use of org.apache.activemq.ActiveMQSslConnectionFactory in project webofneeds by researchstudio-sat.
the class BrokerComponentFactory method getBrokerComponent.
private synchronized Component getBrokerComponent(URI brokerURI, MessagingType type, KeyManager keyManager, TrustManager trustManager) {
// TODO: make this configurable for different broker implementations.
logger.info("establishing activemq ssl connection for brokerUri {} (with specified type, keyManager, and TrustManager)", brokerURI);
// jms.prefetchPolicy parameter is added to prevent matcher-consumer death due
// to overflowing with messages,
// see http://activemq.apache.org/what-is-the-prefetch-limit-for.html
ActiveMQSslConnectionFactory activeMQConnectionFactory = new ActiveMQSslConnectionFactory(brokerURI + "?jms.prefetchPolicy.all=1&jms.useAsyncSend=true");
activeMQConnectionFactory.setKeyAndTrustManagers(new KeyManager[] { keyManager }, new TrustManager[] { trustManager }, null);
return getBrokerComponent(type, activeMQConnectionFactory);
}
use of org.apache.activemq.ActiveMQSslConnectionFactory in project activemq-artemis by apache.
the class SecurityTest method testJAASSecurityManagerOpenWireNegative.
/**
* Verify role permissions are applied properly when using OpenWire
*
* @throws Exception
*/
@Test
public void testJAASSecurityManagerOpenWireNegative() throws Exception {
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
Set<Role> roles = new HashSet<>();
roles.add(new Role("programmers", false, false, false, false, false, false, false, false, false, false));
server.getConfiguration().putSecurityRoles("#", roles);
Map<String, Object> params = new HashMap<>();
params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks");
params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks");
params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true);
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
server.start();
ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://localhost:61616");
factory.setUserName("test-user");
factory.setTrustStore("client-side-truststore.jks");
factory.setTrustStorePassword("secureexample");
factory.setKeyStore("client-side-keystore.jks");
factory.setKeyStorePassword("secureexample");
try (ActiveMQConnection connection = (ActiveMQConnection) factory.createConnection()) {
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
// Test queue creation permission
try {
session.createConsumer(session.createQueue("test.queue"));
Assert.fail("should throw exception here");
} catch (Exception e) {
assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_DURABLE_QUEUE' for queue test.queue on address test.queue"));
}
// Test non durable create permission
try {
session.createConsumer(session.createTopic("test.topic"));
Assert.fail("should throw exception here");
} catch (Exception e) {
assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_NON_DURABLE_QUEUE'"));
}
// Add a test queue and topic to the server
SimpleString address = SimpleString.toSimpleString("test.queue");
server.addAddressInfo(new AddressInfo(address, RoutingType.ANYCAST));
server.createQueue(address, RoutingType.ANYCAST, address, null, true, false);
SimpleString address2 = SimpleString.toSimpleString("test.topic");
server.addAddressInfo(new AddressInfo(address2, RoutingType.MULTICAST));
// Test queue produce permission
try {
MessageProducer producer = session.createProducer(session.createQueue("test.queue"));
producer.send(session.createMessage());
Assert.fail("should throw exception here");
} catch (Exception e) {
assertTrue(e.getMessage().contains("User: test-user does not have permission='SEND'"));
}
// Test queue consume permission
try {
session.createConsumer(session.createQueue("test.queue"));
Assert.fail("should throw exception here");
} catch (Exception e) {
assertTrue(e.getMessage().contains("User: test-user does not have permission='CONSUME' for queue test.queue on address test.queue"));
}
// Test queue browse permission
try {
QueueBrowser browser = session.createBrowser(session.createQueue("test.queue"));
browser.getEnumeration();
Assert.fail("should throw exception here");
} catch (Exception e) {
assertTrue(e.getMessage().contains("User: test-user does not have permission='BROWSE' for queue test.queue on address test.queue"));
}
// Test queue deletion permission
try {
connection.destroyDestination(new ActiveMQQueue("test.queue"));
Assert.fail("should throw exception here");
} catch (Exception e) {
assertTrue(e.getMessage().contains("User: test-user does not have permission='DELETE_DURABLE_QUEUE' for queue test.queue on address test.queue"));
}
// Test temp queue
try {
session.createTemporaryQueue();
Assert.fail("should throw exception here");
} catch (Exception e) {
assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_NON_DURABLE_QUEUE'"));
}
// Test temp topic
try {
session.createTemporaryTopic();
Assert.fail("should throw exception here");
} catch (Exception e) {
assertTrue(e.getMessage().contains("User: test-user does not have permission='CREATE_ADDRESS'"));
}
session.close();
}
}
use of org.apache.activemq.ActiveMQSslConnectionFactory in project ddf by codice.
the class OpenwireProducerConsumerExample method createSslConnectionFactory.
private ConnectionFactory createSslConnectionFactory() throws Exception {
ActiveMQSslConnectionFactory jmsConnectFactory = new ActiveMQSslConnectionFactory();
jmsConnectFactory.setKeyStore(OpenwireProducerConsumerExample.class.getResource("/serverKeystore.jks").toURI().getPath());
jmsConnectFactory.setKeyStoreKeyPassword("changeit");
jmsConnectFactory.setKeyStorePassword("changeit");
jmsConnectFactory.setTrustStore(OpenwireProducerConsumerExample.class.getResource("/serverTruststore.jks").toURI().getPath());
jmsConnectFactory.setTrustStorePassword("changeit");
jmsConnectFactory.setBrokerURL("failover://(ssl://localhost:61616,ssl://localhost:61617)");
jmsConnectFactory.setWatchTopicAdvisories(false);
return jmsConnectFactory;
}
use of org.apache.activemq.ActiveMQSslConnectionFactory in project activemq-artemis by apache.
the class SecurityTest method testJAASSecurityManagerAuthenticationWithCertsAndOpenWire.
@Test
public void testJAASSecurityManagerAuthenticationWithCertsAndOpenWire() throws Exception {
ActiveMQJAASSecurityManager securityManager = new ActiveMQJAASSecurityManager("CertLogin");
ActiveMQServer server = addServer(ActiveMQServers.newActiveMQServer(createDefaultInVMConfig().setSecurityEnabled(true), ManagementFactory.getPlatformMBeanServer(), securityManager, false));
Map<String, Object> params = new HashMap<>();
params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "server-side-keystore.jks");
params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secureexample");
params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, "server-side-truststore.jks");
params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secureexample");
params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true);
server.getConfiguration().addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params));
server.start();
ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory("ssl://localhost:61616");
factory.setTrustStore("client-side-truststore.jks");
factory.setTrustStorePassword("secureexample");
factory.setKeyStore("client-side-keystore.jks");
factory.setKeyStorePassword("secureexample");
try (ActiveMQConnection connection = (ActiveMQConnection) factory.createConnection()) {
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
session.close();
} catch (Throwable e) {
e.printStackTrace();
Assert.fail("should not throw exception");
}
}
use of org.apache.activemq.ActiveMQSslConnectionFactory in project syndesis by syndesisio.
the class ActiveMQUtil method createActiveMQConnectionFactory.
@SuppressWarnings("PMD.CyclomaticComplexity")
public static ActiveMQConnectionFactory createActiveMQConnectionFactory(String brokerUrl, String username, String password, String brokerCertificate, String clientCertificate, boolean skipCertificateCheck) {
if (brokerUrl.contains("ssl:")) {
final ActiveMQSslConnectionFactory connectionFactory;
if (ObjectHelper.isEmpty(username)) {
connectionFactory = new ActiveMQSslConnectionFactory(brokerUrl);
} else {
connectionFactory = new ActiveMQSslConnectionFactory(brokerUrl);
connectionFactory.setUserName(username);
connectionFactory.setPassword(password);
}
try {
// create client key manager
final KeyManager[] keyManagers;
if (ObjectHelper.isEmpty(clientCertificate)) {
keyManagers = null;
} else {
keyManagers = CertificateUtil.createKeyManagers(clientCertificate, "amq-client");
}
// create client trust manager
final TrustManager[] trustManagers;
if (ObjectHelper.isEmpty(brokerCertificate)) {
if (skipCertificateCheck) {
// use a trust all TrustManager
LOG.warn("Skipping Certificate check for Broker {}", brokerUrl);
trustManagers = CertificateUtil.createTrustAllTrustManagers();
} else {
LOG.debug("Using default JVM Trust Manager for Broker {}", brokerUrl);
trustManagers = null;
}
} else {
trustManagers = CertificateUtil.createTrustManagers(brokerCertificate, "amq-broker");
}
connectionFactory.setKeyAndTrustManagers(keyManagers, trustManagers, new SecureRandom());
return connectionFactory;
} catch (GeneralSecurityException | IOException e) {
throw new IllegalArgumentException("SSL configuration error: " + e.getMessage(), e);
}
} else {
// non-ssl connection
return ObjectHelper.isEmpty(username) ? new ActiveMQConnectionFactory(brokerUrl) : new ActiveMQConnectionFactory(username, password, brokerUrl);
}
}
Aggregations