Thank you James. I am able to get over the orginal exception I report after commenting out the Jetty.xml import in ActiveMQ. Thanks for your pointer. That helped. But now to the next big problem in the same chain - As ever, all your help is greatly appreciated.
Thanking in advance. Scenario - Mutual Authentication not working with Fuse and ActiveMQ - Client (Fuse-Karaf) and Server (ActiveMQ) Cannot get mutual authentication to work. I am trying to connect my services deployed in Fuse Karaf container to connect to the ActiveMQ using mutual authentication. I believe I have followed the example (SSL/TLS Tutorial for ActiveMQ 5.3) and I have deployed the client and server side certificates correctly (broker.ts and client.ts under D:\progress\fuse-message-broker-5.3.1-00-00\conf). Following is the exception message I get on the Fuse log D:\Fuse\bin>karaf ____ _ __ __ _ __| ___ _ ____ _() ___ __| \/ ()_ __ ___ \ / _ \ '__\ \ / / |/ __/ _ \ |\/| | \ \/ / __) | __/ | \ V /| | (| __/ | | | |> < ___/ _|| _/ ||__|| ||/_/_\ Apache ServiceMix (4.2.0-fuse-01-00) it '<tab>' for a list of available commands nd '[cmd] --help' for help on a specific command. a...@root> Exception in thread "SpringOsgiExtenderThread-57" org.springframework.beans.factory.BeanCreationException: Error creatin bean with name 'ExampleObjectService_NORTH' defined in URL [bundleentry://195.fwk6460907/META-INF/spring/camel-context.xml]: Invoc tion of init method failed; nested exception is org.apache.camel.RuntimeCamelException: org.springframework.jms.UncategorizedJmsExc ption: Uncategorized exception occured during JMS processing; nested exception is javax.jms.JMSException: Could not connect to brok r URL: ssl://localhost:61617. Reason: java.net.SocketException: Software caused connection abort: recv failed at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFa tory.java:1338) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFact ry.java:473) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.jav :409) at java.security.AccessController.doPrivileged(Native Method) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactor .java:380) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222 at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory. ava:429) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext java:728) at org.springframework.osgi.context.support.AbstractDelegatedExecutionApplicationContext.access$1600(AbstractDelegatedExecut onApplicationContext.java:69) at org.springframework.osgi.context.support.AbstractDelegatedExecutionApplicationContext$4.run(AbstractDelegatedExecutionApp icationContext.java:355) at org.springframework.osgi.util.internal.PrivilegedUtils.executeWithCustomTCCL(PrivilegedUtils.java:85) at org.springframework.osgi.context.support.AbstractDelegatedExecutionApplicationContext.completeRefresh(AbstractDelegatedEx cutionApplicationContext.java:320) at org.springframework.osgi.extender.internal.dependencies.startup.DependencyWaiterApplicationContextExecutor$CompleteRefres Task.run(DependencyWaiterApplicationContextExecutor.java:136) at java.lang.Thread.run(Thread.java:619) aused by: org.apache.camel.RuntimeCamelException: org.springframework.jms.UncategorizedJmsException: Uncategorized exception occure during JMS processing; nested exception is javax.jms.JMSException: Could not connect to broker URL: ssl://localhost:61617. Reason: java.net.SocketException: Software caused connection abort: recv failed at org.apache.camel.util.ObjectHelper.wrapRuntimeCamelException(ObjectHelper.java:1055) at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:100) at org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:98) at org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:111) at org.apache.camel.impl.DefaultProducerTemplate.sendBody(DefaultProducerTemplate.java:118) at ge.energy.ssi.spf.service_registry.endpoint.ServiceRegistryInvoker.sendMessage(ServiceRegistryInvoker.java:98) at ge.energy.ssi.spf.service_registry.endpoint.ServiceRegistryInvoker.registerServiceEPR(ServiceRegistryInvoker.java:214) at ge.energy.ssi.spf.SPFEndpoint.afterPropertiesSet(SPFEndpoint.java:188) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBea Factory.java:1369) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFa tory.java:1335) ... 17 more aused by: org.springframework.jms.UncategorizedJmsException: Uncategorized exception occured during JMS processing; nested exceptio is javax.jms.JMSException: Could not connect to broker URL: ssl://localhost:61617. Reason: java.net.SocketException: Software caus d connection abort: recv failed at org.springframework.jms.support.JmsUtils.convertJmsAccessException(JmsUtils.java:308) at org.springframework.jms.support.JmsAccessor.convertJmsAccessException(JmsAccessor.java:168) at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:474) at org.apache.camel.component.jms.JmsConfiguration$CamelJmsTemplate.send(JmsConfiguration.java:195) at org.apache.camel.component.jms.JmsProducer.doSend(JmsProducer.java:375) at org.apache.camel.component.jms.JmsProducer.processInOnly(JmsProducer.java:320) at org.apache.camel.component.jms.JmsProducer.process(JmsProducer.java:150) at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:179) at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:161) at org.apache.camel.impl.ProducerCache.doInProducer(ProducerCache.java:146) at org.apache.camel.impl.ProducerCache.sendExchange(ProducerCache.java:160) Meanwhile following is the exception message I get it on ActiveMQ console: Heap sizes: current=5056k free=4280k max=520256k JVM args: -Dcom.sun.management.jmxremote -Xmx512M -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Djava.util.logging.config.f ile=logging.properties -Djavax.net.ssl.keyStore=D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ks -Djavax.net.ssl.keyStoreP assword=password -Djavax.net.ssl.trustStore=D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ts -Djavax.net.ssl.trustStorePas sword=password -Dactivemq.classpath=D:\progress\fuse-message-broker-5.3.1-00-00\bin\../conf; -Dactivemq.home=D:\progress\fuse-messag e-broker-5.3.1-00-00\bin\.. -Dactivemq.base=D:\progress\fuse-message-broker-5.3.1-00-00\bin\.. ACTIVEMQ_HOME: D:\progress\fuse-message-broker-5.3.1-00-00\bin\.. ACTIVEMQ_BASE: D:\progress\fuse-message-broker-5.3.1-00-00\bin\.. Loading message broker from: xbean:activemq.xml INFO | Using Persistence Adapter: org.apache.activemq.store.kahadb.kahadbpersistenceadap...@26e9f9 INFO | Replayed 1 operations from the journal in 0.016 seconds. INFO | ActiveMQ 5.3.1-fuse-00-00 JMS Message Broker (localhost) is starting INFO | For help or more information please see: http://activemq.apache.org/ INFO | Listening for connections at: tcp://T00643344:61616 INFO | Connector openwire Started INFO | Listening for connections at: ssl://localhost:61617?needClientAuth=true INFO | Connector ssl Started INFO | Logging to org.slf4j.impl.JCLLoggerAdapter(org.mortbay.log) via org.mortbay.log.Slf4jLog INFO | jetty-6.1.14 INFO | Started sslsocketconnec...@localhost:8443 INFO | Connector https Started INFO | ActiveMQ JMS Message Broker (localhost, ID:T00643344-1506-1274823661984-0:0) started ERROR | Could not accept connection : javax.net.ssl.SSLHandshakeException: null cert chain Meanwhile on the Activemq.xml file following is the broker configuration file: <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:amq="http://activemq.apache.org/schema/core"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd";> <!-- Allows us to use system properties as variables in this configuration file --> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <value>file:${activemq.base}/conf/credentials.properties</value> </property> </bean> <!-- The <broker> element is used to configure the ActiveMQ broker. --> <broker xmlns="http://activemq.apache.org/schema/core"; brokerName="localhost" dataDirectory="${activemq.base}/data" destroyApplicationContextOnStop="true"> <plugins> <!-jaasCertificateAuthenticationPlugin/-> <jaasCertificateAuthenticationPlugin configuration="CertLogin" /> </plugins> <!-- For better performances use VM cursor and small memory limit. For more information, see: http://activemq.apache.org/message-cursors.html Also, if your producer is "hanging", it's probably due to producer flow control. For more information, see: http://activemq.apache.org/producer-flow-control.html --> <destinationPolicy> <policyMap> <policyEntries> <policyEntry topic=">" producerFlowControl="true" memoryLimit="1mb"> <pendingSubscriberPolicy> <vmCursor /> </pendingSubscriberPolicy> </policyEntry> <policyEntry queue=">" producerFlowControl="true" memoryLimit="1mb"> <!-- Use VM cursor for better latency For more information, see: http://activemq.apache.org/message-cursors.html <pendingQueuePolicy> <vmQueueCursor/> </pendingQueuePolicy> --> </policyEntry> </policyEntries> </policyMap> </destinationPolicy> <!-- The managementContext is used to configure how ActiveMQ is exposed in JMX. By default, ActiveMQ uses the MBean server that is started by the JVM. For more information, see: http://activemq.apache.org/jmx.html --> <managementContext> <managementContext createConnector="false"/> </managementContext> <!-- Configure message persistence for the broker. The default persistence mechanism is the KahaDB store (identified by the kahaDB tag). For more information, see: http://activemq.apache.org/persistence.html --> <persistenceAdapter> <kahaDB directory="${activemq.base}/data/kahadb"/> </persistenceAdapter> <!-- The systemUsage controls the maximum amount of space the broker will use before slowing down producers. For more information, see: http://activemq.apache.org/producer-flow-control.html <systemUsage> <systemUsage> <memoryUsage> <memoryUsage limit="20 mb"/> </memoryUsage> <storeUsage> <storeUsage limit="1 gb" name="foo"/> </storeUsage> <tempUsage> <tempUsage limit="100 mb"/> </tempUsage> </systemUsage> </systemUsage> --> <!-- The transport connectors expose ActiveMQ over a given protocol to clients and other brokers. For more information, see: http://activemq.apache.org/configuring-transports.html --> <transportConnectors> <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/> <transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true"/> <!-transportConnector name="ssl" uri="ssl://localhost:61617"/-> <transportConnector name="https" uri="https://localhost:8443"/> </transportConnectors> <sslContext> <sslContext keyStore="file:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ks" keyStorePassword="password" trustStore="file:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ts" trustStorePassword="password"/> </sslContext> </broker> <!-- Uncomment to enable Camel Take a look at activemq-camel.xml for more details <import resource="camel.xml"/> --> <!-- Enable web consoles, REST and Ajax APIs and demos Take a look at activemq-jetty.xml for more details --> <!-import resource="jetty.xml"/-> </beans> and I have the following files in the ActiveMQ conf directory D:\progress\fuse-message-broker-5.3.1-00-00\conf D:\progress\fuse-message-broker-5.3.1-00-00\example>dir D:\progress\fuse-message-broker-5.3.1-00-00\conf Volume in drive D is Data Volume Serial Number is 9CC3-8C34 Directory of D:\progress\fuse-message-broker-5.3.1-00-00\conf 05/25/2010 04:13 PM <DIR> . 05/25/2010 04:13 PM <DIR> .. 05/11/2010 11:30 AM 2,496 activemq-command.xml 05/11/2010 11:30 AM 12,134 activemq-demo.xml 05/11/2010 11:30 AM 4,319 activemq-dynamic-network-broker1.xml 05/11/2010 11:30 AM 4,424 activemq-dynamic-network-broker2.xml 05/11/2010 11:30 AM 4,002 activemq-jdbc.xml 05/11/2010 11:30 AM 3,348 activemq-scalability.xml 05/11/2010 11:30 AM 4,284 activemq-security.xml 05/19/2010 08:54 AM 6,840 activemq-ssl.xml 05/11/2010 11:30 AM 4,268 activemq-static-network-broker1.xml 05/11/2010 11:30 AM 4,267 activemq-static-network-broker2.xml 05/11/2010 11:30 AM 5,345 activemq-stomp.xml 05/11/2010 11:30 AM 3,486 activemq-throughput.xml 05/20/2010 10:14 PM 6,692 activemq-working.xml 05/25/2010 04:11 PM 6,262 activemq.xml 05/11/2010 11:30 AM 592 broker-localhost.cert 05/11/2010 11:30 AM 1,370 broker.ks 05/18/2010 03:45 PM 1,284 broker.ts 05/11/2010 11:30 AM 2,697 camel.xml 05/11/2010 11:30 AM 1,357 client.ks 05/11/2010 11:30 AM 665 client.ts 05/18/2010 03:45 PM 588 client_cert 05/11/2010 11:30 AM 53 credentials.properties 05/11/2010 11:30 AM 53 credentials.properties.orig 05/25/2010 04:33 PM 1,184 groups.properties 05/18/2010 05:27 PM 1,151 groups.properties.orig 05/11/2010 11:30 AM 493 installsession_log.xml 05/11/2010 11:30 AM 4,318 jetty.xml 05/11/2010 11:30 AM 2,289 log4j.properties 05/11/2010 11:30 AM 1,233 logging.properties 05/25/2010 04:14 PM 1,930 login.config 05/18/2010 05:21 PM 2,046 login.config.orig 05/25/2010 04:32 PM 1,161 users.properties 05/18/2010 05:26 PM 1,090 users.properties.orig 33 File(s) 97,721 bytes 2 Dir(s) 52,872,163,328 bytes free I am not sure if I am doing something wrong but it is the same behaviour when I was trying to run the out of box activemq sample consumer in mutual authentication mode.. Any help is greatly appreciated. Thanks! Mohan Tiruvaiyaru mtiruvaiy...@gmail.com James Casey-2 wrote: > > Hi Mohan, > > can you send your entire activemq.xml ? > > I think it could be caused by Jetty connecting to activemq for the > admin webapp. Firstly could you try and disable Jetty completely and > see if the problem goes way. > > cheers, > > James. > -- > > On 19 May 2010 00:19, mvtiru <mvtiruvaiy...@gmail.com> wrote: >> >> Hi, >> I am trying to get mutual authentication working with ActiveMQ 5.3 and I >> am >> getting the below security exceptin when I try to bring up the activmq >> after >> trying to use JaasCertificateAuthenticationPlugin. >> >> snippet of ActiveMq.conf >> >> <plugins> >> <!--jaasCertificateAuthenticationPlugin/--> >> <jaasCertificateAuthenticationPlugin >> configuration="activemq-domain" >> /> >> </plugins> >> >> Exception >> >> INFO | For help or more information please see: >> http://activemq.apache.org/ >> INFO | Listening for connections at: tcp://T00643344:61616 >> INFO | Connector openwire Started >> INFO | Listening for connections at: >> ssl://localhost:61617?needClientAuth=true >> INFO | Connector ssl Started >> INFO | Logging to org.slf4j.impl.JCLLoggerAdapter(org.mortbay.log) via >> org.mortbay.log.Slf4jLog >> INFO | jetty-6.1.14 >> INFO | Started sslsocketconnec...@localhost:8443 >> INFO | Connector https Started >> INFO | ActiveMQ JMS Message Broker (localhost, >> ID:T00643344-3232-1274218221553-0:0) started >> INFO | jetty-6.1.14 >> INFO | ActiveMQ WebConsole initialized. >> INFO | Initializing Spring FrameworkServlet 'dispatcher' >> INFO | ActiveMQ Console at http://0.0.0.0:8161/admin >> INFO | Initializing Spring root WebApplicationContext >> INFO | Connector vm://localhost Started >> WARN | Failed to add Connection >> java.lang.SecurityException: Unable to authenticate transport without SSL >> certificate. >> at >> org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:7 >> 5) >> at >> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89) >> at >> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:676) >> at >> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134) >> at >> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:300) >> at >> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:178) >> at >> org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116) >> at >> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68) >> at >> org.apache.activemq.transport.vm.VMTransport.iterate(VMTransport.java:219) >> at >> org.apache.activemq.thread.DedicatedTaskRunner.runTask(DedicatedTaskRunner.java:98) >> at >> org.apache.activemq.thread.DedicatedTaskRunner$1.run(DedicatedTaskRunner.java:36) >> >> >> I am trying to run using the default certificates provided as a part of >> ActiveMq installation and have all the SSL environment variables set. >> >> Snippet of the ActiveMq broker configuration showing the certificates >> >> >> <sslContext> >> <sslContext >> keyStore="file:D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ks" >> keyStorePassword="password" >> >> trustStore="file:D:/progress/fuse-message-broker-5.3.1-00-00/conf/broker.ts" >> trustStorePassword="password"/> >> </sslContext> >> >> >> Is there anything else I am missing?? >> >> Appreciate your help. >> >> Mohan >> >> -- >> View this message in context: >> http://old.nabble.com/Help-with-mutual-authentication-using-ActiveMQ-5.3-tp28602073p28602073.html >> Sent from the ActiveMQ - User mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://old.nabble.com/Help-with-mutual-authentication-using-ActiveMQ-5.3-tp28602073p28674316.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
