[ARTEMIS] core-client: DiscoveryGroup with mSSL TransportConfiguration

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[ARTEMIS] core-client: DiscoveryGroup with mSSL TransportConfiguration

andrea.rizzini@gmail.com
Hi All,

i have setup a cluster of artemis 2.5.0 in a shared-storage mode.

I have create a simple java program which connects to the cluster when a
failover event happens the client connects to the new elected master
(transparently).

This client has been  implemented using the artemis-core-client api.
(DiscoveryGroupConfiguration, ActiveMQClient.createServerLocatorWithHA,
ServerLocator, ClientSessionFactory, ClientSession)

Because the communication from the client to the artemis server is
unprotected i would like to enable the mSSL, mutual SSL. I have replicated
the broker config and additional configuration (cert-user.properties,
cert-role.properties, login.property, broker.xml) from artemis samples:
"https://github.com/apache/activemq-artemis/tree/master/examples/features/standard/ssl-enabled"?

But looking at the /ActiveMQClient.createServerLocatorWithHA/ i haven't
found a method to create a serverLocator by using a custom
DiscoveryGroupConfiguration and TransportConfiguration (where i would
specify ssl paramters such as trustore + password and keystore + password.

Does anyone have some pointers to achieve this?

I would have thought that the UDP discovery group would allow the client to
list the severs connection list and pick the right one?

DiscoveryGroupConfiguration and TransportConfiguration  seems to be mutually
esclusive, so how can i have a DiscoveryGroupConfiguration and then using
MSSL when connecting to the artemis server?

Regards

Andrea



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: [ARTEMIS] core-client: DiscoveryGroup with mSSL TransportConfiguration

jbertram
The DiscoveryGroup is used to listen for UDP-multicast broadcasts from a
broker's BroadcastGroup. The connector defined in the broker's
BroadcastGroup is what the client will use to connect to that broker. Of
course, this presents a problem for things that need to be configured
specifically for each client like SSL artifacts. To deal with this you can
use the traditional SSL system properties (i.e. javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword, javax.net.ssl.trustStore,
javax.net.ssl.trustStorePassword).


Justin

On Tue, Apr 24, 2018 at 11:28 AM, [hidden email] <
[hidden email]> wrote:

> Hi All,
>
> i have setup a cluster of artemis 2.5.0 in a shared-storage mode.
>
> I have create a simple java program which connects to the cluster when a
> failover event happens the client connects to the new elected master
> (transparently).
>
> This client has been  implemented using the artemis-core-client api.
> (DiscoveryGroupConfiguration, ActiveMQClient.createServerLocatorWithHA,
> ServerLocator, ClientSessionFactory, ClientSession)
>
> Because the communication from the client to the artemis server is
> unprotected i would like to enable the mSSL, mutual SSL. I have replicated
> the broker config and additional configuration (cert-user.properties,
> cert-role.properties, login.property, broker.xml) from artemis samples:
> "https://github.com/apache/activemq-artemis/tree/master/
> examples/features/standard/ssl-enabled"?
>
> But looking at the /ActiveMQClient.createServerLocatorWithHA/ i haven't
> found a method to create a serverLocator by using a custom
> DiscoveryGroupConfiguration and TransportConfiguration (where i would
> specify ssl paramters such as trustore + password and keystore + password.
>
> Does anyone have some pointers to achieve this?
>
> I would have thought that the UDP discovery group would allow the client to
> list the severs connection list and pick the right one?
>
> DiscoveryGroupConfiguration and TransportConfiguration  seems to be
> mutually
> esclusive, so how can i have a DiscoveryGroupConfiguration and then using
> MSSL when connecting to the artemis server?
>
> Regards
>
> Andrea
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>