ARTEMIS-1853 Adding Netty OpenSSL provider example
Added an example to demonstrate how to configure and use openssl Moved/Added netty-tcnative dependency to artemis-distribution Changed artemis-jms-client-all pom to exclude io.netty from relocation so that the native openssl can be loaded
This commit is contained in:
parent
d6d685134a
commit
7c53855c11
|
@ -118,6 +118,11 @@
|
||||||
<groupId>io.netty</groupId>
|
<groupId>io.netty</groupId>
|
||||||
<artifactId>netty-common</artifactId>
|
<artifactId>netty-common</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>io.netty</groupId>
|
||||||
|
<artifactId>netty-tcnative-boringssl-static</artifactId>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<profiles>
|
<profiles>
|
||||||
|
|
|
@ -81,6 +81,7 @@
|
||||||
<include>org.jboss.logging:jboss-logging</include>
|
<include>org.jboss.logging:jboss-logging</include>
|
||||||
<include>org.jboss.slf4j:slf4j-jboss-logmanager</include>
|
<include>org.jboss.slf4j:slf4j-jboss-logmanager</include>
|
||||||
<include>io.netty:netty-all</include>
|
<include>io.netty:netty-all</include>
|
||||||
|
<include>io.netty:netty-tcnative-boringssl-static</include>
|
||||||
<include>org.apache.qpid:proton-j</include>
|
<include>org.apache.qpid:proton-j</include>
|
||||||
<include>org.apache.activemq:activemq-client</include>
|
<include>org.apache.activemq:activemq-client</include>
|
||||||
<include>org.slf4j:slf4j-api</include>
|
<include>org.slf4j:slf4j-api</include>
|
||||||
|
|
|
@ -116,10 +116,6 @@
|
||||||
<pattern>org.apache.commons</pattern>
|
<pattern>org.apache.commons</pattern>
|
||||||
<shadedPattern>org.apache.activemq.artemis.shaded.org.apache.commons</shadedPattern>
|
<shadedPattern>org.apache.activemq.artemis.shaded.org.apache.commons</shadedPattern>
|
||||||
</relocation>
|
</relocation>
|
||||||
<relocation>
|
|
||||||
<pattern>io.netty</pattern>
|
|
||||||
<shadedPattern>org.apache.activemq.artemis.shaded.io.netty</shadedPattern>
|
|
||||||
</relocation>
|
|
||||||
<relocation>
|
<relocation>
|
||||||
<pattern>org.jboss</pattern>
|
<pattern>org.jboss</pattern>
|
||||||
<shadedPattern>org.apache.activemq.artemis.shaded.org.jboss</shadedPattern>
|
<shadedPattern>org.apache.activemq.artemis.shaded.org.jboss</shadedPattern>
|
||||||
|
|
|
@ -0,0 +1,124 @@
|
||||||
|
<?xml version='1.0'?>
|
||||||
|
<!--
|
||||||
|
Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
or more contributor license agreements. See the NOTICE file
|
||||||
|
distributed with this work for additional information
|
||||||
|
regarding copyright ownership. The ASF licenses this file
|
||||||
|
to you under the Apache License, Version 2.0 (the
|
||||||
|
"License"); you may not use this file except in compliance
|
||||||
|
with the License. You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing,
|
||||||
|
software distributed under the License is distributed on an
|
||||||
|
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
KIND, either express or implied. See the License for the
|
||||||
|
specific language governing permissions and limitations
|
||||||
|
under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<groupId>org.apache.activemq.examples.broker</groupId>
|
||||||
|
<artifactId>jms-examples</artifactId>
|
||||||
|
<version>2.7.0-SNAPSHOT</version>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>netty-openssl</artifactId>
|
||||||
|
<packaging>jar</packaging>
|
||||||
|
<name>ActiveMQ Artemis JMS Netty OpenSSL Example</name>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
<activemq.basedir>${project.basedir}/../../../..</activemq.basedir>
|
||||||
|
</properties>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.activemq</groupId>
|
||||||
|
<artifactId>artemis-jms-client-all</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.activemq</groupId>
|
||||||
|
<artifactId>artemis-maven-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>create</id>
|
||||||
|
<goals>
|
||||||
|
<goal>create</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<ignore>${noServer}</ignore>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
<execution>
|
||||||
|
<id>start</id>
|
||||||
|
<goals>
|
||||||
|
<goal>cli</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<ignore>${noServer}</ignore>
|
||||||
|
<spawn>true</spawn>
|
||||||
|
<testURI>tcp://localhost:61616</testURI>
|
||||||
|
<args>
|
||||||
|
<param>run</param>
|
||||||
|
</args>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
<execution>
|
||||||
|
<id>runClient</id>
|
||||||
|
<goals>
|
||||||
|
<goal>runClient</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<clientClass>org.apache.activemq.artemis.jms.example.OpenSSLExample</clientClass>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
<execution>
|
||||||
|
<id>stop</id>
|
||||||
|
<goals>
|
||||||
|
<goal>cli</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<ignore>${noServer}</ignore>
|
||||||
|
<args>
|
||||||
|
<param>stop</param>
|
||||||
|
</args>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.activemq.examples.broker</groupId>
|
||||||
|
<artifactId>netty-openssl</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-clean-plugin</artifactId>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
<profiles>
|
||||||
|
<profile>
|
||||||
|
<id>release</id>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>com.vladsch.flexmark</groupId>
|
||||||
|
<artifactId>markdown-page-generator-plugin</artifactId>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
</profile>
|
||||||
|
</profiles>
|
||||||
|
</project>
|
|
@ -0,0 +1,17 @@
|
||||||
|
# JMS OpenSSL Example
|
||||||
|
|
||||||
|
To run the example, simply type **mvn verify** from this directory, or **mvn -PnoServer verify** if you want to start and create the broker manually.
|
||||||
|
|
||||||
|
This example shows you how to configure Netty OpenSSL with ActiveMQ Artemis to send and receive message.
|
||||||
|
|
||||||
|
Using SSL can make your messaging applications interact with ActiveMQ Artemis securely. An application can be secured transparently without extra coding effort.
|
||||||
|
Beside using JDK's implementation, Artemis also supports using native OpenSSL provided by Netty.
|
||||||
|
To secure your messaging application with Netty's OpenSSL, you need to configure connector and acceptor as follows:
|
||||||
|
|
||||||
|
<acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample</acceptor>
|
||||||
|
|
||||||
|
In the configuration, the `activemq.example.keystore` is the key store file holding the server's certificate. The `activemq.example.truststore` is the file holding the certificates which the client trusts (i.e. the server's certificate exported from activemq.example.keystore). They are generated via the following commands:
|
||||||
|
|
||||||
|
* `keytool -genkey -keystore activemq.example.keystore -storepass secureexample -keypass secureexample -dname "CN=localhost, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -keyalg EC -sigalg SHA256withECDSA
|
||||||
|
* `keytool -export -keystore activemq.example.keystore -file activemq-jks.cer -storepass secureexample
|
||||||
|
* `keytool -import -keystore activemq.example.truststore -file activemq-jks.cer -storepass secureexample -keypass secureexample -noprompt
|
|
@ -0,0 +1,85 @@
|
||||||
|
/*
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
|
* contributor license agreements. See the NOTICE file distributed with
|
||||||
|
* this work for additional information regarding copyright ownership.
|
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||||
|
* (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.apache.activemq.artemis.jms.example;
|
||||||
|
|
||||||
|
import javax.jms.Connection;
|
||||||
|
import javax.jms.ConnectionFactory;
|
||||||
|
import javax.jms.MessageConsumer;
|
||||||
|
import javax.jms.MessageProducer;
|
||||||
|
import javax.jms.Queue;
|
||||||
|
import javax.jms.Session;
|
||||||
|
import javax.jms.TextMessage;
|
||||||
|
import javax.naming.InitialContext;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A simple JMS Queue example that uses netty's OpenSSL secure transport.
|
||||||
|
*/
|
||||||
|
public class OpenSSLExample {
|
||||||
|
|
||||||
|
public static void main(final String[] args) throws Exception {
|
||||||
|
Connection connection = null;
|
||||||
|
InitialContext initialContext = null;
|
||||||
|
try {
|
||||||
|
// Step 1. Create an initial context to perform the JNDI lookup.
|
||||||
|
initialContext = new InitialContext();
|
||||||
|
|
||||||
|
// Step 2. Perfom a lookup on the queue
|
||||||
|
Queue queue = (Queue) initialContext.lookup("queue/exampleQueue");
|
||||||
|
|
||||||
|
// Step 3. Perform a lookup on the Connection Factory
|
||||||
|
ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
|
||||||
|
|
||||||
|
// Step 4.Create a JMS Connection
|
||||||
|
connection = cf.createConnection();
|
||||||
|
|
||||||
|
// Step 5. Create a JMS Session
|
||||||
|
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
|
||||||
|
|
||||||
|
// Step 6. Create a JMS Message Producer
|
||||||
|
MessageProducer producer = session.createProducer(queue);
|
||||||
|
|
||||||
|
// Step 7. Create a Text Message
|
||||||
|
TextMessage message = session.createTextMessage("This is a text message");
|
||||||
|
|
||||||
|
System.out.println("Sent message: " + message.getText());
|
||||||
|
|
||||||
|
// Step 8. Send the Message
|
||||||
|
producer.send(message);
|
||||||
|
|
||||||
|
// Step 9. Create a JMS Message Consumer
|
||||||
|
MessageConsumer messageConsumer = session.createConsumer(queue);
|
||||||
|
|
||||||
|
// Step 10. Start the Connection
|
||||||
|
connection.start();
|
||||||
|
|
||||||
|
// Step 11. Receive the message
|
||||||
|
TextMessage messageReceived = (TextMessage) messageConsumer.receive(5000);
|
||||||
|
|
||||||
|
System.out.println("Received message: " + messageReceived.getText());
|
||||||
|
|
||||||
|
initialContext.close();
|
||||||
|
} finally {
|
||||||
|
// Step 12. Be sure to close our JMS resources!
|
||||||
|
if (initialContext != null) {
|
||||||
|
initialContext.close();
|
||||||
|
}
|
||||||
|
if (connection != null) {
|
||||||
|
connection.close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,60 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
|
<!--
|
||||||
|
Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
or more contributor license agreements. See the NOTICE file
|
||||||
|
distributed with this work for additional information
|
||||||
|
regarding copyright ownership. The ASF licenses this file
|
||||||
|
to you under the Apache License, Version 2.0 (the
|
||||||
|
"License"); you may not use this file except in compliance
|
||||||
|
with the License. You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing,
|
||||||
|
software distributed under the License is distributed on an
|
||||||
|
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
KIND, either express or implied. See the License for the
|
||||||
|
specific language governing permissions and limitations
|
||||||
|
under the License.
|
||||||
|
-->
|
||||||
|
<configuration xmlns="urn:activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
|
||||||
|
<core xmlns="urn:activemq:core">
|
||||||
|
|
||||||
|
<bindings-directory>./data/messaging/bindings</bindings-directory>
|
||||||
|
|
||||||
|
<journal-directory>./data/messaging/journal</journal-directory>
|
||||||
|
|
||||||
|
<large-messages-directory>./data/messaging/largemessages</large-messages-directory>
|
||||||
|
|
||||||
|
<paging-directory>./data/messaging/paging</paging-directory>
|
||||||
|
|
||||||
|
<!-- Acceptors -->
|
||||||
|
<acceptors>
|
||||||
|
<!-- keystores will be found automatically if they are on the classpath -->
|
||||||
|
<acceptor name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;sslProvider=OPENSSL;keyStorePath=activemq.example.keystore;keyStorePassword=secureexample</acceptor>
|
||||||
|
<acceptor name="netty-tcp">tcp://localhost:61616</acceptor>
|
||||||
|
</acceptors>
|
||||||
|
|
||||||
|
<!-- Other config -->
|
||||||
|
|
||||||
|
<security-settings>
|
||||||
|
<!--security for example queue-->
|
||||||
|
<security-setting match="exampleQueue">
|
||||||
|
<permission roles="guest" type="createDurableQueue"/>
|
||||||
|
<permission roles="guest" type="deleteDurableQueue"/>
|
||||||
|
<permission roles="guest" type="createNonDurableQueue"/>
|
||||||
|
<permission roles="guest" type="deleteNonDurableQueue"/>
|
||||||
|
<permission roles="guest" type="consume"/>
|
||||||
|
<permission roles="guest" type="send"/>
|
||||||
|
</security-setting>
|
||||||
|
</security-settings>
|
||||||
|
|
||||||
|
<addresses>
|
||||||
|
<address name="exampleQueue">
|
||||||
|
<anycast>
|
||||||
|
<queue name="exampleQueue"/>
|
||||||
|
</anycast>
|
||||||
|
</address>
|
||||||
|
</addresses>
|
||||||
|
</core>
|
||||||
|
</configuration>
|
|
@ -0,0 +1,20 @@
|
||||||
|
# Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
# or more contributor license agreements. See the NOTICE file
|
||||||
|
# distributed with this work for additional information
|
||||||
|
# regarding copyright ownership. The ASF licenses this file
|
||||||
|
# to you under the Apache License, Version 2.0 (the
|
||||||
|
# "License"); you may not use this file except in compliance
|
||||||
|
# with the License. You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing,
|
||||||
|
# software distributed under the License is distributed on an
|
||||||
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
# KIND, either express or implied. See the License for the
|
||||||
|
# specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory
|
||||||
|
connectionFactory.ConnectionFactory=tcp://localhost:5500?sslEnabled=true&sslProvider=OPENSSL&trustStorePath=activemq/server0/activemq.example.truststore&trustStorePassword=secureexample
|
||||||
|
queue.queue/exampleQueue=exampleQueue
|
7
pom.xml
7
pom.xml
|
@ -92,6 +92,7 @@
|
||||||
<maven.assembly.plugin.version>2.4</maven.assembly.plugin.version>
|
<maven.assembly.plugin.version>2.4</maven.assembly.plugin.version>
|
||||||
<mockito.version>2.8.47</mockito.version>
|
<mockito.version>2.8.47</mockito.version>
|
||||||
<netty.version>4.1.24.Final</netty.version>
|
<netty.version>4.1.24.Final</netty.version>
|
||||||
|
<netty.tcnative.version>2.0.7.Final</netty.tcnative.version>
|
||||||
<proton.version>0.27.1</proton.version>
|
<proton.version>0.27.1</proton.version>
|
||||||
<resteasy.version>3.0.19.Final</resteasy.version>
|
<resteasy.version>3.0.19.Final</resteasy.version>
|
||||||
<slf4j.version>1.7.21</slf4j.version>
|
<slf4j.version>1.7.21</slf4j.version>
|
||||||
|
@ -540,6 +541,12 @@
|
||||||
<version>${netty.version}</version>
|
<version>${netty.version}</version>
|
||||||
<!-- License: Apache 2.0 -->
|
<!-- License: Apache 2.0 -->
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>io.netty</groupId>
|
||||||
|
<artifactId>netty-tcnative-boringssl-static</artifactId>
|
||||||
|
<version>${netty.tcnative.version}</version>
|
||||||
|
<!-- License: Apache 2.0 -->
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.qpid</groupId>
|
<groupId>org.apache.qpid</groupId>
|
||||||
<artifactId>proton-j</artifactId>
|
<artifactId>proton-j</artifactId>
|
||||||
|
|
|
@ -397,12 +397,6 @@
|
||||||
<artifactId>jgroups</artifactId>
|
<artifactId>jgroups</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<!-- openSSL test -->
|
|
||||||
<dependency>
|
|
||||||
<groupId>io.netty</groupId>
|
|
||||||
<artifactId>netty-tcnative-boringssl-static</artifactId>
|
|
||||||
<version>2.0.7.Final</version>
|
|
||||||
</dependency>
|
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<build>
|
<build>
|
||||||
|
|
Loading…
Reference in New Issue