By default, a queue in ActiveMQ can be accessed without providing any credentials. However, in real world scenarios, you will have to deal with secured queues. So in this blog, I will explain how we can enable security for ActiveMQ and what configurations are required to be done in WSO2 ESB.
Pr-requisites - Enable the JMS transport for WSO2 ESB as explained in [1].
Step 1 - Secure the ActiveMQ instance with credentials.
To do this, add the below configuration to the activemq.xml under the <broker> tag and start the server.
<plugins>
<simpleAuthenticationPlugin anonymousAccessAllowed="true">
<users>
<authenticationUser username="system" password="system" groups="users,admins"/>
<authenticationUser username="admin" password="admin" groups="users,admins"/>
<authenticationUser username="user" password="user" groups="users"/>
<authenticationUser username="guest" password="guest" groups="guests"/>
</users>
</simpleAuthenticationPlugin>
</plugins>
Step 2 - Enable the JMS Listener configuration and configure it as shown below.
<!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)-->
<transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
<parameter name="myTopicConnectionFactory" locked="false">
<parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
<parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
<parameter name="java.naming.security.principal" locked="false">admin</parameter>
<parameter name="java.naming.security.credentials" locked="false">admin</parameter>
<parameter locked="false" name="transport.jms.UserName">admin</parameter>
<parameter locked="false" name="transport.jms.Password">admin</parameter>
<parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter>
<parameter name="transport.jms.ConnectionFactoryType" locked="false">topic</parameter>
</parameter>
<parameter name="myQueueConnectionFactory" locked="false">
<parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
<parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
<parameter name="java.naming.security.principal" locked="false">admin</parameter>
<parameter name="java.naming.security.credentials" locked="false">admin</parameter>
<parameter locked="false" name="transport.jms.UserName">admin</parameter>
<parameter locked="false" name="transport.jms.Password">admin</parameter>
<parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
<parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
</parameter>
<parameter name="default" locked="false">
<parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
<parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
<parameter name="java.naming.security.principal" locked="false">admin</parameter>
<parameter name="java.naming.security.credentials" locked="false">admin</parameter>
<parameter locked="false" name="transport.jms.UserName">admin</parameter>
<parameter locked="false" name="transport.jms.Password">admin</parameter>
<parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
<parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
</parameter>
</transportReceiver>
Step 3 - Create a Proxy service to listen to a JMS queue in ActiveMQ.
Once the ESB server is started, create the below Proxy service and let it listen to the queue generated in ActiveMQ.
<proxy name="StockQuoteProxy1" transports="jms" startOnLoad="true">
<target>
<endpoint>
<address uri="http://localhost:9000/services/SimpleStockQuoteService"/>
</endpoint>
<inSequence>
<property name="OUT_ONLY" value="true"/>
</inSequence>
<outSequence>
<send/>
</outSequence>
</target>
<publishWSDL uri="file:repository/samples/resources/proxy/sample_proxy_1.wsdl"/>
<parameter name="transport.jms.ContentType">
<rules>
<jmsProperty>contentType</jmsProperty>
<default>application/xml</default>
</rules>
</parameter>
</proxy>
Once the above proxy service is deployed, send a request to the queue and observe how the message is processed and send to the backend. You can use the sample available in [2] to test this scenario out.
If you are sending a JMS request you can use the username and the password in the URL as shown below.
ant stockquote -Dmode=placeorder -Dtrpurl="jms:/StockQuoteProxy1?transport.jms.DestinationType=queue&transport.jms.ContentTypeProperty=contentType&java.naming.provider.url=tcp://localhost:61616&java.naming.factory.initial=org.apache.activemq.jndi.ActiveMQInitialContextFactory&transport.jms.UserName="admin"&transport.jms.Password="admin"&transport.jms.ConnectionFactoryType=queue&transport.jms.ConnectionFactoryJNDIName=QueueConnectionFactory"
[1] - https://docs.wso2.com/display/ESB490/Configure+with+ActiveMQ
[2] - https://docs.wso2.com/display/ESB490/Sample+250%3A+Introduction+to+Switching+Transports
No comments:
Post a Comment