I'm using JMS on a Spring boot client to connect to an ActiveMQ Artemis broker over SSL. The client is able to connect regardless of the validity of the certificates in the truststore and even if invalid credentials are used. How do I ensure that the broker is filtering clients out based on the configured parameters?
The acceptors in the broker.xml are defined as show below. The SSL acceptor uses port 61617.
<acceptors>
<!-- Acceptor for every supported protocol -->
<acceptor name="artemis">tcp://0.0.0.0:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;supportAdvisory=false;suppressInternalManagementObjects=false</acceptor>
<!-- AMQP Acceptor. Listens on default AMQP port for AMQP traffic.-->
<acceptor name="amqp">tcp://0.0.0.0:5672?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpMinLargeMessageSize=102400;amqpDuplicateDetection=true</acceptor>
<!-- STOMP Acceptor. -->
<acceptor name="stomp">tcp://0.0.0.0:61613?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true</acceptor>
<!-- HornetQ Compatibility Acceptor. Enables HornetQ Core and STOMP for legacy HornetQ clients. -->
<acceptor name="hornetq">tcp://0.0.0.0:5445?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;protocols=HORNETQ,STOMP;useEpoll=true</acceptor>
<!-- MQTT Acceptor -->
<acceptor name="mqtt">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=false</acceptor>
<!-- SSL Acceptor -->
<acceptor name="netty-ssl-acceptor">tcp://0.0.0.0:61617?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;sslEnabled=true;keyStorePath=E:/apache-artemis-2.18.0/bin/localBroker/etc/sprink.jks;keyStorePassword=changeit;trustStorePath=E:/apache-artemis-2.18.0/bin/localBroker/etc/sprinktrust.ts;trustStorePassword=changeit;needClientAuth=true;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE</acceptor>
</acceptors>
The connection factory, listener, and JmsTemplate are configured on the spring boot client as shown below
import org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.jms.annotation.EnableJms;
import org.springframework.jms.config.DefaultJmsListenerContainerFactory;
import org.springframework.jms.core.JmsTemplate;
import javax.jms.JMSException;
#Configuration
#EnableJms
public class MQTTConfig {
#Value("${activemq.broker-url}")
private String brokerUrl;
#Value("${activemq.ssl-url}")
private String sslUrl;
#Value("${JMS_BROKER_TRUSTSTORE}")
private String pathToTrustStore;
#Value("${JMS_BROKER_KEYSTORE}")
private String pathToKeystore;
#Value("${JMS_BROKER_TRUSTSTORE_PASSWORD}")
private String truststorePassword;
#Value("${JMS_BROKER_KEYSTORE_PASSWORD}")
private String keystorePassword;
/**
* Initialise the connection factory that will be used
*/
#Bean
public ActiveMQConnectionFactory artemisSSLConnectionFactory() {
ActiveMQConnectionFactory artemisConnectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61617?&" + "sslEnabled=true&" +
"trustStorePath=" + pathToTrustStore + "&trustStorePassword=changeit&needClientAuth=true");
artemisConnectionFactory.setUser("user");
artemisConnectionFactory.setPassword("password");
return artemisConnectionFactory;
}
/**
* Initialise {#link JmsTemplate} as required
*/
#Bean
public JmsTemplate jmsTemplate() throws JMSException {
JmsTemplate jmsTemplate = new JmsTemplate();
jmsTemplate.setConnectionFactory(artemisSSLConnectionFactory());
jmsTemplate.setExplicitQosEnabled(true);
//setting PuSubDomain to true configures JmsTemplate to work with topics instead of queues
jmsTemplate.setPubSubDomain(true);
jmsTemplate.setDeliveryMode(DeliveryMode.NON_PERSISTENT);
jmsTemplate.setDeliveryPersistent(true);
return jmsTemplate;
}
/**
* Initialise {#link DefaultJmsListenerContainerFactory} as required
*/
#Bean
public DefaultJmsListenerContainerFactory jmsListenerContainerFactory() throws JMSException {
DefaultJmsListenerContainerFactory factory = new DefaultJmsListenerContainerFactory();
factory.setConnectionFactory(artemisSSLConnectionFactory());
//setting PuSubDomain to true configures the DefaultJmsListenerContainerFactory to work with topics instead of queues
factory.setPubSubDomain(true);
return factory;
}
}
The artemis-users.properties file is as shown below
admin = ENC(1024...)
system=manager
user=password
guest=password
The artemis-roles.properties has the below roles defined
admins = admin
users=user
Admins and users have been given privileges in the broker.xml as shown below
<security-settings>
<security-setting match="#">
<permission type="createNonDurableQueue" roles="admins, users"/>
<permission type="deleteNonDurableQueue" roles="admins, users"/>
<permission type="createDurableQueue" roles="admins, users"/>
<permission type="deleteDurableQueue" roles="admins, users"/>
<permission type="createAddress" roles="admins, users"/>
<permission type="deleteAddress" roles="admins, users"/>
<permission type="consume" roles="admins, users"/>
<permission type="browse" roles="admins, users"/>
<permission type="send" roles="admins, users"/>
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="admins"/>
</security-setting>
</security-settings>
With the above setup any client with any truststore or username and password is able to connect to the broker on port 61617 and produce and consume messages. What am I missing that is allowing this to happen?
Here's what got things working.
Firstly, the login.config file on Artemis has a GuestLoginModule that this link says is chained to the PropertiesLoginModule and the guest module allows clients without credentials, or even invalid credentials to connect to the broker. Now, by default, the GuestLoginModule looks like this
org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient
debug=false
org.apache.activemq.jaas.guest.user="admin"
org.apache.activemq.jaas.guest.role="admins";
Notice that the guests are treated as admins. My artemis-users.properties file already has a guest user defined (as seen in my original post above), so I created a guests group in the artemis-roles.properties file and assigned this guest user to this group. I then changed the admin mapping in the GuestLoginModule so that the module would reference guests. The GuestLoginModule now looks like this:
org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule sufficient
debug=false
org.apache.activemq.jaas.guest.user="guest"
org.apache.activemq.jaas.guest.role="guests";
The security settings in the broker.xml file can be modified to accommodate guest functions as per one's relevant use case, mine doesn't have any use case for a guest user, so guests have no permissions.
Once this was done, I tried connecting to the broker and got the null cert chain exception. Fixed this by including the keystore in the connection factory config.
Because needClientAuth is set to true (dual auth is enabled), Artemis needs the clients to have the relevant keystore built by bundling the key pair derived from the root CA, so my connection factory configuration changed from
#Bean
public ActiveMQConnectionFactory artemisSSLConnectionFactory() {
ActiveMQConnectionFactory artemisConnectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61617?&" + "sslEnabled=true&" +
"trustStorePath=" + pathToTrustStore + "&trustStorePassword=changeit&needClientAuth=true");
artemisConnectionFactory.setUser("user");
artemisConnectionFactory.setPassword("password");
return artemisConnectionFactory;
}
to
#Bean
public ActiveMQConnectionFactory artemisSSLConnectionFactory() {
ActiveMQConnectionFactory artemisConnectionFactory = new ActiveMQConnectionFactory("tcp://localhost:61617?&" + "sslEnabled=true&" +
"trustStorePath=" + pathToTrustStore + "&trustStorePassword=changeit&keyStorePath="+ pathToKeystore +"&keyStorePassword=changeit&needClientAuth=true");
artemisConnectionFactory.setUser("user");
artemisConnectionFactory.setPassword("password");
return artemisConnectionFactory;
}
The only difference here is the addition of the keystore path and password. The broker did not connect when it was just the truststore in the config.
If one way auth is needed, just omit the needClientAuth field in the acceptor as it is set to false by default.
This is what finally worked.
Related
I run Red Hat middleware with CodeReady Studio 12.16.0.GA on standalone Spring-boot environment as local Camel context. I have local RabbitMQ running in Docker.
I have failed to setup any scenario using tutorials on web in/out JMS using Camel.
All tutorials don't use camel-context.xml configuration only pure java spring.
Please help me to configure camel-context.xml and all resource to use RabbitMQ or just any JMS.
Thanks in advance.
Here is simple camel-context.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd http://camel.apache.org/schema/spring https://camel.apache.org/schema/spring/camel-spring.xsd">
<camelContext id="camel" xmlns="http://camel.apache.org/schema/spring">
<route id="simple-route">
<from id="_to1" uri="jms:myQeue?connectionFactory=#myConnectionFactory&jmsMessageType=Text"/>
<log id="route-log" message=">>> ${body}"/>
</route>
</camelContext>
</beans>
and simple spring application to run it
package org.mycompany;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ImportResource;
#SpringBootApplication
#ImportResource({"classpath:spring/camel-context.xml"})
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
But it went to exception
Caused by: org.apache.camel.ResolveEndpointFailedException: Failed to resolve endpoint: jms://myQeue?connectionFactory=%23myConnectionFactory&jmsMessageType=Text due to: No bean could be found in the registry for: myConnectionFactory of type: javax.jms.ConnectionFactory
I have added registration of ConnectionFactory
ConnectionFactory myCF = new ConnectionFactory();
myCF.setUsername("guest");
myCF.setPassword("guest");
myCF.setVirtualHost("/");
myCF.setHost("localhost");
myCF.setPort(5672);
SimpleRegistry reg = new SimpleRegistry();
reg.put("myConnectionFactory", myCF);
CamelContext camContext = new DefaultCamelContext(reg);
but new exception arose I think because of using com.rabbitmq.client.ConnectionFactory
Caused by: org.apache.camel.FailedToCreateRouteException: Failed to create route simple-route: Route(simple-route)[[From[jms:queue:myQeue?connectionFactory... because of connectionFactory must be specified
How to define javax.jms.ConnectionFactory to registry?
Does ActiveMQ cluster (master-slave) offer high availability on failover mode?
I am publishing messages on a topic but when I kill active node and my consumer connect to the other node It loses several messages.
I need only topic mode, because I need to have different pods consuming messages at the same time. We have made test with durable messages and subscriptions wit we got the same problem.
If ActiveMQ doesn't support this functionality, is there other broker that could do this?
We have used Spring boot to develop sender and consumer apps.
SENDER:
To send messages we used and API REST that sends 5000 messages to a topic. If some convertAndSend fails (ActiveMQ node 1 killed) we retry it until the failover.
This is my sender class:
#RestController
public class RestApiController {
#Autowired
private JmsTemplate jmsTemplate;
#RequestMapping(value = "/produce")
public String produce() {
String result = "Done";
for (int i = 0; i < 5000; i++) {
boolean repetir = true;
while (repetir) {
try {
jmsTemplate.convertAndSend("TestTopic", "Message " + i);
repetir = false;
result = "Done";
} catch (JmsException e) {
e.printStackTrace();
result = "ERROR";
}
}
}
return result;
}
}
This is de sender's application.properties:
spring.activemq.broker-url=failover:(tcp://172.18.13.45:61616,tcp://172.18.13.45:61626)?initialReconnectDelay=1&backup=true spring.activemq.user=admin
spring.activemq.password=admin
spring.jms.pub-sub-domain=true
server.port=8081
CONSUMER:
This is my listener class:
#Service
public class ContactTransactionReceiver {
#JmsListener(destination = "TestTopic")
public void receiveMessageSendMessage(Message message) throws Exception {
System.out.println(((TextMessage) message).getText());
}
}
This is the consumer's application.properties:
spring.activemq.broker-url=failover:(tcp://172.18.13.45:61616,tcp://172.18.13.45:61626)?initialReconnectDelay=1&backup=true
spring.activemq.user=admin
spring.activemq.password=admin
spring.jms.pub-sub-domain=true
server.port=8082
ACTIVEMQ NODE 1
We have included this configuration in activemq.xml for HA, that refers to node2:
<persistenceAdapter>
<kahaDB directory="${activemq.data}/kahadb"/>
</persistenceAdapter>
<networkConnectors>
<networkConnector uri="static:(tcp://172.18.13.45:61616,tcp://172.18.13.45:61626)" />
</networkConnectors>
We have proved too master-slave:
<persistenceAdapter>
<kahaDB directory="${activemq.data}/kahadb"/>
</persistenceAdapter>
<networkConnectors>
<networkConnector uri="masterslave:(tcp://172.18.13.45:61616,tcp://172.18.13.45:61626)" />
</networkConnectors>
ACTIVEMQ NODE 2
We have included this configuration in activemq.xml for HA, that refers to node2:
<persistenceAdapter>
<kahaDB directory="${activemq.data}/kahadb"/>
</persistenceAdapter>
<networkConnectors>
<networkConnector uri="static:(tcp://172.18.13.45:61626,tcp://172.18.13.45:61616)" />
</networkConnectors>
We have proved too master-slave:
<persistenceAdapter>
<kahaDB directory="${activemq.data}/kahadb"/>
</persistenceAdapter>
<networkConnectors>
<networkConnector uri="masterslave:(tcp://172.18.13.45:61626,tcp://172.18.13.45:61616)" />
</networkConnectors>
You can find the full code and ActiveMQ configuration files in:
https://github.com/PedroRamirezTOR/ActiveMQ-HA-Sender-Consumer.git
Thanks in advance!
ActiveMQ 5.x does support high availability via a master-slave configuration. See the documentation for more details.
I noticed in your xmls that both master & slave are referring to a local KashaDB. I believe to have true HA Failover, you need to reference a shared network drive.
http://activemq.apache.org/shared-file-system-master-slave
<persistenceAdapter>
<kahaDB directory="/sharedFileSystem/sharedBrokerData"/>
</persistenceAdapter>
I am trying to implement a module to send messages from a CXF client to a server (SOAP endpoint) using HTTPS. I am able to achieve this by following the guide here: https://camel.apache.org/how-to-switch-the-cxf-consumer-between-http-and-https-without-touching-the-spring-configuration.html
The following configuration is key:
<ctx:property-placeholder location="classpath:orderEntry.cfg" />
<!-- other properties -->
<http:conduit name="{http://www.company.com/product/orderEntry/service/1}OrderEntry.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="${trustStore.password}" file="${trustStore.file}"/>
</sec:trustManagers>
<!-- other config -->
</http:tlsClientParameters>
</http:conduit>
The above configuration refers to a config file that has these properties stored:
orderEntry.cfg
--------------
endpointUri=https://localhost:8181/OrderEntry
trustStore.password=password
trustStore.file=etc/myApp.ts
As noted earlier, I am able to send messages via https when I follow the guide.
But I am concerned about the password being stored in plain text here. Is there a way that I can have the password wired from Java code (which can probably read the password from an encrypted source) and provide it to the http conduit when it needs it?
Have you tried location attribute value with file prefix?
E.g. location="file:/my/custom/location/orderEntry.cfg"
See: https://stackoverflow.com/a/17303537
Update:
If it works with your custom bean, you can try create trust managers as a bean and inject it into the conduit configuration like bellow:
blueprint.xml
<bean id="serviceTrustManager"
class="my.app.security.KeyStores" factory-method="loadTrustManagers">
<argument index="0" value="${my.app.service.trustStorePath}"/>
<argument index="1" value="${my.app.service.trustStoreEncryptedPassword}"/>
</bean>
<http:conduit name="{http://www.company.com/product/orderEntry/service/1}OrderEntry.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers ref="serviceTrustManager"/>
</http:tlsClientParameters>
</http:conduit>
Java code:
public class KeyStores {
public static TrustManager[] loadTrustManagers(String trustStorePath, String trustStoreEncryptedPassword) {
String trustStoreDecryptedPassword = PasswordDescriptor.decryptPassword(trustStoreEncryptedPassword); //Password decryption logic here
KeyStore trustStore = KeyStores.loadKeyStore("JKS", trustStorePath, trustStoreDecryptedPassword); //IO logic here
TrustManagerFactory trustFactory;
try {
trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
} catch (NoSuchAlgorithmException | KeyStoreException ex) {
throw new IllegalStateException(ex);
}
return trustFactory.getTrustManagers();
}
}
I have a Liberty JAX-RS 2.0 Application on Bluemix. My goal is to use the Bluemix Session Cache Service as a central session storage.
In my interface, I inject the HttpRequest object like this:
#Path("/resource")
public class MyResource {
#Post
public Response myOperation(..., #Context final HttpServletRequest httpRequest) {
...
}
}
This runs fine with just Liberty on its own (without Session Cache Binding on Bluemix). I do not even access the httpRequest in my test app, nor do I access httpRequest.getSession(). Once I bind the Session Cache service to the Liberty App and restage the app, I get the following upon calling the API:
java.lang.NullPointerException:
at com.ibm.ws.xs.sessionmanager.IBMHttpSessionListener.attributeAdded(IBMHttpSessionListener.java:265)
at com.ibm.ws.session.http.HttpSessionAttributeObserver.sessionAttributeSet(HttpSessionAttributeObserver.java:141)
at [internal classes]
at org.jboss.weld.context.AbstractConversationContext.copyConversationIdGeneratorAndConversationsToSession(AbstractConversationContext.java:188)
at org.jboss.weld.context.AbstractConversationContext.sessionCreated(AbstractConversationContext.java:196)
at org.jboss.weld.servlet.ConversationContextActivator.sessionCreated(ConversationContextActivator.java:190)
at [internal classes]
As requested, the server.xml - which is generated by Bluemix on deployment.
<server>
<featureManager>
<feature>jaxrs-2.0</feature>
<feature>jsonp-1.0</feature>
<feature>couchdb-1.0</feature>
<feature>ejb-3.2</feature>
<feature>cdi-1.2</feature>
<feature>icap:managementConnector-1.0</feature>
<feature>appstate-1.0</feature>
<feature>cloudAutowiring-1.0</feature>
<feature>eXtremeScale.webapp-1.1</feature>
</featureManager>
<application name='myapp' location='myapp.war' type='war' context-root='some-app'>
<classloader commonLibraryRef='cloudantNoSQLDB-library'/>
</application>
<cdi12 enableImplicitBeanArchives='false'/>
<httpEndpoint id='defaultHttpEndpoint' host='*' httpPort='${port}'/>
<webContainer trustHostHeaderPort='true' extractHostHeaderPort='true'/>
<include location='runtime-vars.xml'/>
<logging logDirectory='${application.log.dir}' consoleLogLevel='INFO'/>
<httpDispatcher enableWelcomePage='false'/>
<applicationMonitor dropinsEnabled='false' updateTrigger='mbean'/>
<config updateTrigger='mbean'/>
<appstate appName='myapp' markerPath='${home}/../.liberty.state'/>
<couchdb id='cloudantNoSQLDB-ith-auth-db' jndiName='couchdb/ith-auth-db' libraryRef='cloudantNoSQLDB-library' username='${cloud.services.ith-auth-db.connection.username}' password='${cloud.services.ith-auth-db.connection.password}' url='${cloud.services.ith-auth-db.connection.url}' enableSSL='true' host='${cloud.services.ith-auth-db.connection.host}' port='${cloud.services.ith-auth-db.connection.port}'/>
<library id='cloudantNoSQLDB-library'>
<fileset id='cloudantNoSQLDB-fileset' dir='${server.config.dir}/lib' includes='commons-codec-1.6.jar commons-io-2.0.1.jar commons-logging-1.1.3.jar httpclient-4.3.6.jar httpclient-cache-4.3.6.jar httpcore-4.3.3.jar jackson-annotations-2.2.2.jar jackson-core-2.2.2.jar jackson-databind-2.2.2.jar jcl-over-slf4j-1.6.6.jar org.ektorp-1.4.2.jar slf4j-api-1.6.6.jar slf4j-jdk14-1.6.6.jar'/>
</library>
<xsWebApp id='session-cache' objectGridName='${cloud.services.session-cache.connection.gridName}' catalogHostPort='${cloud.services.session-cache.connection.catalogEndPoint}' credentialGeneratorClass='com.ibm.websphere.objectgrid.security.plugins.builtins.UserPasswordCredentialGenerator' credentialGeneratorProps='${cloud.services.session-cache.connection.username} ${cloud.services.session-cache.connection.password}' objectGridType='REMOTE' securityEnabled='true'/>
So I guess something goes wrong with injecting the HttpRequest... how can I solve this?
I have super simple scenario: one broker and one consumer with durable subscription.
This is the code of my consumer app:
package test;
import javax.jms.Connection;
import javax.jms.ConnectionFactory;
import javax.jms.Destination;
import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.MessageConsumer;
import javax.jms.MessageListener;
import javax.jms.Session;
import javax.jms.TextMessage;
import javax.jms.Topic;
import org.apache.activemq.ActiveMQConnectionFactory;
import pojo.Event;
import pojo.StockUpdate;
public class Consumer
{
private static transient ConnectionFactory factory;
private transient Connection connection;
private transient Session session;
public static int counter = 0;
public Consumer(String brokerURL) throws JMSException
{
factory = new ActiveMQConnectionFactory(brokerURL);
connection = factory.createConnection();
connection.setClientID("CLUSTER_CLIENT_1");
connection.start();
session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
}
public void close() throws JMSException
{
if (connection != null)
{
connection.close();
}
}
public static void main(String[] args) throws JMSException
{
try
{
// extract topics from the rest of arguments
String[] topics = new String[2];
topics[0] = "CSCO";
topics[1] = "ORCL";
// define connection URI
Consumer consumer = new Consumer("failover:(tcp://localhost:61616)?maxReconnectAttempts=-1&useExponentialBackOff=true");
for (String stock : topics)
{
try
{
Destination destination = consumer.getSession().createTopic("STOCKS." + stock);
// consumer.getSession().
MessageConsumer messageConsumer = consumer.getSession().createDurableSubscriber((Topic) destination, "STOCKS_DURABLE_CONSUMER_" + stock);
messageConsumer.setMessageListener(new Listener());
}
catch (JMSException e)
{
e.printStackTrace();
}
}
}
catch (Throwable t)
{
t.printStackTrace();
}
}
public Session getSession()
{
return session;
}
}
class Listener implements MessageListener
{
public void onMessage(Message message)
{
try
{
TextMessage textMessage = (TextMessage) message;
String json = textMessage.getText();
Event event = StockUpdate.fromJSON(json, StockUpdate.class);
System.out.println("Consumed message #:" + ++Consumer.counter + "\n" + event);
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
Here is my activemq.xml
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<!-- Allows us to use system properties as variables in this configuration file -->
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${activemq.conf}/credentials.properties</value>
</property>
</bean>
<!--
The <broker> element is used to configure the ActiveMQ broker.
-->
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="R6_cluster_broker1" persistent="true">
<networkConnectors>
<networkConnector uri="static:(failover:(tcp://remote_master:61616,tcp://remote_slave:61617))"/>
</networkConnectors>
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" >
<!-- The constantPendingMessageLimitStrategy is used to prevent
slow topic consumers to block producers and affect other consumers
by limiting the number of messages that are retained
For more information, see:
http://activemq.apache.org/slow-consumer-handling.html
-->
<pendingMessageLimitStrategy>
<constantPendingMessageLimitStrategy limit="1000"/>
</pendingMessageLimitStrategy>
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>
<!--
The managementContext is used to configure how ActiveMQ is exposed in
JMX. By default, ActiveMQ uses the MBean server that is started by
the JVM. For more information, see:
http://activemq.apache.org/jmx.html
-->
<managementContext>
<managementContext createConnector="false"/>
</managementContext>
<!--
Configure message persistence for the broker. The default persistence
mechanism is the KahaDB store (identified by the kahaDB tag).
For more information, see:
http://activemq.apache.org/persistence.html
-->
<persistenceAdapter>
<kahaDB directory="/work/temp/kahadb"/>
</persistenceAdapter>
<!--
The systemUsage controls the maximum amount of space the broker will
use before disabling caching and/or slowing down producers. For more information, see:
http://activemq.apache.org/producer-flow-control.html
-->
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage percentOfJvmHeap="70" />
</memoryUsage>
<storeUsage>
<storeUsage limit="100 gb"/>
</storeUsage>
<tempUsage>
<tempUsage limit="50 gb"/>
</tempUsage>
</systemUsage>
</systemUsage>
<!--
The transport connectors expose ActiveMQ over a given protocol to
clients and other brokers. For more information, see:
http://activemq.apache.org/configuring-transports.html
-->
<transportConnectors>
<!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<!-- <transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/> -->
</transportConnectors>
<!-- destroy the spring context on shutdown to stop jetty -->
<shutdownHooks>
<bean xmlns="http://www.springframework.org/schema/beans" class="org.apache.activemq.hooks.SpringContextHook" />
</shutdownHooks>
</broker>
<!--
Enable web consoles, REST and Ajax APIs and demos
The web consoles requires by default login, you can disable this in the jetty.xml file
Take a look at ${ACTIVEMQ_HOME}/conf/jetty.xml for more details
-->
<import resource="jetty.xml"/>
</beans>
When I have both broker and consumer running and then stop the broker my consumer exits few moments after. As far I understood it must attempt to reconnect, but it is not the case. What am I doing wrong, please advise.
!NOTE! I launch my consumer in Eclipse, i do not build a standalone jar for this task.
I have updated my broker to the latest 5.9.1 and did the same to my consumer. Result is the same - after I stop the broker my consumer dies few seconds after. It works fine if broker is up and running.
For anyone who can't setup the failover via the URI/URL parameter in the ConnectionFactory ,because of schema not found in ARTEMIS :
As far as I know in the ActiveMQ the URL is the following:
failover:(tcp://localhost:61616,tcp://localhost:51516)?randomize=false
But in Artemis the above will fail ,because of schema not found so remove just the failover: prefix:
(tcp://localhost:61616,tcp://localhost:51516)?randomize=false
Alright, the problem was actually in my code: there was nothing that would prevent main thread from exiting. Since thread that implements failover is a daemon thread, consumer app terminated right after there was nothing to hold on to (no non-daemon threads).
Most likely you are using a version of ActiveMQ that has a bug which causes there to be all daemon threads which means there's nothing to keep the client running. Upgrade to a later version such as v5.9.1 and see if that helps. If not post more information as you haven't really provided much.