问题
When we configure the SSL on standalone ActiveMQ, we may need to provide the TrustStore,TrustStore Password, KeyStore and KeyStore password in client code to connect to the Active MQ over SSL protocol but in case of AmazonMQ, though they have provided SSL endpoint, but we can connect to it simply without providing the trust and key related values.
Client code snippet for Simple ActiveMQ over SSL:
ActiveMQSslConnectionFactory connFactory = new ActiveMQSslConnectionFactory("ssl://<someHost>:61617");
String trustStore = "pathTo/client_new.ts";
String keyStore = "PathTo/client_new.ks";
try {
connFactory.setTrustStore(trustStore);
connFactory.setTrustStorePassword("password");
connFactory.setKeyStore(keyStore);
connFactory.setKeyStorePassword("password");
} catch (Exception e) {
e.printStackTrace();
}
Client code snippet for Amazon MQ over SSL:
ActiveMQConnectionFactory connFactory = new ActiveMQConnectionFactory("ssl://xyz.amazonaws.com:61617");
Basically, what make this difference?
回答1:
Firstly AmazonMQ works on top of the ActiveMQ, amazon has written a wrapper layer over activeMQ so as functionality wise it works pretty much the same. AmazonMQ is managed Message Broker Service for ActiveMQ.
It manages everything related to space, configuring active/passive endpoints in different regions and some benefits mentioned in the below links.
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/welcome.html
Other benefits of amazonMQ is you can setup alerts and many more as part of using other services of amazon like upgrading activemq version to the latest.
Now coming to you application part, one good thing was the way you have configured activemq was via SSL connection, though activemq exposes tcp endpoint as well which can be connected by simply providing broker URL but in case of amazonMQ it does not exposes any TCP endpoint only way to connect is by providing SSL endpoint and related parameters.
Refer this link on how application is connected to amazonMQ: https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/amazon-mq-connecting-application.html
来源:https://stackoverflow.com/questions/57165469/how-amazon-mq-service-works-without-asking-client-to-use-truststore-and-keystore