Skip to content

AMQ-9857: Support broker-level SSL fallback in ManagementContext to eliminate duplicate SSL configuration#1710

Closed
anmol-saxena-14 wants to merge 3 commits intoapache:mainfrom
anmol-saxena-14:tik1699
Closed

AMQ-9857: Support broker-level SSL fallback in ManagementContext to eliminate duplicate SSL configuration#1710
anmol-saxena-14 wants to merge 3 commits intoapache:mainfrom
anmol-saxena-14:tik1699

Conversation

@anmol-saxena-14
Copy link
Copy Markdown
Contributor

@anmol-saxena-14 anmol-saxena-14 commented Feb 23, 2026

No description provided.

@anmol-saxena-14 anmol-saxena-14 marked this pull request as ready for review February 23, 2026 11:54
@anmol-saxena-14 anmol-saxena-14 mentioned this pull request Feb 23, 2026
Open
@jeanouii
Copy link
Copy Markdown
Contributor

jeanouii commented Feb 23, 2026

Hi,
Thanks for the contribution.
I do have already #1661 to cover this. Maybe I missed something?

@anmol-saxena-14
Copy link
Copy Markdown
Contributor Author

anmol-saxena-14 commented Feb 23, 2026

Hi,
I have added a comment on the issue, Can you please check.
#1699 (comment)
Thanks

@jeanouii
Copy link
Copy Markdown
Contributor

jeanouii commented Feb 23, 2026
edited
Loading

@asaxena14 So, if I understand, we need to somehow merge our 2 PRs, right?
Or is it better to keep only one of the 2?

mattrpav
mattrpav reviewed Feb 23, 2026
View reviewed changes
activemq-broker/src/main/java/org/apache/activemq/broker/BrokerService.java
// Reuse the broker-level SSL context for JMX by default
// This avoids duplicating SSL config in activemq.xml while still allowing an
// explicit managementContext sslContext to override when one is needed
if (getManagementContext().getSslContext() == null && getSslContext() != null) {
Copy link
Copy Markdown
Contributor

@mattrpav mattrpav Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a logic flaw here-- just b/c an SslContext exists on the broker, does not mean the intent is to wire it to the management context.

If there is a fallback option, there most likely will need to be a config flag on the managementContext to affirm that ssl should be enabled.

Copy link
Copy Markdown
Contributor

@jeanouii jeanouii Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mattrpav right this was the option I used in my PR #1661

Copy link
Copy Markdown
Contributor Author

@anmol-saxena-14 anmol-saxena-14 Feb 23, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, the PR #1661 already supports explicit wiring via: " ". Adding a fallback code, guarded by an explicit flag, does not seem necessary and would add complexity without clear benefit.

@anmol-saxena-14
Copy link
Copy Markdown
Contributor Author

anmol-saxena-14 commented Feb 23, 2026

This is already covered by PR #1661.

@anmol-saxena-14 anmol-saxena-14 deleted the tik1699 branch March 26, 2026 05:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattrpav mattrpav mattrpav left review comments

@jeanouii jeanouii jeanouii left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anmol-saxena-14 @jeanouii @mattrpav