How to connect stomp client to apollo over ssl ,also how to connect apollo to ldap over ssl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

How to connect stomp client to apollo over ssl ,also how to connect apollo to ldap over ssl

bhavesh.patel
This post has NOT been accepted by the mailing list yet.
Hi There
I have  tried to secure stomp client to talk to apollo and having difficulty trying to connect .
Here are the steps i have followed
Client
-----------------------------
String user = env("STOMP_USER", "jdoe");
String password = env("STOMP_PASSWORD", "sunflower");
String host = env("STOMP_HOST", "10.1.1.144");
int port = Integer.parseInt(env("STOMP_PORT", "61614"));
String destination = arg(args, 0, "/topic/event");
StompJmsConnectionFactory factory = new StompJmsConnectionFactory();
factory.setBrokerURI("ssl://" + host + ":" + port);
-----------------------------------------------------------------
Server
  Apollo {
  adds: javax.security.auth.x500.X500Principal  ;
   org.apache.activemq.jaas.LDAPLoginModule required
    debug=true
    initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
    connectionURL="ldaps://localhost:10636"
   connectionUsername="uid=admin,ou=system"
    connectionPassword=secret
    connectionProtocol=""
    authentication=simple
    userBase="ou=User,ou=ActiveMQ,ou=system"
    userSearchMatching="(uid={0})"
    userSearchSubtree=false
    roleBase="ou=Group,ou=ActiveMQ,ou=system"
    roleName=cn
    roleSearchMatching="(member=uid={1})"
    roleSearchSubtree=false
    ;

   apollo.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<broker xmlns="http://activemq.apache.org/schema/activemq/apollo">
    <authentication domain="apollo">
    <user_principal_kind>com.sun.security.auth.UnixPrincipal</user_principal_kind>
    <user_principal_kind>com.sun.security.auth.LdapPrincipal</user_principal_kind>
    <acl_principal_kind>com.sun.security.auth.UnixPrincipal</acl_principal_kind>
    <acl_principal_kind>com.sun.security.auth.LdapPrincipal</acl_principal_kind>
  </authentication>
  <notes>
    The default configuration with tls/ssl enabled.
  </notes>
  <log_category console="console" security="security" connection="connection" audit="audit"/>
  <authentication domain="apollo"/>
  <access_rule allow="admins" action="*"/>
  <access_rule allow="*" action="connect" kind="connector"/>
  <virtual_host id="mybroker">
    <host_name>mybroker</host_name>
    <host_name>localhost</host_name>
    <host_name>127.0.0.1</host_name>
    <access_rule allow="users" action="connect create destroy send receive consume"/>
    <leveldb_store directory="${apollo.base}/data"/>
    </virtual_host>
    <web_admin bind="<a href="http://127.0.0.1:61680&quot;/&gt;">http://127.0.0.1:61680"/>
   <web_admin bind="<a href="https://127.0.0.1:61681&quot;/&gt;">https://127.0.0.1:61681"/>
   <connector id="tcp" bind="tcp://0.0.0.0:61613" connection_limit="2000"/>
  <connector id="stomp-secure" bind="ssl://0.0.0.0:61614"  connection_limit="2000"/>
  <connector id="ws"  bind="ws://0.0.0.0:61623"  connection_limit="2000"/>
  <connector id="wss" bind="wss://0.0.0.0:61624" connection_limit="2000"/>
  <key_storage file="${apollo.base}/etc/keystore" password="password" key_password="password"/>
</broker>

 
}

----------------------------------------------------------




I am including some pointers please help
1.how do i set the trust store and trust store password in stomp client
2.what needs to be added to Apollo.xml ( I have added   <connector id="stomp-secure" bind="ssl://0.0.0.0:61614" connection_limit="2000"/> instead of  <connector id="tls" bind="tls://0.0.0.0:61614" connection_limit="2000"/> ) .
3.please specify changes in login.config

I would really appreciate any help on this
Bhavesh