In our project we are using JBoss EAP 7.2. We are creating queues (Apache ActiveMQ Artemis) in standalone-full.xml and sending/receiving messages to/from those queues from applications developed using Spring Boot. But to send a message to queue we are adding the tag <security enabled="false"/> in the configuration of messaging subsystem of standalone-full.xml. If this tag is not added we are getting an error while connecting to the queue.
Now our requirement is to enable SSL while connecting to the broker. For that I was going through some of the articles and the steps to enable SSL security while connecting to the broker as I understood the following:
https-remoting protocol for connecting to JBoss instead of the http-remoting protocol8443 instead of 8080My question is will I have to remove the tag <security enabled="false"/> from messaging subsystem configuration in standalone-full.xml to connect to the broker using SSL? What is the use / significance of this tag?
Broker security and transport security are independent of each other so you can connect to the broker using SSL even if you're using <security enabled="false"/>.
However, I would strongly discourage you from using <security enabled="false"/>. This means that there is no authentication or authorization performed on any connection to the broker. In other words, any client which can reach the broker can send anything they want to the broker and consume anything they want from the broker. If you're using this strictly for development then relaxed security is usually fine (although not ideal), but this is a really bad idea for any production system.