Results 1 to 5 of 5

Thread: message-driven-channel-adapter + secure JMS settings

  1. May 9th, 2012, 11:24 AM #1
    nuvola
    nuvola is offline Member
    Join Date
    Apr 2012
    Posts
    57

    Default message-driven-channel-adapter + secure JMS settings

    Hi all,

    I'm trying to configure properly my message-driven-channel-adapter using t3s instead of t3 for connecting to weblogic server.

    Below my applicationContext.xml file:

    Code:
        <jms:message-driven-channel-adapter id="jmsMessageChannelAdapter"
                                        connection-factory="myConnectionFactory"
                                        destination="myQueue"
                                        channel="jmsListenerChannel"/>

    <jee:jndi-lookup id="myConnectionFactory" jndi-name="WL.mb0_sb.CF" expose-access-context="true">
        <jee:environment>
            java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
            java.naming.provider.url=t3s://hostname:7842
            java.naming.security.principal=...
            java.naming.security.credentials=...
            weblogic.security.SSL.ignoreHostnameVerification=true
            java.protocol.handler.pkgs=weblogic.net
            weblogic.security.TrustKeyStore=CustomTrust
            weblogic.security.CustomTrustKeyStoreFileName=...\\test\\resources\\keystore.jks
            weblogic.security.CustomTrustKeyStorePassPhrase=
            weblogic.security.CustomTrustKeyStoreType=JKS
        </jee:environment>
    </jee:jndi-lookup>
    <jee:jndi-lookup id="myQueue" jndi-name="WL.mb0_sb.BU">
        <jee:environment>
            java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
            java.naming.provider.url=t3s://hostname:7842
            java.naming.security.principal=...
            java.naming.security.credentials=...
            weblogic.security.SSL.ignoreHostnameVerification=true
            java.protocol.handler.pkgs=weblogic.net
            weblogic.security.TrustKeyStore=CustomTrust
            weblogic.security.CustomTrustKeyStoreFileName=...\\test\\resources\\keystore.jks
            weblogic.security.CustomTrustKeyStorePassPhrase=
            weblogic.security.CustomTrustKeyStoreType=JKS
        </jee:environment>
    </jee:jndi-lookup>
    But from logs I got:

    Code:
    09.mag.2012 18:11:34,868 - (LISTENER SERVICE) (main) [ERROR ]-[TestContextManager                 (324 )] - 
Caught exception while allowing TestExecutionListener [org.springframework.test.context.support.DependencyInjectionTestExecutionListener@ac4d3b] 
to prepare test instance [null(ch.integration.jms.ListenerTest)]
java.lang.IllegalStateException: Failed to load ApplicationContext
        at org.springframework.test.context.TestContext.getApplicationContext(TestContext.java:157)
        at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.injectDependencies(DependencyInjectionTestExecutionListener.java:109)
        at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.prepareTestInstance(DependencyInjectionTestExecutionListener.java:75)
        at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:321)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.createTest(SpringJUnit4ClassRunner.java:211)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner$1.runReflectiveCall(SpringJUnit4ClassRunner.java:288)
        at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.methodBlock(SpringJUnit4ClassRunner.java:290)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:231)
        at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
        at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
        at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:71)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
        at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:174)
        at org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:62)
        at org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.executeTestSet(AbstractDirectoryTestSuite.java:140)
        at org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.execute(AbstractDirectoryTestSuite.java:127)
        at org.apache.maven.surefire.Surefire.run(Surefire.java:177)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.maven.surefire.booter.SurefireBooter.runSuitesInProcess(SurefireBooter.java:345)
        at org.apache.maven.surefire.booter.SurefireBooter.main(SurefireBooter.java:1009)
Caused by: org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'org.springframework.jms.listener.DefaultMessageListenerContainer#0': 
Cannot resolve reference to bean 'myConnectionFactory' while setting bean property 'connectionFactory'; 
nested exception is org.springframework.beans.factory.BeanCreationException: 
Error creating bean with name 'myConnectionFactory': Invocation of init method failed; nested exception is java.lang.IllegalStateException: 
Not enough cryptography available to enable a cipher suite!
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1360)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1118)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
        at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:103)
        at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:1)
        at org.springframework.test.context.support.DelegatingSmartContextLoader.loadContext(DelegatingSmartContextLoader.java:228)
        at org.springframework.test.context.TestContext.loadApplicationContext(TestContext.java:124)
        at org.springframework.test.context.TestContext.getApplicationContext(TestContext.java:148)
        ... 28 more
    Any help ss greatly appreciated!!!

    No issue using only t3 instead of t3s (only for info I've also another additional issue with authentication but I posted this authentication issue on another thread).
    Reply With Quote Reply With Quote
  2. May 9th, 2012, 11:29 AM #2
    oleg.zhurakousky's Avatar
    oleg.zhurakousky
    oleg.zhurakousky is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Location
    Mohnton, PA USA (that's near Philadelphia)
    Posts
    2,148

    Default

    I know its a bit misleading but this error is not coming form Spring, but from Oracle . . . some miss-configuration. I'd suggest Google "Not enough cryptography available to enable a cipher suite" - there are tons of info and discussions on this topic available.
    Oleg Zhurakousky
    Spring Integration team

    http://twitter.com/z_oleg
    http://blog.springsource.com/author/ozhurakousky/
    Reply With Quote Reply With Quote
  3. May 11th, 2012, 06:56 AM #3
    nuvola
    nuvola is offline Member
    Join Date
    Apr 2012
    Posts
    57

    Default

    Done a step further ... I mean I added to my local maven repository wlcipher.jar file from weblogic distribution.

    My configuration:

    Code:
        <jee:jndi-lookup id="connectionFactory" jndi-name="..." expose-access-context="true">
      <jee:environment>
          java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
          java.naming.provider.url=t3s://...
          java.naming.security.principal=...
          java.naming.security.credentials=...
          weblogic.security.SSL.ignoreHostnameVerification=true
          java.protocol.handler.pkgs=weblogic.net
          weblogic.security.TrustKeyStore=CustomTrust
          weblogic.security.CustomTrustKeyStoreFileName=C:\\projects\\maven\\workspace\\listener\\src\\test\\resources\\wls_keystore.jks
          weblogic.security.CustomTrustKeyStoreType=JKS
      </jee:environment>
    </jee:jndi-lookup>
    <jee:jndi-lookup id="queue" jndi-name="...">
      <jee:environment>
          java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
          java.naming.provider.url=t3s://...
          java.naming.security.principal=...
          java.naming.security.credentials=...
          weblogic.security.SSL.ignoreHostnameVerification=true
          java.protocol.handler.pkgs=weblogic.net
          weblogic.security.TrustKeyStore=CustomTrust
          weblogic.security.CustomTrustKeyStoreFileName=C:\\projects\\maven\\workspace\\listener\\src\\test\\resources\\wls_keystore.jks
          weblogic.security.CustomTrustKeyStoreType=JKS
      </jee:environment>
    </jee:jndi-lookup>
    But now I got another error:

    Code:
    11.mag.2012 13:21:29,758 - (LISTENER SERVICE) (main) [ERROR ]-[TestContextManager                 (324 )] - Caught exception while allowing TestExecutionListener [org.springframework.test.context.support.DependencyInjectionTestExecutionListener@1b9f88b] to prepare test instance [null(ch.integration.jms.ListenerTest)]
java.lang.IllegalStateException: Failed to load ApplicationContext
        at org.springframework.test.context.TestContext.getApplicationContext(TestContext.java:157)
        at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.injectDependencies(DependencyInjectionTestExecutionListener.java:109)
...
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.jms.listener.DefaultMessageListenerContainer#0': 
Cannot resolve reference to bean 'connectionFactory' while setting bean property 'connectionFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'connectionFactory': 
Invocation of init method failed; nested exception is javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://...:7842: Destination unreachable;
nested exception is:
        javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from ... - xxx.xxx.xxx.xxx was not trusted causing SSL handshake failure. 
        Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain.
        If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, 
        then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.; No available router to destination]
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1360)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1118)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
        at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:103)
        at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:1)
        at org.springframework.test.context.support.DelegatingSmartContextLoader.loadContext(DelegatingSmartContextLoader.java:228)
        at org.springframework.test.context.TestContext.loadApplicationContext(TestContext.java:124)
        at org.springframework.test.context.TestContext.getApplicationContext(TestContext.java:148)
        ... 28 more
    I did already a succesfull test with a simple JMS java consumer using the same wls_keystore.jks file and the same other settings:

    Code:
    public static void retrieveMessage() {
   Hashtable<String, String> properties = new Hashtable<String, String>();
   properties.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
   properties.put(Context.PROVIDER_URL, "...");
   properties.put(Context.SECURITY_PRINCIPAL, "...");
   properties.put(Context.SECURITY_CREDENTIALS, "...");
      
   System.setProperty("weblogic.security.SSL.ignoreHostnameVerification", "true");
   System.setProperty("java.protocol.handler.pkgs", "weblogic.net");
   System.setProperty("weblogic.security.TrustKeyStore", "CustomTrust");
   System.setProperty("weblogic.security.CustomTrustKeyStoreFileName",  "C:\\projects\\maven\\workspace\\listener\\src\\test\\resources\\wls_keystore.jks");
   System.setProperty("weblogic.security.CustomTrustKeyStorePassPhrase","");
   System.setProperty("weblogic.security.CustomTrustKeyStoreType", "JKS");
...
    so maybe I miss some settings in my above <jee:jndi-lookup> configuration.

    Any help ss greatly appreciated!!!
    Reply With Quote Reply With Quote
  4. May 11th, 2012, 07:21 AM #4
    nuvola
    nuvola is offline Member
    Join Date
    Apr 2012
    Posts
    57

    Default

    I tried also successfully from command line:

    Code:
    java
 -Dweblogic.security.TrustKeyStore=CustomTrust
 -Dweblogic.security.SSL.ignoreHostnameVerification=true
 -Dweblogic.security.CustomTrustKeyStoreFileName=C:\\projects\\maven\\workspace\\listener\\src\\test\\resources\\wls_keystore.jks
 -Dweblogic.security.CustomTrustKeyStoreType=JKS
 weblogic.Admin
 -url t3s://xxxx:7842
 -username xxxx
 -password xxxx
 ping 1 1
    Result: RTT = ~31 milliseconds, or ~31 milliseconds/packet
    Reply With Quote Reply With Quote
  5. May 11th, 2012, 07:22 AM #5
    oleg.zhurakousky's Avatar
    oleg.zhurakousky
    oleg.zhurakousky is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Location
    Mohnton, PA USA (that's near Philadelphia)
    Posts
    2,148

    Default

    Well, the error is pretty clear and obviously is a result of something missing in your setup. Once again a simple Google search on the error message 'was not trusted causing SSL handshake failure' comes up with many answers. Here is one: http://vbandaru.wordpress.com/2010/1...blogic-server/
    Oleg Zhurakousky
    Spring Integration team

    http://twitter.com/z_oleg
    http://blog.springsource.com/author/ozhurakousky/
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules