Announcement Announcement Module
Collapse
No announcement yet.
SSL XMPPConnection Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSL XMPPConnection

    Can anyone help me understand how to establish an SSL XMPPConnection using the XMP namespace provided with Spring Integration?

    I know I can get an SSL XMPPConnection using the smack libraries, but upon inspecting the XMPP source (org.springframework.integration.xmpp.XmppConnecti onFactory), I don't see any support for SSL in the current configuration. I was able to use smack to manually create an SSL connection as follows:

    Code:
    XMPPConnection = null;
    ConnectionConfiguration config = new ConnectionConfiguration("localhost", 5223);
    config.setTrustorePath("path_to_truststore.jks");
    config.setSecurityEnabled(true);
    config.setSocketFactory(SSLSocketFactory.getDefault());
    conn = new XMPPConnection(config);
    conn.connect();
    conn.login("username", "password");
    Can someone comment on any possible workarounds so I can still use the XML namespace, such as:

    Code:
    <xmpp:xmpp-connection id="xmppConnection" user="${xmpp.username}" password="${xmpp.password}" 
    host="${xmpp.host}" port="${xmpp.sslPort}" securityEnabled="true" trustStore="${xmpp.trustore.location}"
    trustStorePassword="${xmpp.truststore.password}"
    subscription-mode="accept_all" />
    Unfortunately, without SSL support, the XMPP component won't be of any use for me.

  • #2
    We definitely don't want to loose you
    So, I opened up a JIRA https://jira.springframework.org/browse/INT-1580 so you can track the progress (just add yourself as watcher). We'll have it in time for 2.0.GA

    Thanks for pointing it out

    Comment


    • #3
      Hi. This is a good idea, and we will add support for factorying the xmppconnnection with SSL support. Would you please create a JIRA ticket / entry in the Spring Integration tracker?

      In the meantime, however, you can simply create the bean yourself as you describe above and forego using the xmpp-connction namespace element. All the adapters take a reference to an XMPPConnection from the Smack API. So, however you choose to build that reference (IE, perhaps you dereference the object using Spring Expression Language, or perhaps you simply provide your own FactoryBean<XMPPConnection> implementation and register in the ApplicationContext)

      An example might be:

      Code:
       
        <bean class = 'my.custom.Config' id = 'myConfig'/> 
        
        <xmpp:message-inbound-channel-adapter channel = 'in' xmpp-connection = '#{ myConfig.sslConfiguration } ' />
      Hopefully this lets you proceed with the adapter support until we can provide namespace support for the connection.

      Comment


      • #4
        yikes! Oleg darted in there and responded as I was posting! Boy he's quick...

        Comment


        • #5
          Thanks for the excellent support on this issue and the other issue I recently encountered with extracting the smack message payload! When is 2.0.GA release planned? In the meantime, I'll incorporate the workaround and keep testing the adapters to make sure they support everything else we need in our workflow.

          Comment


          • #6
            Thank you.
            I'd like to tell you that 2.0.GA will be out in few weeks, but it actually may take a little longer (mainly a lot of documentation work and minor improvements like this), but I would hope that by the end of this month we should have it.

            Comment


            • #7
              OK, I just resolved the https://jira.springframework.org/browse/INT-1580
              You can read the solution and explanation there. Please let me know if you still have issues.

              Comment


              • #8
                With the newly created "XmppConnectionFactoryBean", how do I specify supported SASL mechanisms? For instance, in the old "XmppConnectionFactory", I could specify the SASL mechanisms that I wanted prior to the factory establishing the connection login:

                Code:
                        try
                        {
                            connection.connect();
                
                            // You have to put this code before you login
                            if (StringUtils.hasText(saslMechanismSupported))
                            {
                                SASLAuthentication.supportSASLMechanism(saslMechanismSupported,
                                    saslMechanismSupportedIndex);
                            }
                
                            // You have to specify the resoure (e.g. "@host.com") at the end
                            if (StringUtils.hasText(resource))
                            {
                                connection.login(usr, pw, resource);
                            }
                ...

                Comment


                • #9
                  Yes, we simplified it in favor of the native Smack config.
                  Just create a config file called smack-config.xml and put it into your META-INF directory (e.g., META-INF/smack-config.xml)
                  Inside you can list the mechanisms:
                  Code:
                  <?xml version="1.0"?>
                  <!-- Smack configuration file. -->
                  <smack>
                  	<mechName>PLAIN</mechName>
                          <mechName>GSSAPI</mechName>
                          . . .
                  </smack>
                  Possible values for SASL mechanisms: EXTERNAL, GSSAPI, DIGEST-MD5, CRAM-MD5, PLAIN, ANONYMOUS

                  Let us know if you still have issues with it.

                  Comment


                  • #10
                    I haven't tried this yet, but just looking at the smack code I don't see how loading the SASL mechanisms in the smack-config.xml will translate into proper use by the Smack SASLAuthentication. During the SASLAuthentication.authenticate() call, smack uses the supported mechanisms stored in SASLAuthentication.implementedMechanisms field. This map only gets populated by calling SASLAuthentication.registerSASLMechanism() or by calling SASLAuthentication.supportSASLMechanism(). This is what the old XmppConnectionFactory used to do...

                    Regarding the SASL mechanisms loaded in from the smack-config.xml by the SmackConfiguration, the only way smack could ever use these mechanisms would be by calling the SmackConfiguration.getSaslMechs() method, which from the source code looks like it never happens.

                    Regardless, I'll try this approach something this weekend using the smack-config.xml just to verify my suspicions.

                    Comment


                    • #11
                      Brandon

                      It will do the same thing as what we were doing before and that is to initialize DSmackConfiguration statically. We actually have a test cases that validates it. If you are in SI source code then look at XmppConnectionParserTest.testSmackSasl(), otherwise here is the test:
                      Code:
                      @Test
                      public void testSmackSasl(){
                      	/*
                      	 * Possible SASL mechanisms
                      	 * EXTERNAL, GSSAPI, DIGEST-MD5, CRAM-MD5, PLAIN, ANONYMOUS
                      	 */
                      	// values are set in META-INF/smack-config.xml
                      	List<String> saslMechNames = SmackConfiguration.getSaslMechs();
                      	assertEquals(2, saslMechNames.size());
                      	assertEquals("PLAIN", saslMechNames.get(0));
                      }
                      Let me know

                      Comment


                      • #12
                        OK, I got some time to run the test and the results were what I expected: putting the SASL mechanisms in the META-INF/smack-config.xml didn't translate into support for those mechanisms during the authentication process. Here was my test setup:

                        TestConfig.java
                        Code:
                        package org.mycompany.xmpp;
                        
                        import org.springframework.context.ApplicationContext;
                        import org.springframework.context.support.FileSystemXmlApplicationContext;
                        
                        public class TestConfig
                        {
                            static ApplicationContext ctx = new FileSystemXmlApplicationContext(
                                "src/org/mycompany/xmpp/application-context.xml");
                        
                            public static void main(String[] args) throws Exception
                            {
                                XmppConnectionFactoryBean bean = (XmppConnectionFactoryBean) ctx
                                    .getBean(XmppConnectionFactoryBean.class);
                                bean.createInstance();
                                System.out.println("SmackConfiguration.getSaslMechs()=> "
                                    + (SmackConfiguration.getSaslMechs()));
                                bean.start();
                            }
                        }
                        application-context.xml:
                        Code:
                        <?xml version="1.0" encoding="UTF-8"?>
                        <beans xmlns="http://www.springframework.org/schema/beans"
                        	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:int="http://www.springframework.org/schema/integration"
                        	xmlns:xmpp="http://www.springframework.org/schema/integration/xmpp"
                        	xsi:schemaLocation="http://www.springframework.org/schema/integration http://www.springframework.org/schema/integration/spring-integration-2.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/integration/xmpp http://www.springframework.org/schema/integration/xmpp/spring-integration-xmpp-2.0.xsd">
                        
                        	<bean id="xmppConn" class="org.mycompany.xmpp.XmppConnectionFactoryBean">
                        		<constructor-arg>
                        			<bean class="org.jivesoftware.smack.ConnectionConfiguration">
                        				<constructor-arg name="host" value="localhost" />
                        				<constructor-arg name="port" value="5222" />
                        				<property name="SASLAuthenticationEnabled" value="true" />
                        			</bean>
                        		</constructor-arg>
                        		<property name="user" value="test" />
                        		<property name="password" value="test" />
                        	</bean>
                        </beans>
                        META-INF/smack-config.xml:

                        Code:
                        <smack>
                        	<mechName>EXTERNAL</mechName>
                        </smack>
                        I also took the liberty to add some debug info inside of XmppConnectionFactoryBean:

                        Code:
                            @Override
                            public void start()
                            {
                                try
                                {
                                    connection.connect();
                                    System.out.println("before=>"
                                        + (SASLAuthentication.getRegisterSASLMechanisms()));
                                    SASLAuthentication.supportSASLMechanism("EXTERNAL", 0);
                                    System.out.println("after=>"
                                        + (SASLAuthentication.getRegisterSASLMechanisms()));
                        ...
                        Here was the result of running TestConfig:

                        Code:
                        Nov 7, 2010 12:25:50 PM org.springframework.context.support.AbstractApplicationContext prepareRefresh
                        INFO: Refreshing org.springframework.context.support.FileSystemXmlApplicationContext@145d068: startup date [Sun Nov 07 12:25:50 EST 2010]; root of context hierarchy
                        Nov 7, 2010 12:25:51 PM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions
                        INFO: Loading XML bean definitions from file [C:\Users\mccusln\workspace-sts-2.3.2\test\src\org\mycompany\xmpp\application-context.xml]
                        Nov 7, 2010 12:25:51 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons
                        INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@f7f540: defining beans [xmppConn]; root of factory hierarchy
                        SmackConfiguration.getSaslMechs()=> [EXTERNAL, EXTERNAL]
                        before=>[class org.jivesoftware.smack.sasl.SASLGSSAPIMechanism, class org.jivesoftware.smack.sasl.SASLDigestMD5Mechanism, class org.jivesoftware.smack.sasl.SASLCramMD5Mechanism, class org.jivesoftware.smack.sasl.SASLPlainMechanism, class org.jivesoftware.smack.sasl.SASLAnonymous]
                        after=>[class org.jivesoftware.smack.sasl.SASLExternalMechanism, class org.jivesoftware.smack.sasl.SASLGSSAPIMechanism, class org.jivesoftware.smack.sasl.SASLDigestMD5Mechanism, class org.jivesoftware.smack.sasl.SASLCramMD5Mechanism, class org.jivesoftware.smack.sasl.SASLPlainMechanism, class org.jivesoftware.smack.sasl.SASLAnonymous]

                        You can see that before I called SASLAuthentication.supportSASLMechanism("EXTERNAL" , 0); inside of XmppConnectionFactoryBean, smack never registered SASLExternalMechanism as a registered mechanism. Regardless of what the output from SmackConfiguration.getSaslMechs() says, I know that smack uses the mechanisms stored inside of SASLAuthentication when determining how or handle authentication requests. My guess is most people are using the mechanisms registered by default (i.e. plain or anonymous) so this issue never has come up as people have never had to specify anything other than the defaults. In my case, I need X.509 client authentication by all my smack clients.

                        Maybe this is why the previous XmppConnectionFactory class was doing it the way it was.
                        Last edited by jzcfk9; Nov 7th, 2010, 11:49 AM.

                        Comment


                        • #13
                          I am pretty sure it doesn't see your smack-config.xml. Let's try to figure out why. Attached is he simplest Maven project (no spring or spring integration), just two lines of java code
                          Code:
                          public static void main(String[] args) {
                          	List<String> saslMechanisms = SmackConfiguration.getSaslMechs();
                          	System.out.println("SASL mechanisms: " + saslMechanisms);
                          }
                          and two lines of XML in META-INF/smack-config.xml
                          Code:
                          <smack>
                          	<mechName>PLAIN</mechName>
                          	<mechName>EXTERNAL</mechName>
                          </smack>
                          and the output:
                          Code:
                          SASL mechanisms: [PLAIN, EXTERNAL, PLAIN, EXTERNAL]
                          Look at the project structure and let me know what is different

                          Comment


                          • #14
                            It's definitely seeing the smack-config.xml. I just updated it to add "PLAIN" and now get the following output:

                            Code:
                            SmackConfiguration.getSaslMechs()=> [EXTERNAL, PLAIN, EXTERNAL, PLAIN]
                            before=>[class org.jivesoftware.smack.sasl.SASLGSSAPIMechanism, class org.jivesoftware.smack.sasl.SASLDigestMD5Mechanism, class org.jivesoftware.smack.sasl.SASLCramMD5Mechanism, class org.jivesoftware.smack.sasl.SASLPlainMechanism, class org.jivesoftware.smack.sasl.SASLAnonymous]
                            after=>[class org.jivesoftware.smack.sasl.SASLExternalMechanism, class org.jivesoftware.smack.sasl.SASLGSSAPIMechanism, class org.jivesoftware.smack.sasl.SASLDigestMD5Mechanism, class org.jivesoftware.smack.sasl.SASLCramMD5Mechanism, class org.jivesoftware.smack.sasl.SASLPlainMechanism, class org.jivesoftware.smack.sasl.SASLAnonymous]

                            Comment


                            • #15
                              So, what is the issue?

                              Comment

                              Working...
                              X