<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<html>
<head>
<title>ActiveMQ JMS SSL Example</title>
<link rel="stylesheet" type="text/css" href="../common/common.css" />
<link rel="stylesheet" type="text/css" href="../common/prettify.css" />
<script type="text/javascript" src="../common/prettify.js"></script>
</head>
<body onload="prettyPrint()">
<h1>JMS SSL Example</h1>
<p>This example shows you how to configure SSL with ActiveMQ to send and receive message. </p>
<p>Using SSL can make your messaging applications interact with ActiveMQ securely. An application can
be secured transparently without extra coding effort. To secure your messaging application with SSL, you need to configure connector and acceptor as follows:</p>
<p>
<pre class="prettyprint">
<code>
<!-- Connector -->
<connector name="netty-ssl-connector">
<factory-class>org.apache.activemq.core.remoting.impl.netty.NettyConnectorFactory</factory-class>
<param key="activemq.remoting.netty.host" value="localhost" type="String"/>
<param key="activemq.remoting.netty.port" value="5500" type="Integer"/>
<param key="activemq.remoting.netty.ssl-enabled" value="true" type="Boolean"/>
<param key="activemq.remoting.netty.trust-store-path" value="server0/activemq.example.truststore" type="String"/>
<param key="activemq.remoting.netty.trust-store-password" value="activemqexample" type="String"/>
</connector>
<!-- Acceptor -->
<acceptor name="netty-ssl-acceptor">
<factory-class>org.apache.activemq.core.remoting.impl.netty.NettyAcceptorFactory</factory-class>
<param key="activemq.remoting.netty.host" value="localhost" type="String"/>
<param key="activemq.remoting.netty.port" value="5500" type="Integer"/>
<param key="activemq.remoting.netty.ssl-enabled" value="true" type="Boolean"/>
<param key="activemq.remoting.netty.key-store-path" value="activemq.example.keystore" type="String"/>
<param key="activemq.remoting.netty.key-store-password" value="activemqexample" type="String"/>
</acceptor>
</code>
</pre>
</p>
<p>In the configuration, the activemq.example.keystore is the key store file holding the server's certificate. The activemq.example.truststore
is the file holding the certificates which the client trusts (i.e. the server's certificate exported from activemq.example.keystore). They are pre-generated for illustration purpose<a id="fnr1" href="readme.html#fn1"><sup>1</sup></a>.</p>
<h2>Example step-by-step</h2>
<p><i>To run the example, simply type <code>mvn verify</code> from this directory</i></p>
<ol>
<li>First we need to get an initial context so we can look-up the JMS connection factory and destination objects from JNDI. This initial context will get it's properties from the <code>client-jndi.properties</code> file in the directory <code>../common/config</code></li>
<pre class="prettyprint">
<code>InitialContext initialContext = getContext();</code>
</pre>
<li>We look-up the JMS queue object from JNDI</li>
<pre class="prettyprint">
<code>Queue queue = (Queue) initialContext.lookup("/queue/exampleQueue");</code>
</pre>
<li>We look-up the JMS connection factory object from JNDI</li>
<pre class="prettyprint">
<code>ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("/ConnectionFactory");</code>
</pre>
<li>We create a JMS connection</li>
<pre class="prettyprint">
<code>connection = cf.createConnection();</code>
</pre>
<li>We create a JMS session. The session is created as non transacted and will auto acknowledge messages.</li>
<pre class="prettyprint">
<code>Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);</code>
</pre>
<li>We create a JMS message producer on the session. This will be used to send the messages.</li>
<pre class="prettyprint">
<code>MessageProducer messageProducer = session.createProducer(topic);</code>
</pre>
<li>We create a JMS text message that we are going to send.</li>
<pre class="prettyprint">
<code>TextMessage message = session.createTextMessage("This is a text message");</code>
</pre>
<li>We send message to the queue</li>
<pre class="prettyprint">
<code>messageProducer.send(message);</code>
</pre>
<li>We create a JMS Message Consumer to receive the message.</li>
<pre class="prettyprint">
<code>MessageConsumer messageConsumer = session.createConsumer(queue);</code>
</pre>
<li>We start the connection. In order for delivery to occur on any consumers or subscribers on a connection, the connection must be started</li>
<pre class="prettyprint">
<code>connection.start();</code>
</pre>
<li>The message arrives at the consumer. In this case we use a timeout of 5000 milliseconds but we could use a blocking 'receive()'</li>
<pre class="prettyprint">
<code>TextMessage messageReceived = (TextMessage) messageConsumer.receive(5000);</code>
</pre>
<li>And finally, <b>always</b> remember to close your JMS connections and resources after use, in a <code>finally</code> block. Closing a JMS connection will automatically close all of its sessions, consumers, producer and browser objects</li>
<pre class="prettyprint">
<code>finally
{
if (initialContext != null)
{
initialContext.close();
}
if (connection != null)
{
connection.close();
}
}</code>
</pre>
</ol>
<hr>
<ol>
<li><a id="fn1"/>The stores were generating using the following commands <a href="readme.html#fnr1">↩</a>:
<ul>
<li>create the keystore: <code>keytool -genkey -keystore activemq.example.keystore -storepass activemqexample</code></li>
<li>export the certificate: <code>keytool -export -keystore activemq.example.keystore -file activemq.cer</code></li>
<li>create the truststore: <code>keytool -import -file activemq.cer -keystore activemq.example.truststore -storepass activemqexample</code></li>
</ul>
</li>
</ol>
</body>
</html>
56d6a47a83