-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spring Boot 3.1 SSL Bundles Support Not Working #96
Comments
What evidence do you have for this? Have you run a program with trace-level logging to show the sequence? The sample application (s2.tls.jms3) works fine for me. And the configuration dependencies tell Spring to drive the SslBundle stuff before any of the other configuration. |
I have run into the same issue whe using the starter. Spring initializes the MQConfigurationSslBundles after the ConnectionFactory has been created. |
I managed to get things working by creating a MQConnectionFactoryCustomizer that sets the SslSocketFactory before initialization is completed. That could perhaps be a nice setup in the starter also?
I was hoping that one could use @ConditionalOnBeans-annotation, but that didn't work as expected. |
I think I now have the sequencing right so the SSLBundles get initialised before other properties. My tests are showing it called at a suitable time. (Some of the implementation is done the way it is in order to simplify having a mostly-common set of code with the JMS2/Spring2 variant where the SSLBundles classes are not available.) My plan is to release the update soon to pick up the next version of the MQ client. |
- Uniform Cluster balancing options now available in JMS Fix SSLBundle sequencing (#96)
Unfortunately, it is still not working. Tested it with spring boot 3.1.5 and mq-jms-spring-boot-starter version 3.1.5. The problem is that However, as a workaround I added a small configuration class (hack ;-)) to our project which fixes this issue so that the ssl connections can be established:
For further analysis why
|
Running into this issue, took me a while to figure out what was going on cause nothing useful gets logged. |
I can't get this to work either for the same reason (v3.1.5), so I'm reverting back to using the old (now deprecated) properties ibm.mq.jks.-store. |
I've finally got some time available to take another look at this, but it would be very helpful if someone provided a complete testcase to demonstrate the issue. My own tests work fine. |
@ibmmqmet Have you considered using
instead of
in MqConfigurationSslBundles.class? I suspect that @AutoConfigureBefore-annotation only works for classes annotated with @autoConfiguration and not @configuration. |
To reproduce, I think you need a different reason to set up the ssl context early on. We have an as400 sql datasource with secure=true that probably kicks in too early. |
Simply adding the following bean also does trick Might be a little mystical why it works at first glance, but it basically forces the creation of The key here is that the |
Thanks for the suggestions on possible solutions. I've just released a new level that (hopefully) will deal with it - certainly I can see the ordering is slightly different. But I've not been able to create a working broken test scenarion, so not been able to definitively prove the changes work. |
The ssl bundles support was reworked in the latest version now that there's no need to have common code with boot 2. Ought to be much cleaner now. |
mq-jms-spring-boot-starter:3.1.2
Java17
When you use Spring boot 3.1 SSL Bundles, it's unable to get SSL bundle properly
MQConfigurationSslBundles.getSSLSocketFactory
is getting called before bundles get initialized in the constructor
The text was updated successfully, but these errors were encountered: