I'm a newbe for message broker.
I'm trying to create webservice security in message broker authenticated using LDAP.
but the authentication is always fail in my SOAP message header I have specify the right user: wpsadmin and right password : 123
this is my ldap configuration:
Quote:
mqsicreateconfigurableservice WBRK61_DEFAULT_BROKER -c SecurityProfiles -o LDAP -n authentication,authorization,propagation,authenticationConfig,authorizationConfig -v "LDAP,LDAP,TRUE,\"ldap://192.168.0.138:389/dc=hanoman, dc=co, dc=id\""
I'm not sure that my configuration is true or false. but the configuration below used by us for our websphere process server (Secure administration->applications, and infrastructure -> Standalone LDAP registry) .
Code:
Host : 192.168.0.138
Port : 389
Base distinguished name (DN) : dc=hanoman, dc=co, dc=id
Bind distinguished name (DN) : cn=wpsadmin, cn=users, dc=hanoman, dc=co, dc=id
I need your help. Thanks
It could be that your initial bind is failing. Have you used mqsisetdbparms to set the user to use for search as described in http://publib.boulder.ibm.com/infocenter/wmbhelp/v6r1m0/index.jsp?topic=%2Fcom.ibm.etools.mft.doc%2Fap04121_.htm
Create a security profile from the Explorer->Broker->yourBroker then right click on it.
Click on Security Profiles ->Click on ADD then Fill The Form with LDAP Attributes
Set LDAP Binding with mqsisetdbparms command.
For more assistance this link provides an excellent guide, it talks about WebSphere Message Broker 7 but it helped me to bind IBM Integration bus 9.0 [ Broker ] with LDAP
This is the Link Implemeting Message Flow Security in WebSphere Message Broker V7.0
Related
I'm following this guide to learn how to use spring-rabbit with RabbitMQ. However in this guide, the RabbitMQ configuration is as default(localhost server and with credential as guest/guest). What should I do if I want to connect to an remote RabbitMQ with ip address and credential? I don't know where to set these information in my application.
The application for that guide is a Spring Boot Application.
Add a file application.properties to src/main/resources.
You can then configure rabbitmq properties according to the Spring Boot Documentation - scroll down to the rabbitmq properties...
...
spring.rabbitmq.host=localhost # RabbitMQ host.
...
spring.rabbitmq.password= # Login to authenticate against the broker.
spring.rabbitmq.port=5672 # RabbitMQ port.
...
spring.rabbitmq.username= # Login user to authenticate to the broker.
...
To connect to a cluster, use
spring.rabbitmq.addresses= # Comma-separated list of addresses to which the client should connect.
e.g. server1:5672,server2:5672.
If you don't want to use boot auto configuration, declare a CachingConnectionFactory #Bean yourself and configure it as desired.
Our current C# application does not use a username and password to connect to WebSphere MQ, rather a DLL contains all the security information. If this DLL exists, C# will be able to access MQ.
When connecting from Java or Scala, how would one configure JMS so that rather than using a simple user\password, like:
properties.put(Context.SECURITY_PRINCIPAL, "user")
properties.put(Context.SECURITY_CREDENTIALS, "password")
val ctx = new InitialContext(properties)
instead it uses the DLL?
Thanks
That DLL must be containing a security exit to be used by the MQ Client.
You should specify the security exit in the SECEXIT property of the MQConnectionFactory.
More about setting up the MQ classes for JMS to use the security exit:
https://www.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q032490_.htm?lang=en
Are you using a vendor solution or something home-grown for the security exits?
If it is a home-grown security exit then talk with the person in your company who wrote it.
If it is a vendor solution then contact the vendor for the Java client-side security exit. If you happen to be using Capitalware's MQAUSX solution then I known there is a Java & JMS client-side security exit plus the documentation describes how to configure it.
I've been searching extensively for a description of how to set up JMS access from a remote client to a file based JNDI MQ Series provider without success.
My JMS client works Ok on the same Linux machine as my MQSeries 7.5 server using file based JNDI.
How does one set up a remote client to use file based JNDI? Is it even possible or must one use LDAP?
I've seen hints that one should be able to have a remote client but nothing very clear.
I'm using Spring JMSTemplate which uses a provider url. On the same machine my Tomcat context.xml file uses a file: fileName url which, as I say, works ok collocated with the MQSeries server.
Thanks
Not a problem. If you are using a File based JNDI then you just need to add a QCF that contains the appropriate information for the remote queue manager. i.e. hostname, port # and channel name
DEFINE QCF(myQCF) QMANAGER(MQWT1) CHANNEL(TEST.CHL) HOSTNAME(22.22.22.22) PORT(1414) TRANSPORT(CLIENT) FAILIFQUIESCE(YES)
I was assuming that there was more than there is to file based JNDI. All it is is reading a property file. Using the "file"" url format allows you to read remote files.
I'm trying to set up part of an application which uses MDBs to consume messages from a JMS Queue. I've looked through the Oracle documentation but can't seem to make sense of it. Examples on the internet seem to be for situations where your JMS server is the same weblogic server where you are consuming but in my case there is a separate server.
I've found this post Weblogic EJB connection to external Tibco EMS JMS Queue which gives broad strokes but seems to be written more for experienced weblogic users.
Specifically with the linked here is where I'm having trouble:
Create a foreign server with all the normal details (local/remote JNDI lookup names for destination and connection factories).
Not sure how to do this.
Create a local WL user with the same name as the remote EMS user, including password.
I cannot do this as my password is less than 8 characters
Create an ejb credential mapping (NOT security credential mapping)
do this by clicking on the relevant deployment, click on the relevant ejb name in the list, then Security tab then Credentials Mapping tab.
add the same name for WLS and Remote users (password doesn't seem to be necessary here).
Under Security I see Application/Module Scope tabs and Roles/Policies underneath those.
Can anyone give more detailed steps on how to set up a simple MDB in Weblogic 10.3.5 which consumes JMS messages from an external server (Tibco EMS)?
I have an ldap url, a selector (to filter out unwanted messages, not completely necessary), username and password, Queue name, EMS server url (which specifies a port), connection factory ldap. What do I do with this information?
You can configure a foreign server in weblogic and inside the foreign server you can provide the connection factory & destination details. The username, passwd & queue name that you have will be required to create these weblogic admin objects.
Weblogic foreign server configuration
While creating the destination you can provide the local jndi name which you can use in your MDB Activation configuration to connect to.
Currently I am working on a JMS application. But I use plain JMS API and Property file for configurations. My application is running in Weblogic and connects to MQ series server of my client.
Recently I got to know I can use Weblogic for JMS configurations.
Please explain.
What is "Foreign JMS provider"?
Is Weblogic also a JMS server or Foreign JMS provider or Both?
Weblogic provides the JMS Server features fully compliant with all JMS spec elements such as ConnectionFactory and Destinations. On this JMS Server you can connect and send messages to the client's Messaging Server via a configured Destination.
In addition using Weblogic as the JMS Server gives you lot many features such as Message Retry in case of failure, setting message quotas as well as enhanced monitoring of the JMS Server to track errors. The idea is to have more configuration driven settings for performance, deadlocks, tuning, filestore or database store etc.
A full list of such features is given at http://download.oracle.com/docs/cd/E12840_01/wls/docs103/jms/fund.html#wp1071787
A Foreign JMS Provider in Weblogic is the term used to define JMS implementations other than Weblogic JMS. An example is IBM MQ in your case.
Once the Foreign Provider is configured within Weblogic, for all practical purposes within the code - it can be called as if it was on local JNDI lookup. Weblogic will make the remote calls transparent to your code. This allows you to change your destination via configuration on the Weblogic console.
You will need a Messaging Bridge within Weblogic JMS Server to connect a source destination from which messages are received, and a target destination to which messages are sent.
Some essential reading on this is at: http://download.oracle.com/docs/cd/E12840_01/wls/docs103/jms_admin/advance_config.html#wp1075917
and an example of configuring IBM MQ as a Foreign Provider is at http://www.ibm.com/developerworks/websphere/library/techarticles/0604_kesavan/0604_kesavan.html#N1011D