Apache camelContext jmxAgent for SSL

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Apache camelContext jmxAgent for SSL

claysea
This post was updated on .
How can I configure the camelContext jmxAgent to use SSL keystore authentication?  

I have enabled the JMX agent in the camelContext:

    <camel:camelContext id="camelContext">
        <camel:jmxAgent id="agent" disabled="false"
             createConnector="true"
             usePlatformMBeanServer="true"
             registryPort="8443"/>

The list of jmxAgent properties does not provide a way to enable SSL or identify the keystore and password.

I have enabled the following JMX properties in the JVM at startup:
  -Dcom.sun.management.jmxremote.port=8443
  -Dcom.sun.management.jmxremote.authenticate=true
  -Dcom.sun.management.jmxremote.ssl=true
  -Dcom.sun.management.jmxremote.ssl.need.client.auth=true

I have also set
- javax.net.ssl.keyStore
- javax.net.ssl.keyStoreType
- javax.net.ssl.keyStorePassword
- javax.net.ssl.trustStore
- javax.net.ssl.trustStoreType
- javax.net.ssl.trusStorePassword


However, I can still access my org.apache.camel mbeans from my remote JConsole w/o any authentication.

FYI - I am using Spring/JDK 1.5.

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Apache camelContext jmxAgent for SSL

Claus Ibsen-2
Hi

Do you mind looking what it takes in the JMX API to setup SSL on the connector?
Maybe there is something missing / we need to do. Despite you have set
those JVM system properties.

Feel free to create a ticket in JIRA about this.



On Thu, Apr 22, 2010 at 8:33 PM, claysea <[hidden email]> wrote:

>
> How can I configure the camelContext jmxAgent to use SSL keystore
> authentication?
>
> I have enabled the JMX agent in the camelContext:
>
>    <camel:camelContext id="camelContext">
>        <camel:jmxAgent id="agent" disabled="false"
>             createConnector="true"
>             usePlatformMBeanServer="true"
>             registryPort="8443"/>
>
> The list of jmxAgent properties does not provide a way to enable SSL or
> identify the keystore and password.
>
> I have enabled the following JMX properties in the JVM at startup:
>  -Dcom.sun.management.jmxremote.port=8443
>  -Dcom.sun.management.jmxremote.authenticate=true
>  -Dcom.sun.management.jmxremote.ssl=true
>  -Dcom.sun.management.jmxremote.ssl.need.client.auth=true
>
>
> However, I can still access my org.apache.camel mbeans from my remote
> JConsole w/o any authentication.
>
> FYI - I am using Spring/JDK 1.5.
>
> Thanks
> --
> View this message in context: http://old.nabble.com/Apache-camelContext-jmxAgent-for-SSL-tp28332944p28332944.html
> Sent from the Camel Development mailing list archive at Nabble.com.
>
>



--
Claus Ibsen
Apache Camel Committer

Author of Camel in Action: http://www.manning.com/ibsen/
Open Source Integration: http://fusesource.com
Blog: http://davsclaus.blogspot.com/
Twitter: http://twitter.com/davsclaus
Reply | Threaded
Open this post in threaded view
|

Re: Apache camelContext jmxAgent for SSL

claysea
I was able to get the working as follows:

    <camel:camelContext id="camelContext">
        <camel:jmxAgent id="jmxAgent" disabled="false"  createConnector="false">
    </camel:camelContext>

    <bean id="rmiRegistry" class="org.springframework.remoting.rmi.RmiRegistryFactoryBean">
        <property name="port" value="8091"/>
    </bean>

    <bean id="jmxConnector" class="org.springframework.jmx.support.ConnectorServerFactoryBean"
        depends-on="rmiRegistry">
        <property name="objectName" value="connector:name=rmi"/>
        <property name="serviceUrl"
                value="service:jmx:rmi://localhost:8090/jndi/rmi://localhost:8091/myapp"/>
        <property name="environment">
            <map>
               
                <entry key="jmx.remote.x.password.file" value="C:/Temp/jmx/jmxremote.password"/>
                <entry key="jmx.remote.x.access.file" value="C:/Temp/jmx/jmxremote.access"/>

               
                <entry key="jmx.remote.rmi.client.socket.factory">
                    <bean class="javax.rmi.ssl.SslRMIClientSocketFactory"/>
                </entry>
                <entry key="jmx.remote.rmi.server.socket.factory">
                    <bean class="javax.rmi.ssl.SslRMIServerSocketFactory"/>
                </entry>
            </map>
        </property>
    </bean>
Reply | Threaded
Open this post in threaded view
|

Re: Apache camelContext jmxAgent for SSL

muhammad siddique
Here is the modified version if you chose to use ssl client authentication vs plain text file

<bean id="jmxConnector" class="org.springframework.jmx.support.ConnectorServerFactoryBean"
          depends-on="rmiRegistry">
        <property name="objectName" value="connector:name=rmi"/>
        <property name="serviceUrl"
                  value="service:jmx:rmi://localhost:1098/jndi/rmi://localhost:1099/myapp"/>
        <property name="environment">
            <map>         


                <entry key="jmx.remote.rmi.client.socket.factory">
                    <bean class="javax.rmi.ssl.SslRMIClientSocketFactory"/>
                </entry>
                <entry key="jmx.remote.rmi.server.socket.factory">
                    <bean class="javax.rmi.ssl.SslRMIServerSocketFactory"/>
                </entry>
                <entry key="jmx.remote.rmi.server.socket.factory">
                    <bean class="javax.rmi.ssl.SslRMIServerSocketFactory" >
                        <constructor-arg index="0" > <null /></constructor-arg>
                        <constructor-arg index="1" > <null /></constructor-arg>
                        <constructor-arg index="2" value="true" />

                    </bean>
                </entry>




            </map>
        </property>
    </bean>