ARTEMIS-1853 Adding Netty OpenSSL provider example

Added an example to demonstrate how to configure and use openssl
Moved/Added netty-tcnative dependency to artemis-distribution
Changed artemis-jms-client-all pom to exclude io.netty from relocation
so that the native openssl can be loaded
This commit is contained in:
Howard Gao 2018-05-23 22:34:01 +08:00 committed by Clebert Suconic
parent d6d685134a
commit 7c53855c11
12 changed files with 319 additions and 10 deletions

View File

@ -118,6 +118,11 @@
<groupId>io.netty</groupId> <groupId>io.netty</groupId>
<artifactId>netty-common</artifactId> <artifactId>netty-common</artifactId>
</dependency> </dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
</dependency>
</dependencies> </dependencies>
<profiles> <profiles>

View File

@ -81,6 +81,7 @@
<include>org.jboss.logging:jboss-logging</include> <include>org.jboss.logging:jboss-logging</include>
<include>org.jboss.slf4j:slf4j-jboss-logmanager</include> <include>org.jboss.slf4j:slf4j-jboss-logmanager</include>
<include>io.netty:netty-all</include> <include>io.netty:netty-all</include>
<include>io.netty:netty-tcnative-boringssl-static</include>
<include>org.apache.qpid:proton-j</include> <include>org.apache.qpid:proton-j</include>
<include>org.apache.activemq:activemq-client</include> <include>org.apache.activemq:activemq-client</include>
<include>org.slf4j:slf4j-api</include> <include>org.slf4j:slf4j-api</include>

View File

@ -116,10 +116,6 @@
<pattern>org.apache.commons</pattern> <pattern>org.apache.commons</pattern>
<shadedPattern>org.apache.activemq.artemis.shaded.org.apache.commons</shadedPattern> <shadedPattern>org.apache.activemq.artemis.shaded.org.apache.commons</shadedPattern>
</relocation> </relocation>
<relocation>
<pattern>io.netty</pattern>
<shadedPattern>org.apache.activemq.artemis.shaded.io.netty</shadedPattern>
</relocation>
<relocation> <relocation>
<pattern>org.jboss</pattern> <pattern>org.jboss</pattern>
<shadedPattern>org.apache.activemq.artemis.shaded.org.jboss</shadedPattern> <shadedPattern>org.apache.activemq.artemis.shaded.org.jboss</shadedPattern>

View File

@ -0,0 +1,124 @@
<?xml version='1.0'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.activemq.examples.broker</groupId>
<artifactId>jms-examples</artifactId>
<version>2.7.0-SNAPSHOT</version>
</parent>
<artifactId>netty-openssl</artifactId>
<packaging>jar</packaging>
<name>ActiveMQ Artemis JMS Netty OpenSSL Example</name>
<properties>
<activemq.basedir>${project.basedir}/../../../..</activemq.basedir>
</properties>
<dependencies>
<dependency>
<groupId>org.apache.activemq</groupId>
<artifactId>artemis-jms-client-all</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.activemq</groupId>
<artifactId>artemis-maven-plugin</artifactId>
<executions>
<execution>
<id>create</id>
<goals>
<goal>create</goal>
</goals>
<configuration>
<ignore>${noServer}</ignore>
</configuration>
</execution>
<execution>
<id>start</id>
<goals>
<goal>cli</goal>
</goals>
<configuration>
<ignore>${noServer}</ignore>
<spawn>true</spawn>
<testURI>tcp://localhost:61616</testURI>
<args>
<param>run</param>
</args>
</configuration>
</execution>
<execution>
<id>runClient</id>
<goals>
<goal>runClient</goal>
</goals>
<configuration>
<clientClass>org.apache.activemq.artemis.jms.example.OpenSSLExample</clientClass>
</configuration>
</execution>
<execution>
<id>stop</id>
<goals>
<goal>cli</goal>
</goals>
<configuration>
<ignore>${noServer}</ignore>
<args>
<param>stop</param>
</args>
</configuration>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>org.apache.activemq.examples.broker</groupId>
<artifactId>netty-openssl</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
</plugin>
</plugins>
</build>
<profiles>
<profile>
<id>release</id>
<build>
<plugins>
<plugin>
<groupId>com.vladsch.flexmark</groupId>
<artifactId>markdown-page-generator-plugin</artifactId>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

View File

@ -0,0 +1,17 @@
# JMS OpenSSL Example
To run the example, simply type **mvn verify** from this directory, or **mvn -PnoServer verify** if you want to start and create the broker manually.
This example shows you how to configure Netty OpenSSL with ActiveMQ Artemis to send and receive message.
Using SSL can make your messaging applications interact with ActiveMQ Artemis securely. An application can be secured transparently without extra coding effort.
Beside using JDK's implementation, Artemis also supports using native OpenSSL provided by Netty.
To secure your messaging application with Netty's OpenSSL, you need to configure connector and acceptor as follows:
<acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample</acceptor>
In the configuration, the `activemq.example.keystore` is the key store file holding the server's certificate. The `activemq.example.truststore` is the file holding the certificates which the client trusts (i.e. the server's certificate exported from activemq.example.keystore). They are generated via the following commands:
* `keytool -genkey -keystore activemq.example.keystore -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA
* `keytool -export -keystore activemq.example.keystore -file activemq-jks.cer -storepass secureexample
* `keytool -import -keystore activemq.example.truststore -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt

View File

@ -0,0 +1,85 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.artemis.jms.example;
import javax.jms.Connection;
import javax.jms.ConnectionFactory;
import javax.jms.MessageConsumer;
import javax.jms.MessageProducer;
import javax.jms.Queue;
import javax.jms.Session;
import javax.jms.TextMessage;
import javax.naming.InitialContext;
/**
* A simple JMS Queue example that uses netty's OpenSSL secure transport.
*/
public class OpenSSLExample {
public static void main(final String[] args) throws Exception {
Connection connection = null;
InitialContext initialContext = null;
try {
// Step 1. Create an initial context to perform the JNDI lookup.
initialContext = new InitialContext();
// Step 2. Perfom a lookup on the queue
Queue queue = (Queue) initialContext.lookup("queue/exampleQueue");
// Step 3. Perform a lookup on the Connection Factory
ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
// Step 4.Create a JMS Connection
connection = cf.createConnection();
// Step 5. Create a JMS Session
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
// Step 6. Create a JMS Message Producer
MessageProducer producer = session.createProducer(queue);
// Step 7. Create a Text Message
TextMessage message = session.createTextMessage("This is a text message");
System.out.println("Sent message: " + message.getText());
// Step 8. Send the Message
producer.send(message);
// Step 9. Create a JMS Message Consumer
MessageConsumer messageConsumer = session.createConsumer(queue);
// Step 10. Start the Connection
connection.start();
// Step 11. Receive the message
TextMessage messageReceived = (TextMessage) messageConsumer.receive(5000);
System.out.println("Received message: " + messageReceived.getText());
initialContext.close();
} finally {
// Step 12. Be sure to close our JMS resources!
if (initialContext != null) {
initialContext.close();
}
if (connection != null) {
connection.close();
}
}
}
}

View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<configuration xmlns="urn:activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
<core xmlns="urn:activemq:core">
<bindings-directory>./data/messaging/bindings</bindings-directory>
<journal-directory>./data/messaging/journal</journal-directory>
<large-messages-directory>./data/messaging/largemessages</large-messages-directory>
<paging-directory>./data/messaging/paging</paging-directory>
<!-- Acceptors -->
<acceptors>
<!-- keystores will be found automatically if they are on the classpath -->
<acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample</acceptor>
<acceptor name="netty-tcp">tcp://localhost:61616</acceptor>
</acceptors>
<!-- Other config -->
<security-settings>
<!--security for example queue-->
<security-setting match="exampleQueue">
<permission roles="guest" type="createDurableQueue"/>
<permission roles="guest" type="deleteDurableQueue"/>
<permission roles="guest" type="createNonDurableQueue"/>
<permission roles="guest" type="deleteNonDurableQueue"/>
<permission roles="guest" type="consume"/>
<permission roles="guest" type="send"/>
</security-setting>
</security-settings>
<addresses>
<address name="exampleQueue">
<anycast>
<queue name="exampleQueue"/>
</anycast>
</address>
</addresses>
</core>
</configuration>

View File

@ -0,0 +1,20 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory
connectionFactory.ConnectionFactory=tcp://localhost:5500?sslEnabled=true&sslProvider=OPENSSL&trustStorePath=activemq/server0/activemq.example.truststore&trustStorePassword=secureexample
queue.queue/exampleQueue=exampleQueue

View File

@ -92,6 +92,7 @@
<maven.assembly.plugin.version>2.4</maven.assembly.plugin.version> <maven.assembly.plugin.version>2.4</maven.assembly.plugin.version>
<mockito.version>2.8.47</mockito.version> <mockito.version>2.8.47</mockito.version>
<netty.version>4.1.24.Final</netty.version> <netty.version>4.1.24.Final</netty.version>
<netty.tcnative.version>2.0.7.Final</netty.tcnative.version>
<proton.version>0.27.1</proton.version> <proton.version>0.27.1</proton.version>
<resteasy.version>3.0.19.Final</resteasy.version> <resteasy.version>3.0.19.Final</resteasy.version>
<slf4j.version>1.7.21</slf4j.version> <slf4j.version>1.7.21</slf4j.version>
@ -540,6 +541,12 @@
<version>${netty.version}</version> <version>${netty.version}</version>
<!-- License: Apache 2.0 --> <!-- License: Apache 2.0 -->
</dependency> </dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>${netty.tcnative.version}</version>
<!-- License: Apache 2.0 -->
</dependency>
<dependency> <dependency>
<groupId>org.apache.qpid</groupId> <groupId>org.apache.qpid</groupId>
<artifactId>proton-j</artifactId> <artifactId>proton-j</artifactId>

View File

@ -397,12 +397,6 @@
<artifactId>jgroups</artifactId> <artifactId>jgroups</artifactId>
</dependency> </dependency>
<!-- openSSL test -->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
<version>2.0.7.Final</version>
</dependency>
</dependencies> </dependencies>
<build> <build>