我试图将messaging-activemq子系统配置为使用https而不是http(以完全消除http的使用)。
在Wildfly配置文件messaging-activemq子系统中,我已经更新了http-connector、http-connector-aphults、http-acceptor-aphulth和http-acceptor-aphulth以使用https。Wildfly服务器启动时没有错误。但是,当我试图从客户机连接时,我会得到客户机错误,如“javax.jms.jmsException:Failed to create session Factory”。在服务器上,我会得到类似“UT005013:发生了一个IOException:javax.net.SSL.sslException:未识别的SSL消息,明文连接?”这样的消息。
我搜索了RedHat和JBoss文档(以及更多文档),但没有找到如何配置客户端和连接以使用HTTPS与Wildfly10 activemq对话的解决方案。
服务器配置:
<subsystem xmlns="urn:jboss:domain:messaging-activemq:1.0">
<server name="default">
<security enabled="false"/>
<security-setting name="#">
<role name="guest" delete-non-durable-queue="true" create-non-durable-queue="true" consume="true" send="true"/>
</security-setting>
<address-setting name="#" message-counter-history-day-limit="10" page-size-bytes="2097152" max-size-bytes="10485760" expiry-address="jms.queue.ExpiryQueue" dead-letter-address="jms.queue.DLQ"/>
<http-connector name="http-connector" endpoint="http-acceptor" socket-binding="https"/>
<http-connector name="http-connector-throughput" endpoint="http-acceptor-throughput" socket-binding="https">
<param name="batch-delay" value="50"/>
</http-connector>
<in-vm-connector name="in-vm" server-id="0"/>
<http-acceptor name="http-acceptor" http-listener="https"/>
<http-acceptor name="http-acceptor-throughput" http-listener="https">
<param name="batch-delay" value="50"/>
<param name="direct-deliver" value="false"/>
</http-acceptor>
<in-vm-acceptor name="in-vm" server-id="0"/>
<jms-queue name="ExpiryQueue" entries="java:/jms/queue/ExpiryQueue"/>
<jms-queue name="DLQ" entries="java:/jms/queue/DLQ"/>
<connection-factory name="InVmConnectionFactory" entries="java:/ConnectionFactory" connectors="in-vm"/>
<connection-factory name="RemoteConnectionFactory" consumer-window-size="0" entries="java:jboss/exported/jms/RemoteConnectionFactory" connectors="http-connector"/>
<pooled-connection-factory name="activemq-ra" transaction="xa" entries="java:/JmsXA java:jboss/DefaultJMSConnectionFactory" connectors="in-vm"/>
</server>
</subsystem>
更多服务器配置:
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
(REMOVED THIS) <http-listener name="default" max-post-size="104857600" socket-binding="http" redirect-socket="https"/> (REMOVED THIS)
<https-listener name="https" max-post-size="104857600" security-realm="BISRealm" socket-binding="https"/>
<host name="default-host" alias="localhost"/>
</server>
<servlet-container name="default">
<jsp-config display-source-fragment="false"/>
<websockets/>
</servlet-container>
</subsystem>
2017-01-12 14:03:47,283 DEBUG [io.undertow.request] (default I/O-11) UT005013: An IOException occurred: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:156) [jsse.jar:1.8.0_71]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:868) [jsse.jar:1.8.0_71]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) [jsse.jar:1.8.0_71]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) [rt.jar:1.8.0_71]
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:705)
at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:608)
at io.undertow.protocols.ssl.SslConduit.access$600(SslConduit.java:63)
at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1034)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88) [xnio-nio-3.3.4.Final.jar:3.3.4.Final]
at org.xnio.nio.WorkerThread.run(WorkerThread.java:559) [xnio-nio-3.3.4.Final.jar:3.3.4.Final]
2017-01-12 14:03:47,284 DEBUG [io.undertow.request.io] (default I/O-11) UT005013: An IOException occurred: java.io.IOException: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:577)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:668)
at io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:530)
at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127) [xnio-api-3.3.4.Final.jar:3.3.4.Final]
at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:152)
at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:130)
at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:56)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) [xnio-api-3.3.4.Final.jar:3.3.4.Final]
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) [xnio-api-3.3.4.Final.jar:3.3.4.Final]
at io.undertow.protocols.ssl.SslConduit$SslReadReadyHandler.readReady(SslConduit.java:1059)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88) [xnio-nio-3.3.4.Final.jar:3.3.4.Final]
at org.xnio.nio.WorkerThread.run(WorkerThread.java:559) [xnio-nio-3.3.4.Final.jar:3.3.4.Final]
Caused by: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) [jsse.jar:1.8.0_71]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) [jsse.jar:1.8.0_71]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634) [jsse.jar:1.8.0_71]
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561) [jsse.jar:1.8.0_71]
at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:575)
... 11 more
客户端试图读取JMS消息时的客户端错误消息:
2017-01-12 16:09:19.601 DEBUG org.apache.activemq.artemis.core.client.getConnectionWithRetry(750)) #() #() Trying reconnection attempt 0/1
2017-01-12 16:09:19.601 DEBUG org.apache.activemq.artemis.core.client.createTransportConnection(1025)) #() #() Trying to connect with connector = org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnectorFactory@2714d74c, parameters = {httpUpgradeEnabled=true, port=8443, httpPpgradeEndpoint=http-acceptor, host=bisdb} connector = null
2017-01-12 16:09:19.601 DEBUG org.apache.activemq.artemis.core.client.start(528)) #() #() Started Netty Connector version 4.0.32.Final
2017-01-12 16:09:19.602 DEBUG org.apache.activemq.artemis.core.client.createConnection(586)) #() #() Remote destination: bisdb/10.134.141.92:8443
2017-01-12 16:09:19.604 DEBUG org.apache.activemq.artemis.core.client.createConnection(656)) #() #() Sending HTTP request DefaultHttpRequest(decodeResult: success, version: HTTP/1.1)
GET HTTP/1.1
Host: bisdb
Upgrade: activemq-remoting
Connection: Upgrade
httpPpgradeEndpoint: http-acceptor
Sec-ActiveMQRemoting-Key: EVEoDiZ+Sv4Xe8QYk9X4PQ==
2017-01-12 16:09:25.311 DEBUG org.jboss.ejb.client.EJBClientContext.getEJBReceiver(758)) #() #() org.jboss.ejb.client.RandomDeploymentNodeSelector@d536e70 deployment node selector selected bisdb node for appname=MorphoBIS,modulename=Wfm,distinctname=
2017-01-12 16:09:25.311 DEBUG org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(136)) #() #() Sending invocation to node bisdb
2017-01-12 16:09:35.318 DEBUG org.jboss.ejb.client.EJBClientContext.getEJBReceiver(758)) #() #() org.jboss.ejb.client.RandomDeploymentNodeSelector@d536e70 deployment node selector selected bisdb node for appname=MorphoBIS,modulename=Wfm,distinctname=
2017-01-12 16:09:35.318 DEBUG org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(136)) #() #() Sending invocation to node bisdb
2017-01-12 16:09:45.321 DEBUG org.jboss.ejb.client.EJBClientContext.getEJBReceiver(758)) #() #() org.jboss.ejb.client.RandomDeploymentNodeSelector@d536e70 deployment node selector selected bisdb node for appname=MorphoBIS,modulename=Wfm,distinctname=
2017-01-12 16:09:45.321 DEBUG org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(136)) #() #() Sending invocation to node bisdb
2017-01-12 16:09:49.604 DEBUG org.apache.activemq.artemis.core.client.openTransportConnection(994)) #() #() Connector towards NettyConnector [host=bisdb, port=8443, httpEnabled=false, httpUpgradeEnabled=true, useServlet=false, servletPath=/messaging/ActiveMQServlet, sslEnabled=false, useNio=true] failed
2017-01-12 16:09:49.605 WARN Received exception jndiEnv : {java.naming.provider.url=https-remoting://bisapp:8443, java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory, UrlPkgPrefixes=org.jboss.naming:org.jnp.interfaces}
javax.jms.JMSException: Failed to create session factory
at org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createConnectionInternal(ActiveMQConnectionFactory.java:727) ~[jboss-client.jar:10.0.0.Final]
at org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createQueueConnection(ActiveMQConnectionFactory.java:284) ~[jboss-client.jar:10.0.0.Final]
at org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createQueueConnection(ActiveMQConnectionFactory.java:280) ~[jboss-client.jar:10.0.0.Final]
...
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_71]
Caused by: org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException: AMQ119007: Cannot connect to server(s). Tried with all available servers.
at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:777) ~[jboss-client.jar:10.0.0.Final]
at org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createConnectionInternal(ActiveMQConnectionFactory.java:724) ~[jboss-client.jar:10.0.0.Final]
... 10 common frames omitted
看起来客户机试图通过HTTP通信,但我不知道如何配置连接以使用HTTPS。
如何配置Wildfly10服务器(和客户机)以使用HTTPS上的messaging-activemq?
回复较晚,但在HTTP-Connector
两个HTTP-Connector
元素中都缺少。
问题内容: 我正在使用基于Node.js的https服务器,该服务器使用HTTP Basic进行身份验证(这很好,因为数据是通过SSL加密连接发送的)。 现在我想提供一个Socket.io连接 加密和 仅适用于经过身份验证的用户。 问题是如何做到这一点。我已经发现在连接到套接字时需要在客户端JavaScript代码中指定,但是如何在服务器端强制套接字连接只能在SSL上运行,并且仅适用于经过身份验证
问题内容: JKS(Java密钥存储)文件是否已加密?它们是否为加密密钥提供全面保护,还是我仅需要依赖访问控制? 有没有办法确保密钥受到保护? 我对详细的细节感兴趣,包括算法,密钥管理等。这些可配置的任何一个吗? 问题答案: 它们已加密。 该算法取决于提供者。提供者将根据密码返回密钥/证书。如果需要强安全性,请找到使用强加密的密钥库提供程序。
简介 Laravel 可以轻松地保护应用程序免受 跨站点请求伪造 (CSRF) 攻击,跨站点请求伪造是一种恶意攻击,它凭借已通过身份验证的用户身份来运行未经过授权的命令。 Laravel 会自动为每个活跃用户的会话生成一个 CSRF「令牌」。该令牌用于验证经过身份验证的用户是否是向应用程序发出请求的用户。 无论何时,当您在应用程序中定义HTML表单时,都应该在表单中包含一个隐藏的CSRF标记字段,
问题内容: 关键字授予对相同包和子类(http://java.sun.com/docs/books/tutorial/java/javaOO/accesscontrol.html)中的类的访问权限。 现在,每个类都有一个超类(http://java.sun.com/j2se/1.5.0/docs/api/java/lang/Object.html)。 因此,我得出结论,即使每个类都可以访问的方法。
启用触摸保护 把 Yubikey-manager 安装在一个绝对路径:【译者注:homebrew 是 macOS 平台的包管理软件】 ❯ brew install libu2f-host libusb swig ykpers ❯ git clone git@github.com:Yubico/Yubikey-manager.git ❯ git submodule update --init --r
6xx受保护 600 Series,Repliesregardingconfidentialityandintegrity 631 Integrityprotectedreply. 632 Confidentialityandintegrityprotectedreply. 633 Confidentialityprotectedreply.