Update Spring dependencies

Add SSLBundle configuration option for Boot 3.1 apps (#94)

Author: ibmmqmet

CHANGES.md

@@ -1,6 +1,11 @@
 # Changelog
 Newest updates are at the top of this file
 
+## 2.7.14 and 3.1.2 (2023-07-20)
+- Update Spring dependencies
+- Add SSLBundle configuration option for Boot 3.1 apps (#94)
+- Reverse build process to make Boot 3/Jakarta Messaging the default source tree
+
 ## 2.7.13 and 3.1.1 (2023-06-22)
 - Update Spring dependencies
 - Update to MQ 9.3.3.0

README.md

@@ -15,9 +15,10 @@ and building it yourself, you can use the `RUNME.sh` script. It uses gradle as t
 push compiled jars to either a local repository (typically under `$HOME/.m2`) or to Maven Central.
 When signing/authentication of modules is required, use the `gradle.properties.template` file as a starter for your own `gradle.properties`.
 
-Java 17 is required as the compiler level when building this package, as that is the baseline for Spring 3.
+Java 17 is required as the compiler level when building this package, as that is the baseline for Spring 3. Compiler directives are used to build 
+the Spring 2 version as compatible with the older Java 8 runtime.
 
-The script builds modules for both the JMS2 and JMS3 standards. The JMS3 (Jakarta) variant does not have a separate source tree in this repository. Instead, the source is generated automatically during the build process, by simply changing package names in the JMS2 code. The created jar files have the same names, but different version numbers.
+The script builds modules for both the JMS2 and JMS3 standards. The JMS3 (Jakarta) variant is the primary source. The older JMS2 version does not have a separate source tree in this repository. Instead, the source is generated automatically during the build process, by simply changing package names in the JMS3 code. The created jar files have the same names, but different version numbers.
 
 ### Spring Boot Applications
 
@@ -67,8 +68,10 @@ IBM MQ for Developers container which runs the server processes.
 The default options have been selected to match the
 [MQ container](https://github.com/ibm-messaging/mq-container) development configuration.
 
-This means that you can run a queue manager using that environment and connect to it. This script
-will run the container on a Linux system.
+This means that you can run a queue manager using that environment and connect to it without special 
+configuration. 
+
+This script will run the container on a Linux system.
 
     docker run --env LICENSE=accept --env MQ_QMGR_NAME=QM1 \
                --publish 1414:1414 \
@@ -193,7 +196,23 @@ and
 | ibm.mq.jks.keyStore             | Where is the keystore with a personal key and certificate                    |
 | ibm.mq.jks.keyStorePassword     | Password for the keyStore                                                    |
 
-These JKS options are an alternative to setting the `javax.net.ssl` system properties.
+These JKS options are an alternative to setting the `javax.net.ssl` system properties, usually done on the command line. 
+
+An alternative preferred approach is
+available from Spring 3.1, which introduced the concept of "SSL Bundles". This makes it possible to have different
+SSL configurations - keystores, truststores etc - for different components executing in the same Spring-managed process.
+See [here](https://spring.io/blog/2023/06/07/securing-spring-boot-applications-with-ssl)
+for a description of the options available. Each bundle has an identifier with the `spring.ssl.bundle.jks.<key>` tree of options.
+The key can be specified for this package with `ibm.mq.sslBundle` which will then use the Spring elements to create the
+connection configuration. The default value for this key is empty, meaning that `SSLBundles` will not be used; the global
+SSL configuration is used instead. 
+
+| Option                          | Description                                                                  |
+| ------------------------------- | ---------------------------------------------------------------------------- |
+| ibm.mq.sslBundle                | Spring Boot option (from 3.1) for granular certificate configuration         |
+
+To achieve the same effect with Spring 2.x, you could use your own code to create an `SSLSocketFactory` object
+which can be applied to the MQ Connection Factory in a `customise` method before the CF is invoked.
 
 #### Caching connection factory options
 
@@ -202,14 +221,14 @@ preferred method in Spring for holding JMS objects open, rather than the Pooling
 
 | Option                              | Description                                      |
 | ----------------------------------- | ------------------------------------------------ |
-| spring.jms.cache.enabled            | Whether to cache sessions                        |
+| spring.jms.cache.enabled            | Whether to cache sessions (default true)         |
 | spring.jms.cache.consumers          | Whether to cache message consumers               |
 | spring.jms.cache.producers          | Whether to cache message producers               |
 | spring.jms.cache.session-cache-size | Size of the session cache (per JMS Session type) |
 
 #### Pooled connection factory options
 
-Alternatively you may configure a pooled connection factory by using those properties:
+Alternatively you may configure a pooled connection factory by using these properties:
 
 | Option                                 | Description                                                                                                                              |
 | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
@@ -227,7 +246,7 @@ the options can be found [here](https://github.com/messaginghub/pooled-jms/blob/
 
 ### JMS Polling Listener Timer configuration
 
-The Spring AbstractPollingMessageListenerContainer interface has a default polling timer of 1 second. This can now be configured
+The Spring AbstractPollingMessageListenerContainer interface has a default polling timer of 1 second. This can be configured
 with the `spring.jms.listener.receiveTimeout` property. If the property is not explicitly set, then this MQ Spring Boot
 component resets the initial timeout value to 30 seconds which has been shown to be more cost-effective. Application code
 can still set its own preferred value.

RUNME.sh

@@ -40,13 +40,12 @@ EOF
 }
 
 function makeJms3Source {
-  $curdir/makeJms3.sh $1 $2
+  # This is the primary version, so don't need to copy it
   majors="$majors 61"
 }
 
 function makeJms2Source {
-  # There's nothing much needed here. Just make sure
-  # we know what version of compiler to expect.
+  $curdir/makeJms2.sh $1 $2
   majors="$majors 52"
 }
 
@@ -60,8 +59,9 @@ buildLog="/tmp/springBuild.log"
 rcFile="/tmp/springBuild.rc"
 majorsFile="/tmp/springBuild.majors"
 
+# Definitions for how to create the variation 
 in="$curdir/mq-jms-spring-boot-starter"
-out="$curdir/mq-jms3-spring-boot-starter"
+out="$curdir/mq-jms2-spring-boot-starter"
 
 majors=""
 
@@ -129,9 +129,9 @@ for vers in $jmsVersions
 do
   if [ $vers = "jms3" ]
   then
-    makeJms3Source $in $out
+    makeJms3Source 
   else
-    makeJms2Source
+    makeJms2Source $in $out
   fi
 
   cd $curdir
@@ -150,7 +150,7 @@ do
   then
     cp $HOME/.gradle.properties ./gradle.properties
   else
-    cp gradle.properties.template gradle.properties
+    cp -p gradle.properties.template gradle.properties
   fi
 
   if [ ! -r gradle.properties ]
@@ -163,7 +163,7 @@ do
   (./gradlew $args --warning-mode all clean jar $target 2>&1;echo $? > $rcFile) | tee -a $buildLog
 
   # Always make sure we've got a dummy properties file - the values are not needed from here on
-  cp gradle.properties.template gradle.properties
+  cp -p gradle.properties.template gradle.properties
 
   # Now we can look for errors
   rc=`cat $rcFile`

build.gradle

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018,2022 IBM Corp. All rights reserved.
+ * Copyright 2018,2023 IBM Corp. All rights reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
  * except in compliance with the License. You may obtain a copy of the License at
@@ -21,10 +21,10 @@
  * The "JMSVERSION" environment variable can be set to "jms2" or "jms3" and that is used
  * as the prefix for various control files and processing steps. We only build a single version
  * from this file; to build both jms2 and jms3, you have to run gradle twice.
- * The default is "jms2" if the env var is not set.
+ * The default is "jms3" if the env var is not set.
  */
 ext.jmsVersionProperty = 'JMSVERSION'
-ext.jmsVer             = (System.getenv(jmsVersionProperty)== null?'jms2':System.getenv(jmsVersionProperty))
+ext.jmsVer             = (System.getenv(jmsVersionProperty)== null?'jms3':System.getenv(jmsVersionProperty))
 ext.propsFile          = new File(rootDir, jmsVer + '.properties')
 
 // Now we know the jms Version, load the specific properties
@@ -44,12 +44,12 @@ subprojects {
   group = mqGroup
   version = mqStarterVersion
 
-  // Include the Spring milestone repository so we get early drops of the Jakarta-based version
+  // Could enable access to early-release Spring packages if we need it
   repositories {
     mavenLocal()
 
     //maven { url "https://repo.spring.io/snapshot"  }
-    maven { url "https://repo.spring.io/milestone" }
+    //maven { url "https://repo.spring.io/milestone" }
 
     mavenCentral()
   }

makeJms2.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# Generate JMS2 source from the JMS3:
+#
+# This script creates a copy of the Boot Starter code which is functionally (almost) identical
+# but has the jakarta package names replaced by javax in most places. 
+
+curdir=`pwd`
+in="$1"
+out="$2"
+
+if [ -z "$in" -o -z "$out" ]
+then
+  echo "Usage: makeJms2.sh inDir outDir"
+  exit 1
+fi
+# echo "Copying files for JMS2 build from $in to $out"
+
+if [ ! -d $in ]
+then
+  echo "Cannot find input directory $in"
+  exit 1
+fi
+
+mkdir $out >/dev/null 2>&1
+cd $in
+# Create the structure
+find . -type f | grep -v ".jms3" | cpio -upad $out
+# And recopy the files doing the package renaming as we go
+find . -type f -name "*.java" | while read f
+do
+   # Change various package names to replace jakarta with javax in most places.
+   # But the original MQ package names have neither in there.
+   cat  $f |\
+      grep -v "DeprecatedConfigurationProperty" |\
+      sed "s/jakarta/javax/g" |\
+      sed "s/ibm.mq.javax/ibm.mq/g" |\
+      sed "s/ibm.msg.client.javax/ibm.msg.client/g ">  $out/$f
+done
+
+find src -type f -name "*.jms2" | while read f
+do
+  # echo $f
+  d=`dirname $f`
+  n=`echo $f | sed "s/.jms2$//g"`
+  cp $f $out/$n
+done
+
+# One final piece of patching is for the SSLBundles support only available from Spring Boot 3.1
+f="./src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports"
+cat $f | grep -v "com.ibm.mq.spring.boot.MQConfigurationSslBundles" > $out/$f

makeJms3.sh

@@ -14,7 +14,7 @@
 
 package com.ibm.mq.spring.boot;
 
-import javax.jms.ConnectionFactory;
+import jakarta.jms.ConnectionFactory;
 
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
@@ -29,15 +29,15 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 
-import com.ibm.mq.jms.MQConnectionFactory;
+import com.ibm.mq.jakarta.jms.MQConnectionFactory;
 
 // See https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0.0-M5-Release-Notes
 // where autoconfiguration was moved from META-INF/spring.factories to a separate file. The
 // original file can remain in place though for both Boot 2 and Boot 3.
 
 @Configuration(proxyBeanMethods=false)
 @AutoConfigureBefore(JmsAutoConfiguration.class)
-@AutoConfigureAfter({ JndiConnectionFactoryAutoConfiguration.class, JtaAutoConfiguration.class})
+@AutoConfigureAfter({ JndiConnectionFactoryAutoConfiguration.class, JtaAutoConfiguration.class,MQConfigurationSslBundles.class})
 @ConditionalOnClass({ ConnectionFactory.class, MQConnectionFactory.class })
 @ConditionalOnProperty(prefix = "ibm.mq", name = "autoConfigure", matchIfMissing=true)
 @ConditionalOnMissingBean(ConnectionFactory.class)

mq-jms-spring-boot-starter/src/main/java/com/ibm/mq/spring/boot/MQAutoConfiguration.java

@@ -23,19 +23,18 @@
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.NestedConfigurationProperty;
 
-import com.ibm.msg.client.wmq.WMQConstants;
+import com.ibm.msg.client.jakarta.wmq.WMQConstants;
 
 /**
- * There are many properties that can be set on an MQ Connection Factory, but these are the most commonly-used
- * for both direct and client connections. If you use TLS for client connectivity, most properties related to that
- * (keystore, certificates etc) must be set independently.
+ * There are many properties that can be set on an MQ Connection Factory/ This class allows configuration for most of them
+ * for both direct and client connections. Any that are not explicitly named in here can be managed through the "additionalProperties"
+ * map.
  * <p>
  * This class allows for setting the CipherSuite/CipherSpec property, and an indication of whether or not
  * to use the IBM JRE maps for Cipher names - that's not something that is standardised.
  * <p>
  * The default values have been set to match the settings of the
- * <a href="https://github.com/ibm-messaging/mq-docker">MQ Docker</a>
- * container.
+ * <a href="https://github.com/ibm-messaging/mq-container">developer-configured container</a>.
  *
  * <ul>
  * <li>queueManager = QM1
@@ -187,6 +186,10 @@ public class MQConfigurationProperties {
    */
   private int sslKeyResetCount = -1;
 
+  /**
+   * The key to the SSL Bundle attributes available from Spring Boot 3.1
+   */
+  private String sslBundle;
 
   /**
    * Additional CF properties that are not explicitly known can be provided
@@ -396,6 +399,14 @@ public int getSslKeyResetCount() {
   public void setSslKeyResetCount(int sslKeyResetCount) {
     this.sslKeyResetCount = sslKeyResetCount;
   }
+  
+  public String getSslBundle() {
+    return sslBundle;
+  }
+
+  public void setSslBundle(String sslBundle) {
+    this.sslBundle = sslBundle;
+  }
 
   public int getReconnectValue() {
     int rc = 0;
@@ -451,6 +462,8 @@ public void traceProperties() {
     logger.trace("sslCipherSuite  : {}", getSslCipherSuite());
     logger.trace("sslKeyresetcount: {}", getSslKeyResetCount());
     logger.trace("sslPeerName     : {}", getSslPeerName());
+    logger.trace("sslBundle       : {}",getSslBundle());
+
     logger.trace("tempModel       : {}", getTempModel());
     logger.trace("tempQPrefix     : {}", getTempQPrefix());
     logger.trace("tempTopicPrefix : {}", getTempTopicPrefix());
@@ -463,7 +476,6 @@ public void traceProperties() {
     logger.trace("outboundSNI            : \'{}\'", getOutboundSNI());
     logger.trace("channelSharing         : \'{}\'", getChannelSharing());
 
-
     logger.trace("jndiCF          : {}", getJndi().getProviderContextFactory());
     logger.trace("jndiProviderUrl : {}", getJndi().getProviderUrl());
 
@@ -473,7 +485,7 @@ public void traceProperties() {
     pw = getJks().getTrustStorePassword();
     logger.trace("JKS truststore         : {}",getJks().getTrustStore());
     logger.trace("JKS truststore pw set  : {}", (pw != null && pw.length() > 0) ? "YES" : "NO");
-    
+
     if (additionalProperties.size() > 0) {
       for (String s: additionalProperties.keySet()) {
         logger.trace("Additional Property - {} : {}",s,additionalProperties.get(s));

mq-jms-spring-boot-starter/src/main/java/com/ibm/mq/spring/boot/MQConfigurationProperties.java

@@ -53,7 +53,7 @@ public String getTrustStore() {
   public void setTrustStore(String trustStore) {
     this.trustStore = trustStore;
   }
-
+  
   public String getKeyStorePassword() {
     return keyStorePassword;
   }