This section describes how to configure the JMS transport of the ESB Profile of WSO2 Enterprise Integrator (WSO2 EI) with ActiveMQ. The following topics are covered:
From the below configurations, do the ones in the axis2.xml file based on the profile you use as follows:
- To enable the JMS transport in the ESB profile, edit the
- To enable the JMS transport in other profiles, edit the
<PROFILE_HOME>can be a main directory of a profile inside the WSO2 EI distribution. For example, to enable the JMS transport of the Business Process Profile, edit the
Setting up WSO2 EI and ActiveMQ
Follow the instructions below to set up and configure.
- Download, set up and start Apache ActiveMQ.
Follow the Installation Guide and set up the ESB Profile of WSO2 EI.
Do not start the ESB Profile of WSO2 EI at this point. ActiveMQ should be up and running before starting the ESB Profile of WSO2 EI.
- Copy the following client libraries from the
<ACTIVEMQ_HOME>/libdirectory to the
ActiveMQ 5.8.0 and above
- activeio-core-3.1.4.jar (available in the
Earlier version of ActiveMQ
Next, configure the JMS transport listeners and senders in the ESB Profile of WSO2 EI based on your requirement. When you need to listen to a JMS queue you need to configure the JMS transport listener, and when you need to send messages to a JMS queue you need to configure the JMS transport sender.
When configuring the JMS transport with ActiveMQ, you can append ActiveMQ-specific properties to the value of the
java.naming.provider.urlproperty. For example, you can set the
initialRedeliveryDelayproperties when configuring a JMS inbound endpoint as follows:
Start ActiveMQ by navigating to the
<ACTIVEMQ_HOME>/bindirectory and executing
./activemq console(on Linux/OSX) or
activemq start(on Windows).
If you are using ActiveMQ 5.12.2 and above when working with message stores, you need to set the following system property on server start up for the JMS message store of the ESB Profile to work as expected.
Setting the above property is required because users are enforced to explicitly whitelist packages that can be exchanged using ObjectMessages with ActiveMQ 5.12.2 and above.
Therefore, if the above property is not set, the message processor fails to read messages from ActiveMQ with the following error:
Now you have instances of ActiveMQ and the ESB Profile of WSO2 EI configured, up and running. Next, let's take a look at implementation details of various JMS use cases.
Setting up the JMS listener
To enable the JMS transport listener, un-comment the following listener configuration related to ActiveMQ in
Setting up the JMS sender
To enable the JMS transport sender, un-comment the following configuration in
The above configurations do not address the problem of transient failures of the ActiveMQ message broker. Let's say for some reason ActiveMQ goes down and becomes active again after a while. The ESB Profile of WSO2 EI will not reconnect to ActiveMQ, instead it will throw an error when requests are sent to the ESB Profile of WSO2 EI until it is restarted. In order to tackle this issue you need to add the following configuration in place of the java.naming.provider.url,
This simply makes sure that re-connection takes place. Failover prefix is associated with the Failover Transport of ActiveMQ. For more information on this, see The Failover Transport.
Connecting multiple ActiveMQ brokers
The ESB Profile of WSO2 EI can be configured as described below to work with two ActiveMQ brokers. In this example, port 61616 is used for one ActiveMQ instance and port 61617 is used for another ActiveMQ instance.
- Configure the ESB Profile of WSO2 EI to work with one ActiveMQ broker as described above.
- Start another ActiveMQ instance.
Add another transport receiver to the
<EI_Home>/conf/axis2/axis2.xmlfile as follows. Note that the name of the transport receiver is different to that of the transport receiver that you already entered. The port specified is
- Set up the JMS sender as described in Setting up the JMS sender.
Configuring redelivery in ActiveMQ queues
When the ESB Profile of WSO2 EI is configured to consume messages from an ActiveMQ queue, you have the option to configure message re-delivery. This is useful when messages are unable to be processed by the ESB Profile of WSO2 EI due to failures.
- Enable the JMS listener as explained in Setting up the JMS listener.
Add the following JMS parameters into the proxy service configuration in the ESB Profile of WSO2 EI:
redeliveryPolicy.maximumRedeliveries: Maximum number of retries for delivering the message. If set to -1 ActiveMQ will retry inifinitely.
transport.jms.SessionTransacted: When set to
true, this enables the JMS session transaction for the proxy service.
redeliveryPolicy.redeliveryDelay: Delay time in milliseconds between retries.
transport.jms.CacheLevel: This needs to be set to
consumerfor the ActiveMQ redelivery mechanism to work.
Add the following line in your fault sequence:
<property name="SET_ROLLBACK_ONLY" value="true" scope="axis2"/>
SET_ROLLBACK_ONLYThis parameter must be defined for ActiveMQ to redeliver the message.When the ESB Profile of WSO2 EI is unable to deliver a message to the back-end service due to an error, it will be routed to the fault sequence in the configuration. When the
SET_ROLLBACK_ONLYproperty is set in the fault sequence, the ESB Profile of WSO2 EI informs ActiveMQ to redeliver the message.
Following is a sample proxy service configuration:
Managing security of the configuration
JMS is an integral part of enterprise integration solutions that are highly-reliable, loosely-coupled and asynchronous. As a result, implementing proper security to your JMS deployments is vital. The below sections discuss some of the best practices of an effective JMS security implementation when used in combination with WSO2 Enterprise Integrator.
Let's see how some of the key concepts of system security such as authentication, authorization and availability are implemented in different types of broker servers as follows. Given below is an overview of how some common security concepts are implemented in Apache ActiveMQ.
|Security Concept||How it is Implemented|
|Authentication||Simple authentication and JAAS plugins.|
|Authorization||Built-in authorization mechanism using XML configuration.|
|Availability||Master/Slave configurations using fail-over transport in ActiveMQ (not to be confused with WSO2 EI transports).|
Simple Authentication: ActiveMQ comes with an authentication plugin, which provides basic authentication between the ActiveMQ JMS and WSO2 EI. The steps below describe how to configure.
1. Add the following configuration in <ACTIVEMQ_HOME>/conf/activemq-security.xml file.
2. Edit <ACTIVEMQ_HOME>/conf/credentials.properties file for plain-text version or <ACTIVEMQ_HOME>/conf/credentials-enc.properties file for encrypted version to define the username and password lists referenced in the configuration above.
Th e anonymousAccessAllowed attribute defines whether or not to allow anonymous access. The groups and users defined in step 1 are used to provide authorization schemes. Refer to section for more information.
3. Ensure that the <transportReceiver> element below is added in
Lines similar to the following contain the username and password configured in ActiveMQ.
For more advanced authentication schemes that use JAAS which are supported in ActiveMQ, refer to the official ActiveMQ documentation here: http://activemq.apache.org/security.html
ActiveMQ provides authorization schemes using simple XML configurations, which you can apply to the users defined in the authentication plugin. To setup authorization, ensure you have the following configuration in <ACTIVEMQ_HOME>/conf/activemq-sequrity.xml file.
ActiveMQ supports the use of master/slave and fail-over transport to provide high-availability. ActiveMQ supports two types of master/slave configurations as follows:
- Master/slave using shared file systems
- Master/slave using JDBC
We explore the second option here.
Master/slave using JDBC
ActiveMQ uses a special URI similar to the following to facilitate fail-over functionality: failover://(tcp://127.0.0.1:61616,tcp://127.0.0.1:61617,tcp://127.0.0.1:61618)?initialReconnectDelay=100. Use this URI inside WSO2 EI for a highly-available JMS solution.
To create proxy services, sequences, endpoints, message stores, processors etc. in WSO2 EI, you can either use the management console or copy the XML configuration to the source view. You can find the source view under menu Manage > Service Bus > Source View in the left navigation pane of the WSO2 EI management console. Alternatively, you can add an XML file to
A sample WSO2 EI Proxy service for this setup is given below.
java.naming.provider.url=failover:(tcp://localhost:61616,tcp://localhost:61617)?randomize=false inside the address endpoint uri attribute. The
randomize=false parameter makes this setup follow a prioritized fail-over configuration, which means when the first instance fails, it moves to the next. For more information on ActiveMQ fail-over transport and its parameters, refer to ActiveMQ documentation here: http://activemq.apache.org/failover-transport-reference.html.
Integrity is part of message-level security, and can be implemented using a standard like WS-Security. Following sample shows the application of WS-Security for message-level encryption where messages are stored in a message store in WSO2 EI.