configuring username and password in jndi properties for ActiveMQ - spring

I have the below spring configuration to connect to ActiveMQ:
<bean id="connectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL" value="tcp://10.3.2.3:61616" />
<property name="userName"
value="Platform.user.consumer" />
<property name="password" value="Test123"></property>
<property name="redeliveryPolicy">
<bean class="org.apache.activemq.RedeliveryPolicy">
<property name="maximumRedeliveries" value="7" />
</bean>
</property>
</bean>
I want to configure the properties in the external property file and want to load using JNDI. I have configured the JNDI parameters inside the properties like below:
#Active MQ properties
java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory
java.naming.provider.url=tcp://localhost:61616
connectionFactoryNames=connectionFactory
#register the queue in the JNDI using the below form
#queue.[queueName]=
queue.myQueue=com.inputqueue
How can I configure the Platform.user.consumer and password property in the properties file. Please let me know since this is not mentioned in the documentation of Active MQ

If you use jndi InitialContext i think you will loose the power of spring to configure the factory...
But you can load these properties like pwd or user or any property from properties file like this if this what you need
http://docs.spring.io/autorepo/docs/spring-framework/3.2.17.RELEASE/javadoc-api/org/springframework/beans/factory/config/PropertyPlaceholderConfigurer.html
Like this you can use ${password} to be replaced with the value "Test123" of the key "password" from springcontext.properties
Eg :
password=Test123

Related

JaxWsPortProxyFactoryBean to bypass SSL checks

I have an Spring Proxy as a client to access some WS:
<bean id="clientPort" class="org.springframework.remoting.jaxws.JaxWsPortProxyFactoryBean">
<property name="serviceInterface" value="com.acme.IClient"/>
<property name="serviceName" value="sercie"/>
<property name="endpointAddress" value="https://com.acme.IService"/>
<!-- ... -->
</bean>
<bean id="client" class="com.acme.Client">
<property name="theClientPort" ref="clientPort"/>
</bean>
Since it runs in JBoss, i know it uses CXF, now i want to bypass SSL checks, presumably with a HttpConduit, but i cannot setup system variables nor affect the configuration for the rest of CXF clients.
If i could access the object in code i would setup the HttpConduit, but ((Advised) proxy).getTargetSource().getTarget() returns null, (maybe i'm missing some configuration in web.xml)

Spring Configuration for JMS (Websphere MQ - SSL, Tomcat, JNDI, Non IBM JRE)

Background:
I have a relatively old application that uses Websphere MQ for messaging. It runs on WAS (Websphere Application Server) and uses MDBs (Message Driven Beans). I was successfully able to replace all MDBs using Spring Integration - JMS. My next step is try to see if I can port it out of WAS so that it can run on any other servlet container with a non-IBM JRE (I am trying: apache tomcat). Note that securing channels using SSL is a requirement. I prefer using JNDI.
End Goal:
To decouple my application from the application server (WAS) and other infrastructure like messaging (MQ). But taking this out of WAS onto tomcat is the first step. Next comes the task of updating my messaging infrastructure with something more scalable. This allows me to update individual components of the infrastructure that my app relies on, one thing at a time (app server, messaging layer, datastore) without disrupting my application too much, as I go.
Question:
Now, my challenge is to define JNDI resources on tomcat that can access Websphere MQ. I have made some progress on this using non-SSL channels that I defined in the context.xml file like so:
<Resource
name="jms/qcf_sandbox"
auth="Container"
type="com.ibm.mq.jms.MQQueueConnectionFactory"
factory="com.ibm.mq.jms.MQQueueConnectionFactoryFactory"
description="JMS Queue Connection Factory for sending messages"
HOST="localhost"
PORT="1414"
CHAN="CHANNEL_SANDBOX"
TRAN="1"
QMGR="QM_SANDBOX"/>
<Resource
name="jms/SandboxQ"
auth="Container"
type="com.ibm.mq.jms.MQQueue"
factory="com.ibm.mq.jms.MQQueueFactory"
description="JMS Queue"
QU="SANDBOX_Q"/>
My next step is to get this to work with SSL channels. I understand the part that involves setting up the keystores (kdb file and cert generation and exchanging), configuring the SSL channels on the QM etc. I have all that working already. How do I get tomcat to use my keystore, cipher suite etc? Pointers or a working example would be great!
Note: I am using Spring Integration 4.2, Websphere MQ v8, Tomcat v9, currently.
I must add that I did try everything without the JNDI first. So here's my spring jms non-ssl config without the JNDI, that works:
<bean id="mq-jms-cf-sandbox"
class="org.springframework.jms.connection.SingleConnectionFactory">
<property name="targetConnectionFactory">
<ref bean="mqQueueConnectionFactory" />
</property>
</bean>
<bean id="mqQueueConnectionFactory" class="com.ibm.mq.jms.MQQueueConnectionFactory">
<property name="hostName" value="localhost" />
<property name="port" value="1414" />
<property name="queueManager" value="QM_SANDBOX" />
<property name="transportType" value="1" />
<property name="channel" value="CHANNEL_SANDBOX" />
</bean>
<bean id="jms-destination-sandbox" class="com.ibm.mq.jms.MQQueue">
<constructor-arg value="SANDBOX_Q" />
<property name="baseQueueManagerName">
<value>QM_SANDBOX</value>
</property>
<property name="baseQueueName">
<value>SANDBOX_Q</value>
</property>
</bean>
I think I finally figured out how to pull this off... here's a brief description of the steps. If you need more details let me know.
Pre-reqs:
Websphere MQ Server installed (at least v 8.0.0.2)
Configure the QM, SSL and non-SSL channels, create Qs and all that good stuff you need.
Needless to say, you need the Websphere MQ jars. Be mindful of any licensing restrictions.
Step 1: Get the direct connection working with no SSL, no JNDI. You will need to use these beans to configure your spring based JMS listeners and JMS Templates etc.
<bean id="mq-jms-cf-sandbox"
class="org.springframework.jms.connection.SingleConnectionFactory">
<property name="targetConnectionFactory">
<ref bean="mqQueueConnectionFactory" />
</property>
</bean>
<bean id="mqQueueConnectionFactory" class="com.ibm.mq.jms.MQQueueConnectionFactory">
<property name="hostName" value="localhost" />
<property name="port" value="1414" />
<property name="queueManager" value="QM_SANDBOX" />
<property name="transportType" value="1" />
<property name="channel" value="NON_SSL_CHANNEL" />
</bean>
<bean id="jms-destination-sandbox" class="com.ibm.mq.jms.MQQueue">
<constructor-arg value="SANDBOX_Q" />
<property name="baseQueueManagerName">
<value>QM_SANDBOX</value>
</property>
<property name="baseQueueName">
<value>SANDBOX_Q</value>
</property>
</bean>
Step 2: Get the direct connection working with SSL, no JNDI. I found setting this up a little tricky.
2a. Since I was using a non-IBM JRE, I had to make sure the cipher specs & cipher suites needed to be configured according to the mappings specified here:
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66840
This obviously means that we at least have to have our Websphere MQ upgraded to 8.0.0.2. In my case I used ECDHE_RSA_AES_256_GCM_SHA384 on the SSL channel and configured the jms beans within application to use TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, like so:
<bean id="mq-jms-cf-sandbox"
class="org.springframework.jms.connection.SingleConnectionFactory">
<property name="targetConnectionFactory">
<ref bean="mqQueueConnectionFactory" />
</property>
</bean>
<bean id="mqQueueConnectionFactory" class="com.ibm.mq.jms.MQQueueConnectionFactory">
<property name="hostName" value="localhost" />
<property name="port" value="1414" />
<property name="queueManager" value="QM_SANDBOX" />
<property name="transportType" value="1" />
<property name="channel" value="SSL_CHANNEL" />
<property name="SSLCipherSuite" value="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"/>
</bean>
<bean id="jms-destination-sandbox" class="com.ibm.mq.jms.MQQueue">
<constructor-arg value="SANDBOX_Q" />
<property name="baseQueueManagerName">
<value>QM_SANDBOX</value>
</property>
<property name="baseQueueName">
<value>SANDBOX_Q</value>
</property>
</bean>
2b. Create certs, keystores (kdbs), exchange certs etc. There are many ways to do this. But be mindful that you will need to stash passwords, the key label for the queue manager must be ‘ibmwebspheremqqmgr’ – all in lower case, no spaces, (without quotes), the key label must be like ‘ibmwebspheremquserid’ – all in lower case, no spaces, (without quotes) where userid is the userid that runs tomcat. If you need more details on exactly how I did it using self signed certs, let me know.
2c. Now you have to get the JVM that tomcat runs, to read your keystores. There are many ways but here's how I did it:
Create a setenv.bat file in the tomcat bin folder, with the following contents (debugging SSL is optional)
set JAVA_OPTS="-Djavax.net.ssl.trustStore=C:\path-to-keystore\key.jks" "-Djavax.net.ssl.trustStorePassword=topsecret" "-Djavax.net.ssl.keyStore=C:\path-to-keystore\key.jks" "-Djavax.net.ssl.keyStorePassword=topsecret" "-Djavax.net.debug=ssl" "-Dcom.ibm.mq.cfg.useIBMCipherMappings=false"
2d. Start tomcat using the following command:
catalina.bat run > ..\logs\tomcat.log 2>&1
To stop, just press ctrl+c (on windows). Whichever way you do it, make sure that setenv.bat is used during start up. Or use JAVA_OPTS to set the keystore properties.
2e. Verify that the using the SSL channel works.
Step 3: Get a JNDI connection working with non-SSL, JNDI
There are many was to set up JNDI on tomcat. Here's how I did it: Within the web application create a file META-INF/Context.xml with the following contents:
<Resource
name="jms/qcf_sandbox"
auth="Container"
type="com.ibm.mq.jms.MQQueueConnectionFactory"
factory="com.ibm.mq.jms.MQQueueConnectionFactoryFactory"
description="JMS Queue Connection Factory for sending messages"
HOST="localhost"
PORT="1414"
CHAN="NON_SSL_CHANNEL"
TRAN="1"
QMGR="QM_SANDBOX"/>
<Resource
name="jms/SandboxQ"
auth="Container"
type="com.ibm.mq.jms.MQQueue"
factory="com.ibm.mq.jms.MQQueueFactory"
description="JMS Queue"
QU="SANDBOX_Q"/>
Now in your spring config, instead of the direct configurations, all you have to do is:
<jee:jndi-lookup id="mq-jms-cf-sandbox" jndi-name="java:/comp/env/jms/qcf_sandbox" resource-ref="false" />
<jee:jndi-lookup id="jms-destination-sandbox" jndi-name="java:/comp/env/jms/SandboxQ" resource-ref="false" />
Note that for brevity, I just didn't use resource references. In case you do, there a few additional steps which are straight forward.
Step 4: Now the final step is to use an SSL channel and JNDI. Assuming you have done step 2, this is easy. Modify the META-INF/Context.xml with the following contents:
<Resource
name="jms/qcf_sandbox"
auth="Container"
type="com.ibm.mq.jms.MQQueueConnectionFactory"
factory="com.ibm.mq.jms.MQQueueConnectionFactoryFactory"
description="JMS Queue Connection Factory for sending messages"
HOST="localhost"
PORT="1414"
CHAN="SSL_CHANNEL"
TRAN="1"
QMGR="QM_SANDBOX"
SCPHS="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"/>
<Resource
name="jms/SandboxQ"
auth="Container"
type="com.ibm.mq.jms.MQQueue"
factory="com.ibm.mq.jms.MQQueueFactory"
description="JMS Queue"
QU="SANDBOX_Q"/>
Note the line with SCPHS="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384". If you need to set other such parameters, see the "Short Form" column in this link:
https://www.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.ref.dev.doc/q111800_.htm%23jm10910_?lang=en
Hopefully all this works for you. Good luck!
Once this configuration works, sending messages is pretty straight forward. But this is how you can listen for a message on a queue using Spring JMS
Reference: https://docs.spring.io/spring/docs/current/spring-framework-reference/html/jms.html
Step 1: Use Spring's DefaultMessageListenerContainer and configure your beans in an xml file like so (spring-beans.xml):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<!-- this is the Message Driven POJO (MDP) -->
<bean id="messageListener" class="jmsexample.ExampleListener" />
<!-- and this is the message listener container -->
<bean id="jmsContainer" class="org.springframework.jms.listener.DefaultMessageListenerContainer">
<property name="connectionFactory" ref="mq-jms-cf-sandbox"/>
<property name="destination" ref="jms-destination-sandbox"/>
<property name="messageListener" ref="messageListener" />
</bean>
</beans>
Step 2: Add this to your web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/context/spring-beans.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
Step 3: Write a Message Listener class like so:
import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.MessageListener;
import javax.jms.TextMessage;
public class ExampleListener implements MessageListener {
public void onMessage(Message message) {
if (message instanceof TextMessage) {
try {
System.out.println(((TextMessage) message).getText());
}
catch (JMSException ex) {
throw new RuntimeException(ex);
}
}
else {
throw new IllegalArgumentException("Message must be of type TextMessage");
}
}
}
Alternatively, instead of step 3, if you are using spring integration, you can do something like so:
<int:channel id="jms-inbound"/>
<int-jms:message-driven-channel-adapter
id="jms-inbound-adapter" container="jmsContainer" channel="jms-inbound"
extract-payload="true" acknowledge="transacted"
message-converter="messagingMessageConverter" />
<beans:bean id="messagingMessageConverter" class="org.springframework.jms.support.converter.MessagingMessageConverter">
</beans:bean>

How to set rabbitmq connection properties using JNDI variables in Spring xml config?

I have an application in Spring with is using RabbitMQ. I'm using xml based context configuration and rabbit namespace in this xml.
So far it looked as this:
<rabbit:connection-factory id="rabbitConnectionFactory" host="localhost" port="5672"/>
but now I want to use JNDI variables for host and port properties.
I know how to use JNDI when I have "classic" bean definitions but I have know idea how to use JNDI and rabbit namespace at the same time.
I wasn't able to define any child elements of rabbit:connection element. I get an error saying that it can't have any child nodes.
Any help appreciated :)
EDIT
This is how I use JNDI lookup in "standard" beans (with no special namespace)
<bean id="connector" class="com.foo.ConnectionProvider">
<constructor-arg name="url">
<jee:jndi-lookup expected-type="java.lang.String" jndi-name="java:comp/env/service/url"/>
</constructor-arg>
</bean>
And in META-INF/context.xml:
<ResourceLink name="service/url" global="service/url" type="java.lang.String"/>
But as I said I don't know how to accomplish it using rabbit namespace. Have tried googling with no success..
I figured out I can use "standard" bean definition. I'm not completely happy with the solution, but at least, it works.
<bean id="rabbitConnectionFactory" class="org.springframework.amqp.rabbit.connection.CachingConnectionFactory">
<constructor-arg name="hostname" >
<jee:jndi-lookup expected-type="java.lang.String"
jndi-name="java:comp/env/rabbit/host"/>
</constructor-arg>
<constructor-arg name="port" >
<jee:jndi-lookup expected-type="java.lang.Integer"
jndi-name="java:comp/env/rabbit/port"/>
</constructor-arg>
<property name="username" value="guest"/>
<property name="password" value="guest"/>
</bean>
<rabbit:template id="amqpTemplate" connection-factory="rabbitConnectionFactory" exchange="mcs-notifications.topic"/>
<rabbit:admin connection-factory="rabbitConnectionFactory"/>
Another option is to use RMQConnectionFactory
<Resource name="jms/rabbitConnectionFactory" type="com.rabbitmq.jms.admin.RMQConnectionFactory"
factory="org.apache.naming.factory.BeanFactory" username="guest"
password="guest" />

JNDI binding in JBOss for MQ

I need a little bit of help in configuring JBoss to work with MQ. I have created initial context in MQ using IBM MQ Explorer and have given a local directory for all bindings like file:/C:/jndi. I have created a connection factory for this initial context. Now JBoss documentation says to bind like this
<connection-definition class-name="com.ibm.mq.connector.outbound.ManagedConnectionFactoryImpl"
jndi-name="java:jboss/MQ.CONNECTIONFACTORY.NAME"
pool-name="MQ.CONNECTIONFACTORY.NAME">
I think I am missing some point here. How do I tell Jboss that my InitialContext bindings are in a directory. I have tried most of the combinations. May be I am not getting the concept right. Any pointers ?
When I try to access this MQ.CONNECTIONFACTORY.NAME from a test servlet I wrote I get javax.naming.NameNotFoundException . If I follow same steps in Java SE environment I am successfully able to establish a connection. I am new to application servers and the question might be naive
Regards
The description of the resources created via MQExplorer suggest that these have been put into JNDI backed by a File System context. This is perfectly fine, but what in theory needs to be done now is get JBOSS to read objects out that JNDI context rather than the usual JNDI provider provided by JBOSS. The settings that are in the connection definition extract are using the standard JBOSS JNDI context.
As an example of using JBOSS with the WebSphere MQ Resoruce Adapter have a look here http://pic.dhe.ibm.com/infocenter/wmqv7/v7r5/topic/com.ibm.mq.dev.doc/q031810_.htm
This links to an example set of definitions that store WMQ JMS administered objects in the JBOSS JNDI context.
This is an important question. I have used Spring for this, like this:
<util:properties id="remoteEnv">
<prop key="java.naming.provider.url">file:${my.config.path}/bindings</prop>
<prop key="java.naming.factory.url.pkgs">org.jboss.naming:org.jboss.naming.remote.client</prop>
<prop key="java.naming.factory.initial">com.sun.jndi.fscontext.RefFSContextFactory</prop>
<prop key="java.naming.security.principal">${mdb.user.name}</prop>
<prop key="java.naming.security.credentials">${mdb.user.pass}</prop>
</util:properties>
<bean id="remoteJNDITemplate" class="org.springframework.jndi.JndiTemplate">
<property name="environment" ref="remoteEnv" />
</bean>
<bean id="remoteJmsDestinationResolver" class="org.springframework.jms.support.destination.JndiDestinationResolver">
<property name="jndiTemplate" ref="remoteJNDITemplate" />
<property name="cache" value="true" />
</bean>
<jee:jndi-lookup id="senderQueue" jndi-name="MY_QUEUE_NAME" environment-ref="remoteEnv" />
<bean id="xamqconnectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiTemplate">
<ref bean="remoteJNDITemplate"/>
</property>
<property name="jndiName" value="MYCONNECTIONFACTORYJNDINAME"/>
<property name="lookupOnStartup" value="false" />
<property name="proxyInterface" value="javax.jms.XAQueueConnectionFactory" />
</bean>
<bean id="xaMQSenderJMSTemplate" class="org.springframework.jms.core.JmsTemplate">
<property name="connectionFactory">
<ref bean="xamqconnectionFactory" />
</property>
<property name="pubSubDomain">
<value>false</value>
</property>
<property name="defaultDestination">
<ref bean="senderQueue" />
</property>
<property name="destinationResolver" ref="remoteJmsDestinationResolver" />
</bean>
however using the configuration above we bypass the resource adapter. That's no problem otherwise but it prevents transactions from joining the JBoss transaction, so JMS messages are send immediately, not with transaction commit. I haven't found a fix for that yet.
com.sun.jndi.fscontext.RefFSContextFactory, that is used to read .bindings file, can be found at this dependency:
<dependency>
<groupId>com.sun.messaging.mq</groupId>
<artifactId>fscontext</artifactId>
<version>4.6-b01</version>
</dependency>

Passing encrypted properties to spring context

I never seen this but I wondering if somebody has come across. Having a web server which access a database. I want to pass the database password encrypted and have spring context decrypting it before setting the datasource. I know the spring security can do some of this like using a salt file in the web server, etc.
The challenge here is that I don't want to give a clear user,password,url to the web server team. Just an encrypted password and have spring decrypted before using it.
Is there something like this already? I know I could code something but is it already done?
Thanks
By using an org.jasypt.properties.EncryptableProperties object, an application would be able to correctly read and use a .properties file like this:
datasource.driver=com.mysql.jdbc.Driver
datasource.url=jdbc:mysql://localhost/reportsdb
datasource.username=reportsUser
datasource.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm)
Note that the database password is encrypted (in fact, any other property could also be encrypted, be it related with database configuration or not).
More information :
http://www.jasypt.org/encrypting-configuration.html
I actually found exactly what I was looking for in this thread:
How to use encrypted password in apache BasicDataSource?
Here are the details from jasyp http://www.jasypt.org/spring3.html
This problem and solution to it is explained here..(link)
db.Properties.
#driverClassName=oracle.jdbc.driver.OracleDriver
#url=jdbc:oracle:thin:#localhost:1521:XE
#username=ITEM_INVENTORY
driverClassName=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/ITEM_INVENTORY?zeroDateTimeBehavior=convertToNull
username=root
Encrypt db.Properties
##password=cGFzc3dvcmQ=
password=cm9vdA==
The spring beans configuration for the datasource would look like this
(here you may use only password part)
spring-beans.xml
<bean id="dataSource" destroy-method="close" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName" value="db#[driverClassName]" />
<property name="url" value="db#[url]" />
<property name="username" value="db#[username]" />
<property name="password" value="encryptedDb#[password]" />
</bean>
<bean id="dbPropertyPlaceholder" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:db.properties</value>
</list>
</property>
<property name="placeholderPrefix" value="db#[" />
<property name="placeholderSuffix" value="]" />
</bean>
<bean id="encryptedDbPropertyPlaceholder" class="com.inventory.api.util.DecryptPropertyConfigurer">
<property name="locations">
<list>
<value>classpath:encryped_db.properties</value>
</list>
</property>
<property name="placeholderPrefix" value="encryptedDb#[" />
<property name="placeholderSuffix" value="]" />
</bean>
And so on.. please refer given link for more information..

Resources