Reputation: 3015
Problems configuring https for Active Mq broker created in spring
Edit
From some experimentation I have noticed if I change my connector to:
<amq:transportConnector name="ssl" uri="ssl://localhost:61617"/>
Everything works fine, so I believe the problem is related to me needing some sort of additional configuration when using an https connector. Unfortunately the information available consists of http://activemq.apache.org/http-and-https-transports-reference.html and http://docs.codehaus.org/display/JETTY/How%20to%20configure%20SSL. Perhaps I am missing an additional step?
I have followed these instructions: http://activemq.apache.org/how-do-i-use-ssl.html
I have created a certificate as follows:
sudo keytool -keystore broker.ks -alias jetty -genkey -keyalg RSA
I have then put the broker.ks file on the classpath of my project in eclipse. I then have the following spring configuration:
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:amq="http://activemq.apache.org/schema/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<amq:broker useJmx="false" persistent="false">
<amq:persistenceAdapter>
<amq:kahaDB />
</amq:persistenceAdapter>
<!-- Configure ssl -->
<amq:sslContext>
<amq:sslContext keyStore="broker.ks" keyStorePassword="password"/>
</amq:sslContext>
<!-- Only allow connection through http -->
<amq:transportConnectors>
<amq:transportConnector name="https" uri="https://localhost:443"/>
</amq:transportConnectors>
</amq:broker>
My keystore is definately on the classpath and the password is definately 'password' for both my password and key. However on running the application I am prompted with:
org.eclipse.jetty.ssl.password
I then enter 'password', then I am prompted with:
org.eclipse.jetty.ssl.keypassword
I enter 'password' again an receive:
WARN : org.eclipse.jetty.util.log - FAILED SslSocketConnector@localhost:443: java.net.BindException: Permission denied
WARN : org.eclipse.jetty.util.log - FAILED org.eclipse.jetty.server.Server@225f1ae9: java.net.BindException: Permission denied
ERROR: org.apache.activemq.broker.BrokerService - Failed to start ActiveMQ JMS Message Broker. Reason: java.net.BindException: Permission denied
java.net.BindException: Permission denied
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:383)
at java.net.ServerSocket.bind(ServerSocket.java:328)
at java.net.ServerSocket.<init>(ServerSocket.java:194)
at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:106)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:108)
at com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:72)
at org.eclipse.jetty.server.ssl.SslSocketConnector.newServerSocket(SslSocketConnector.java:378)
at org.eclipse.jetty.server.bio.SocketConnector.open(SocketConnector.java:75)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:358)
at org.eclipse.jetty.server.bio.SocketConnector.doStart(SocketConnector.java:146)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55)
at org.eclipse.jetty.server.Server.doStart(Server.java:253)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55)
at org.apache.activemq.transport.http.HttpTransportServer.doStart(HttpTransportServer.java:119)
at org.apache.activemq.transport.https.HttpsTransportServer.doStart(HttpsTransportServer.java:66)
at org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:53)
at org.apache.activemq.broker.TransportConnector.start(TransportConnector.java:246)
at org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:2162)
at org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:2073)
at org.apache.activemq.broker.BrokerService.start(BrokerService.java:519)
at org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1536)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.apache.xbean.spring.context.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:161)
at org.apache.xbean.spring.context.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:51)
at com.bbconnecttxt.activeMq.Broker.main(Broker.java:7)
From what I am aware I shouldn't be prompted to enter password at all.
Upvotes: 1
Views: 2066
Answers (1)
Reputation: 6199
Some operating systems require superuser (root) privileges to bind a connection to a privileged port (ports below 1024).
The following message basically reports that you are trying to bind to a port 443 (which is a privileged port) and you are not allowed to do this by the OS:
WARN : org.eclipse.jetty.util.log - FAILED SslSocketConnector@localhost:443: java.net.BindException: Permission denied
Try to configure the HTTPS for the ActiveMQ server to use port higher than 1024 for HTTPS, e.g. 8443. In general, it would be possible to run ActiveMQ under root user (not recommended), or use a tool like authbind, but reconfiguring the port should be the most easy change.
Upvotes: 2
Related Questions
- ActiveMQ over SSL: "acceptInvalidBrokerCert=true" not working
- ActiveMQ Artemis unable to establish connection to Spring Boot Client
- Is there a complete example for Springboot ActiveMQ external broker with SSL Connection configuration?
- Can't connect to broker over SSL
- ActiveMQ bad certificate when introduce SSL
- application.yaml spring.activemq.broker-url not set
- Spring Boot and ActiveMQ: Ignores broker-url and uses default localhost:61616
- Setting up ActiveMQ with HTTPS REST
- ActiveMQ - create embedded broker listening on SSL (TLS) transport error
- How to configure a Spring 3 consumer for activemq 5 over SSL