to HornetQ and we are getting the exception HornetQException[errorType=CONNECTION_TIMEDOUT message=HQ119013: Timed out waiting to receive cluster topology. Group:null]

      Can you please let us know what is wrong with our configuration.Non SSL connections are working perfectly fine.

       

      Message was edited by: ravi narayanan

        • 1. Re: HornetQ ssl connection receiver MDB
          Justin Bertram Master

          Couple of things:

          • Your ejb-jar.xml refers to "ConnectionParametes" which is not a valid activation configuration property.  The proper name is "ConnectionParameters" (notice the 'r' near the end).
          • You have not specified ssl-enabled=true or the proper trust-store-path or trust-store-password in your ejb-jar.xml.  Therefore the MDB will not be able to connect via SSL.
          • For sending messages I would recommend you configure a pooled-connection-factory to connect to the remote broker and use that instead of the "SSLRemoteConnectionFactory" one you have configured now.
          • 2. Re: HornetQ ssl connection receiver MDB
            ravi narayanan Expert

            Hello Justin,

            1.)Apologies regarding the point 1 it is typo i have corrected it my original post .

            2.)Can you please tell me the activation config property for  ssl-enabled=true or the proper trust-store-path or trust-store-password in  ejb-jar.xml iam not ale to find in internet.An example will be really helpful.

            3.)What are the advantages of configuring the pooled-connection-factory to connect to the remote broker instead of the current implementation remote JNDI lookp to "SSLRemoteConnectionFactory" i would need a valid reason to convince my team since this connection is already working.

            Thanks in advance.

            • 3. Re: HornetQ ssl connection receiver MDB
              Justin Bertram Master

              You specify the SSL related configuration in the MDB's "ConnectionParameters" activation configuration property as key=value pairs separated by a semi-colon just like host and port.

               

              The main advantages of using a pooled-connection-factory are...

              1. Pooling.  If you're managing your own pool of connections then the built-in pooling functionality of the pooled-connection-factory will simplify your code.  If you aren't managing your own pool of connections and rather actually creating a physical connection every time you send a message then the pooled-connection-factory will save you from this terrible, performance-killing anti-pattern.
              2. Automatic JTA transaction enlistment.  I doubt you're using JTA transactions as manually working with the transaction manager and enlisting your resources would be crazy, but it's worth noting that if you ever needed to use JTA transactions it's really easy.
              3. Easy configuration & management.  It's super easy to change the configuration of the pooled-connection-factory via XML or other management interface.  This makes it simple to change the size of the pool, what host and port the pool connects to, etc.
              1 of 1 people found this helpful
              • 4. Re: HornetQ ssl connection receiver MDB
                ravi narayanan Expert

                Hi Justin,

                 

                Thanks for your reply:

                 

                for the SSL related configuration do you mean something like this?

                 

                <activation-config-property-name>connectionParameters</activation-config-property-name>

                  <activation-config-property-value>host=sl055542.agcs.allianz;port=25014;ssl-enabled=true;trust-store-path=/opt/jboss/ServerTruststore.jks;trust-store-password=changeit</activation-config-property-value>

                  </activation-config-property>

                 

                And for the  HornetQException[errorType=CONNECTION_TIMEDOUT message=HQ119013: Timed out waiting to receive cluster topology. Group:null] in Redhat solutions they tell it might be be because of version mismatch between client and server do you have any view on it?

                 

                Client fails with Error: HornetQConnectionTimedOutException[errorType=CONNECTION_TIMEDOUT message=HQ119013: Timed out wa…

                 

                • 5. Re: HornetQ ssl connection receiver MDB
                  ravi narayanan Expert

                  Dear Justin,

                  i have asked my team to try with the above ssl configuration parameter.

                  can you please confirm if it is correct?

                  thanks in advance...

                  • 6. Re: HornetQ ssl connection receiver MDB
                    Justin Bertram Master

                    Yes, that looks correct to me.