JMS SSL Example

This example shows you how to configure SSL with ActiveMQ to send and receive message.

Using SSL can make your messaging applications interact with ActiveMQ securely. An application can be secured transparently without extra coding effort. To secure your messaging application with SSL, you need to configure connector and acceptor as follows:

           
      <!-- Connector -->

      <connector name="netty-ssl-connector">
         <factory-class>org.apache.activemq.core.remoting.impl.netty.NettyConnectorFactory</factory-class>
         <param key="hornetq.remoting.netty.host" value="localhost" type="String"/>
         <param key="hornetq.remoting.netty.port" value="5500" type="Integer"/>	                     
         <param key="hornetq.remoting.netty.ssl-enabled" value="true" type="Boolean"/>
         <param key="hornetq.remoting.netty.trust-store-path" value="server0/hornetq.example.truststore" type="String"/>
         <param key="hornetq.remoting.netty.trust-store-password" value="hornetqexample" type="String"/>
      </connector>

      <!-- Acceptor -->

      <acceptor name="netty-ssl-acceptor">
         <factory-class>org.apache.activemq.core.remoting.impl.netty.NettyAcceptorFactory</factory-class>
         <param key="hornetq.remoting.netty.host" value="localhost" type="String"/>
         <param key="hornetq.remoting.netty.port" value="5500" type="Integer"/>	                     
         <param key="hornetq.remoting.netty.ssl-enabled" value="true" type="Boolean"/>
         <param key="hornetq.remoting.netty.key-store-path" value="hornetq.example.keystore" type="String"/>
         <param key="hornetq.remoting.netty.key-store-password" value="hornetqexample" type="String"/>
      </acceptor>

           
        

In the configuration, the hornetq.example.keystore is the key store file holding the server's certificate. The hornetq.example.truststore is the file holding the certificates which the client trusts (i.e. the server's certificate exported from hornetq.example.keystore). They are pre-generated for illustration purpose¹.

Example step-by-step

To run the example, simply type mvn verify from this directory

1. First we need to get an initial context so we can look-up the JMS connection factory and destination objects from JNDI. This initial context will get it's properties from the client-jndi.properties file in the directory ../common/config

           InitialContext initialContext = getContext();
        

2. We look-up the JMS queue object from JNDI

           Queue queue = (Queue) initialContext.lookup("/queue/exampleQueue");
        

3. We look-up the JMS connection factory object from JNDI

           ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("/ConnectionFactory");
        

4. We create a JMS connection

           connection = cf.createConnection();
        

5. We create a JMS session. The session is created as non transacted and will auto acknowledge messages.

           Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
        

6. We create a JMS message producer on the session. This will be used to send the messages.

          MessageProducer messageProducer = session.createProducer(topic);
       

7. We create a JMS text message that we are going to send.

           TextMessage message = session.createTextMessage("This is a text message");
        

8. We send message to the queue

           messageProducer.send(message);
        

9. We create a JMS Message Consumer to receive the message.

           MessageConsumer messageConsumer = session.createConsumer(queue);
        

10. We start the connection. In order for delivery to occur on any consumers or subscribers on a connection, the connection must be started

           connection.start();
        

11. The message arrives at the consumer. In this case we use a timeout of 5000 milliseconds but we could use a blocking 'receive()'

           TextMessage messageReceived = (TextMessage) messageConsumer.receive(5000);
        

12. And finally, always remember to close your JMS connections and resources after use, in a finally block. Closing a JMS connection will automatically close all of its sessions, consumers, producer and browser objects

           finally
           {
              if (initialContext != null)
              {
                initialContext.close();
              }
              if (connection != null)
              {
                 connection.close();
              }
           }
        

1. The stores were generating using the following commands ↩:
   • create the keystore: keytool -genkey -keystore hornetq.example.keystore -storepass hornetqexample
   • export the certificate: keytool -export -keystore hornetq.example.keystore -file hornetq.cer
   • create the truststore: keytool -import -file hornetq.cer -keystore hornetq.example.truststore -storepass hornetqexample