4 files changed, 24 insertions, 14 deletions

diff --git a/java/broker/etc/config.xml b/java/broker/etc/config.xml
index 0b4091efa5..ab6daef62d 100644
--- a/java/broker/etc/config.xml
+++ b/java/broker/etc/config.xml
@@ -28,6 +28,7 @@
              to enable SSL support
         <ssl>
             <enabled>true</enabled>
+            <sslOnly>true</sslOnly>
             <keystorePath>/path/to/keystore.ks</keystorePath>
             <keystorePassword>keystorepass</keystorePassword>
         </ssl>-->
diff --git a/java/broker/src/main/java/org/apache/qpid/server/Main.java b/java/broker/src/main/java/org/apache/qpid/server/Main.java
index a48bc5df7f..1d26abb63f 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/Main.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/Main.java
@@ -68,9 +68,6 @@ public class Main
 
     private static final String DEFAULT_LOG_CONFIG_FILENAME = "log4j.xml";
 
-    
-    private static Main _instance;
-
     protected static class InitException extends Exception
     {
         InitException(String msg)
@@ -333,8 +330,8 @@ public class Main
             {
                 sconfig.setThreadModel(ReadWriteThreadModel.getInstance());
             }
-
-            if (!connectorConfig.enableSSL)
+            
+            if (!connectorConfig.enableSSL || !connectorConfig.sslOnly)
             {
                 AMQPFastProtocolHandler handler = new AMQPProtocolProvider().getHandler();
                 InetSocketAddress bindAddress;
@@ -350,7 +347,7 @@ public class Main
                 _logger.info("Qpid.AMQP listening on non-SSL address " + bindAddress);
             }
 
-            else
+            if (connectorConfig.enableSSL)
             {
                 AMQPFastProtocolHandler handler = new AMQPProtocolProvider().getHandler();
                 try
@@ -374,7 +371,7 @@ public class Main
     public static void main(String[] args)
     {
 
-        _instance = new Main(args);
+        new Main(args);
     }
 
     private byte[] parseIP(String address) throws Exception
diff --git a/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java b/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
index 756a8b5ebe..03c7051aac 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/protocol/AMQPFastProtocolHandler.java
@@ -21,6 +21,7 @@
 package org.apache.qpid.server.protocol;
 
 import java.io.IOException;
+import java.net.InetSocketAddress;
 
 import org.apache.log4j.Logger;
 import org.apache.mina.common.ByteBuffer;
@@ -90,7 +91,7 @@ public class AMQPFastProtocolHandler extends IoHandlerAdapter
                 getConfiguredObject(ConnectorConfiguration.class);
         if (connectorConfig.enableExecutorPool)
         {
-            if (connectorConfig.enableSSL)
+            if (connectorConfig.enableSSL && isSSLClient(connectorConfig, protocolSession))
             {
             	String keystorePath = connectorConfig.keystorePath;
             	String keystorePassword = connectorConfig.keystorePassword;
@@ -104,7 +105,7 @@ public class AMQPFastProtocolHandler extends IoHandlerAdapter
         else
         {
         	protocolSession.getFilterChain().addLast("protocolFilter", pcf);
-            if (connectorConfig.enableSSL)
+            if (connectorConfig.enableSSL && isSSLClient(connectorConfig, protocolSession))
             {
             	String keystorePath = connectorConfig.keystorePath;
             	String keystorePassword = connectorConfig.keystorePassword;
@@ -228,4 +229,11 @@ public class AMQPFastProtocolHandler extends IoHandlerAdapter
             _logger.debug("Message sent: " + object);
         }
     }
+    
+    protected boolean isSSLClient(ConnectorConfiguration connectionConfig,
+    		IoSession protocolSession) 
+    {
+    	InetSocketAddress addr = (InetSocketAddress) protocolSession.getLocalAddress();
+    	return addr.getPort() == connectionConfig.sslPort;
+    }
 }
diff --git a/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java b/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
index dc9ad65113..a4ed859fa7 100644
--- a/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
+++ b/java/broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
@@ -41,11 +41,7 @@ public class ConnectorConfiguration
     @Configured(path = "connector.bind",
                 defaultValue = "wildcard")
     public String bindAddress;
-
-    @Configured(path = "connector.sslport",
-                defaultValue = SSL_PORT)
-    public int sslPort;
-
+    
     @Configured(path = "connector.socketReceiveBuffer",
                 defaultValue = "32767")
     public int socketReceiveBufferSize;
@@ -74,6 +70,14 @@ public class ConnectorConfiguration
                 defaultValue = "false")
     public boolean enableSSL;
     
+    @Configured(path = "connector.ssl.sslOnly",
+    		    defaultValue = "true")
+    public boolean sslOnly;
+    
+    @Configured(path = "connector.ssl.port",
+            defaultValue = SSL_PORT)
+    public int sslPort;    
+    
     @Configured(path = "connector.ssl.keystorePath",
     			defaultValue = "none")
     public String keystorePath;