`
darrenzhu
  • 浏览: 806954 次
  • 性别: Icon_minigender_1
  • 来自: 上海
社区版块
存档分类
最新评论

Websphere MQ Java/JMS 客户端的 SSL/AMS 配置

阅读更多

IBM官方配置指南
http://www-01.ibm.com/support/docview.wss?uid=swg24010367

另外可以参考IBM关于Security方面的详细文档
http://www.slideshare.net/MoragHughson/websphere-mq-v8-security-deep-dive

直接使用Java配置SSL

/********************************************************************/
/*                                                                  */
/* Program name: SSLSample                                          */
/*                                                                  */
/* Description: Sample Java program that demonstrates how to        */
/*              specify SSL client connection information for a     */
/*              MQQueueManager connection.                          */
/*                                                                  */
/* <START_COPYRIGHT>                                                */
/* Licensed Materials - Property of IBM                             */
/*                                                                  */
/* (C) Copyright IBM Corp. 2006,2009 All Rights Reserved.           */
/*                                                                  */
/* US Government Users Restricted Rights - Use, duplication or      */
/* disclosure restricted by GSA ADP Schedule Contract with          */
/* IBM Corp.                                                        */
/* <END_COPYRIGHT>                                                  */
/*                                                                  */
/********************************************************************/
/*                                                                  */
/* Overview:                                                        */
/*                                                                  */
/*   This sample is provided with WebSphere MQ SupportPac MO04 -    */
/*   WebSphere MQ SSL Wizard. The wizard will generate command line */
/*   options to be used with this program.                          */
/*                                                                  */
/*   It is assumed that the SSL server connection channel and other */
/*   SSL administration, as instructed by the wizard, has been      */
/*   completed before running this program.                         */
/*                                                                  */
/*   If the SSL connection is successful the program should output: */
/*                                                                  */
/*      "Connection Successful!"                                    */
/*                                                                  */
/********************************************************************/
/*                                                                  */
/* Function:                                                        */
/*                                                                  */
/*   SSLSample is a sample Java program that demonstrates how to    */
/*   supply SSL information for a client connection on a            */
/*   MQQueueManager connection.                                     */
/*                                                                  */
/*   The sample simply connects to the queue manager by             */
/*   constructing the MQQueueManager object and then disconnects    */
/*   using the MQQueueManager disconnect method.                    */
/*                                                                  */
/********************************************************************/
/*                                                                  */
/* Usage:                                                           */
/*                                                                  */
/*   SSLSample has 7 parameters, all of which are mandatory:        */
/*                                                                  */
/*     java SSLSample Conname Port SvrconnChannelName               */
/*             QMgrName SSLCiph SSLKeyr SSLKeyrPassword             */
/*                                                                  */
/*   The parameters are:                                            */
/*                                                                  */
/*     Conname     - the connection name of the server queue        */
/*                   manager in the same format as the CONNAME      */
/*                   parameter on the MQSC DEFINE CHANNEL command,  */
/*                   but without the port specified.                */
/*                                                                  */
/*     Port        - the connection port of the server queue        */
/*                   manager.                                       */
/*                                                                  */
/*     SvrconnChannelName                                           */
/*                 - the name of the server connection channel      */
/*                   on the server queue manager with which the     */
/*                   sample program will try to connect.            */
/*                                                                  */
/*     QMgrName    - the name of the server queue manager.          */
/*                                                                  */
/*     SSLCiph     - the SSL CipherSpec.                            */
/*                                                                  */
/*     SSLKeyr     - the name of a single store, which is both the  */
/*                   keystore and truststore.                       */
/*                                                                  */
/*     SSLKeyrPassword                                              */
/*                 - the SSL key repository password.               */
/*                                                                  */
/*   For example:                                                   */
/*                                                                  */
/*     java SSLSample myhost1 1414 SSL.SVRCONN QM1 NULL_MD5         */
/*                                    C:\mq\ssl\client.kdb password */
/*                                                                  */
/********************************************************************/
import java.util.Hashtable;

import com.ibm.mq.*; //Include the WebSphere MQ classes for Java package
import com.ibm.mq.constants.MQConstants; 

public class SSLSample {

  // define the parms
  private static String conname ;
  private static String port    ;
  private static String channel ;
  private static String qmgr    ;
  private static String sslciph ;
  private static String sslkeyr ;
  private static String sslpass ;
  
  public static void main(String args[]) {
    /****************************************************************/
    /* Check for correct number of arguments                        */
    /****************************************************************/
    if (args.length == 7) {
      conname = args[0];
      port    = args[1];
      channel = args[2];
      qmgr    = args[3];
      sslciph = args[4];
      sslkeyr = args[5];
      sslpass = args[6];
    }
    else {
      System.out.println("Usage parms: Conname Port Channel Qmgr SSLCiph SSLStore SSLKeyStorePassword");
      System.out.println("     NOTE - SSLStore is the name of a single store, which is both the keystore and truststore.");
      return;
    }
  
    new SSLSample().runSample();     
  }

  public void runSample() {
    //System.setProperty("javax.net.debug", "true");

    /****************************************************************/
    /* Utilise the arguments                                        */
    /****************************************************************/
    System.setProperty("javax.net.ssl.trustStore", sslkeyr );
    System.setProperty("javax.net.ssl.keyStore", sslkeyr );
    System.setProperty("javax.net.ssl.keyStorePassword", sslpass );
    MQEnvironment.hostname       = conname;
    MQEnvironment.port           = Integer.parseInt(port);
    MQEnvironment.channel        = channel;
    MQEnvironment.properties.put(MQConstants.SSL_CIPHER_SUITE_PROPERTY,sslciph); 

    /****************************************************************/
    /* Print out parms                                              */
    /****************************************************************/
    System.out.println("Connecting to:");
    System.out.println("  Conname = " + MQEnvironment.hostname);
    System.out.println("  Port = " + MQEnvironment.port);
    System.out.println("  Channel = " + MQEnvironment.channel);
    System.out.println("  Qmgr = " + qmgr);
    System.out.println("  SSLCiph = "+ MQEnvironment.properties.get(MQConstants.SSL_CIPHER_SUITE_PROPERTY));
    System.out.println("  SSLTrustStore = "+ System.getProperty("javax.net.ssl.trustStore"));
    System.out.println("  SSLKeyStore = "+ System.getProperty("javax.net.ssl.keyStore"));
    System.out.println("  SSLKeyStorePassword = "+ System.getProperty("javax.net.ssl.keyStorePassword"));

    try {

      /**************************************************************/
      /* Connect to queue manager                                   */
      /**************************************************************/
      System.out.println("Connecting...");
      MQQueueManager qMgr = new MQQueueManager(qmgr);
      System.out.println("Connection successful!");

      /**************************************************************/
      /* Disconnect from queue manager                              */
      /**************************************************************/
      System.out.println("Disconnecting from the Queue Manager");
      qMgr.disconnect();
      System.out.println("Done!");
    }
    catch (MQException ex) {
      System.out.println("A WebSphere MQ Error occured : Completion Code "
                + ex.completionCode + " Reason Code " + ex.reasonCode);
    }
  }
} 


使用JMS配置SSL
/********************************************************************/
/*                                                                  */
/* Program name: SSLSampleJMS                                       */
/*                                                                  */
/* Description: Sample JMS program that demonstrates how to         */
/*              specify SSL client connection information for a     */
/*              MQQueueConnectionFactory connection.                */
/*                                                                  */
/* <START_COPYRIGHT>                                                */
/* Licensed Materials - Property of IBM                             */
/*                                                                  */
/* (C) Copyright IBM Corp. 2006, 2009 All Rights Reserved.          */
/*                                                                  */
/* US Government Users Restricted Rights - Use, duplication or      */
/* disclosure restricted by GSA ADP Schedule Contract with          */
/* IBM Corp.                                                        */
/* <END_COPYRIGHT>                                                  */
/*                                                                  */
/********************************************************************/
/*                                                                  */
/* Overview:                                                        */
/*                                                                  */
/*   This sample is provided with WebSphere MQ SupportPac MO04 -    */
/*   WebSphere MQ SSL Wizard. The wizard will generate command line */
/*   options to be used with this program.                          */
/*                                                                  */
/*   It is assumed that the SSL server connection channel and other */
/*   SSL administration, as instructed by the wizard, has been      */
/*   completed before running this program.                         */
/*                                                                  */
/*   If the SSL connection is successful the program should output: */
/*                                                                  */
/*      "Connection Successful!"                                    */
/*                                                                  */
/********************************************************************/
/*                                                                  */
/* Function:                                                        */
/*                                                                  */
/*   SSLSampleJMS is a sample Java program that demonstrates how to */
/*   supply SSL information for a client connection on a            */
/*   MQQueueConnectionFactory connection.                           */
/*                                                                  */
/*   The sample simply connects to the queue manager.               */
/*                                                                  */
/********************************************************************/
/*                                                                  */
/* Usage:                                                           */
/*                                                                  */
/*   SSLSampleJMS has 7 parameters, all of which are mandatory:     */
/*                                                                  */
/*     java SSLSampleJMS Conname Port SvrconnChannelName            */
/*             QMgrName SSLCiph SSLKeyr SSLKeyrPassword             */
/*                                                                  */
/*   The parameters are:                                            */
/*                                                                  */
/*     Conname     - the connection name of the server queue        */
/*                   manager in the same format as the CONNAME      */
/*                   parameter on the MQSC DEFINE CHANNEL command,  */
/*                   but without the port specified.                */
/*                                                                  */
/*     Port        - the connection port of the server queue        */
/*                   manager.                                       */
/*                                                                  */
/*     SvrconnChannelName                                           */
/*                 - the name of the server connection channel      */
/*                   on the server queue manager with which the     */
/*                   sample program will try to connect.            */
/*                                                                  */
/*     QMgrName    - the name of the server queue manager.          */
/*                                                                  */
/*     SSLCiph     - the SSL CipherSpec.                            */
/*                                                                  */
/*     SSLKeyr     - the name of a single store, which is both the  */
/*                   keystore and truststore.                       */
/*                                                                  */
/*     SSLKeyrPassword                                              */
/*                 - the SSL key repository password.               */
/*                                                                  */
/*   For example:                                                   */
/*                                                                  */
/*     java SSLSampleJMS myhost1 1414 SSL.SVRCONN QM1               */
/*                           NULL_MD5 C:\mq\ssl\client.kdb password */
/*                                                                  */
/********************************************************************/
import javax.jms.*;
import com.ibm.mq.*;
import com.ibm.mq.jms.*;
import com.ibm.mq.jms.services.*;
import com.ibm.msg.client.wmq.common.CommonConstants;
//import com.ibm.mq.constants.MQConstants; 

public class SSLSampleJMS {
  private static String conname ;
  private static String port    ;
  private static String channel ;
  private static String qmgr    ;
  private static String sslciph ;
  private static String sslkeyr ;
  private static String sslpass ;
  private  MQQueueConnectionFactory qcf;
  private  QueueConnection queueCon;
  private QueueSession queueSession;
  
  public static void main(String args[]) {
    /**************************************************************/
    /* Check for correct number of arguments                      */
    /**************************************************************/
    if (args.length == 7) {
      conname = args[0];
      port    = args[1];
      channel = args[2];
      qmgr    = args[3];
      sslciph = args[4];
      sslkeyr = args[5];
      sslpass = args[6];
    }
    else {
      System.out.println("Usage parms: Conname Port Channel Qmgr SSLCiph SSLStore SSLKeyStorePassword");
      System.out.println("     NOTE - SSLStore is the name of a single store, which is both the keystore and truststore.");
      return;
    }
  
    new SSLSampleJMS().runSample();     
  }

  public void runSample() {
    //System.setProperty("javax.net.debug", "true");

    /****************************************************************/
    /* Utilise the arguments                                        */
    /****************************************************************/
    System.setProperty("javax.net.ssl.trustStore", sslkeyr );
	 	System.setProperty("javax.net.ssl.keyStore", sslkeyr );
	 	System.setProperty("javax.net.ssl.keyStorePassword", sslpass );

    try {
      /**************************************************************/
      /* Utilise the arguments                                      */
      /**************************************************************/
      qcf = new MQQueueConnectionFactory();
      qcf.setHostName(conname);
      qcf.setPort(Integer.parseInt(port));
      qcf.setQueueManager(qmgr);
      qcf.setChannel(channel);
      qcf.setTransportType(CommonConstants.WMQ_CM_CLIENT);
      qcf.setSSLCipherSuite(sslciph);
      
      /**************************************************************/
      /* Print out parms                                            */
      /**************************************************************/
      System.out.println("Connecting to:");
      System.out.println("  Conname = " + qcf.getHostName());
      System.out.println("  Port = " + qcf.getPort());
      System.out.println("  Channel = " + qcf.getChannel());
      System.out.println("  Qmgr = " + qcf.getQueueManager());
      System.out.println("  SSLCiph = "+ qcf.getSSLCipherSuite());
      System.out.println("  SSLTrustStore = "+ System.getProperty("javax.net.ssl.trustStore"));
      System.out.println("  SSLKeyStore = "+ System.getProperty("javax.net.ssl.keyStore"));
      System.out.println("  SSLKeyStorePassword = "+ System.getProperty("javax.net.ssl.keyStorePassword"));
      
      /**************************************************************/
      /* Connect to queue manager                                   */
      /**************************************************************/
      queueCon = qcf.createQueueConnection();
      queueSession = queueCon.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
      System.out.println("Connection Successful!"     );
      
    } catch(Exception e){
      e.printStackTrace();
    }
  }
}




http://www.ibm.com/developerworks/cn/websphere/library/techarticles/0510_fehners/0510_fehners.html


http://www.ibm.com/developerworks/cn/websphere/techjournal/0211_yusuf/yusuf.html

Troubleshooting Java/JMS SSL Configurations
http://www-01.ibm.com/support/docview.wss?uid=swg21614686


Can I use the same keystore for AMS as used for MQ SSL?


http://stackoverflow.com/questions/4271116/wmq-ams-keystore
You can, but also have the option to use separate certs and/or keystores if you want. The keystore.conf file contains the details of the keystore and the label of the certificate that AMS will use for encrypting and signing messages. This can point to the same certificate as used by the application for making connections to WebSphere MQ, the same certificate the app server uses for SSL connections or an entirely separate keystore dedicated to AMS.

The key (excuse the pun) is to manage the keystores based on the security model required. The app server's keystore probably has a number of external-facing certificates in its trust store. For example, it might trust several commercial certificate authorities. The AMS keystore must contain the certificates of anyone who will be signing or encrypting messages that your app will consume or receiving encrypted messages from your app. Since these are usually internal-facing it might be worthwhile to use a separate keystore for AMS than is used for external-facing entities. Otherwise the two different security models (internal-facing and external-facing) end up trusting each others participants.

This is just one example and in general the idea is to construct the keystores based on the specific security model required and using a least-trust principle. You have to balance the cost of maintaining separate keystores against the extra security of maintaining individual ones.

Secure Your Messages with IBM MQ Advanced Message Security
http://www.slideshare.net/MoragHughson/ame2286-ams
Key slides






  • 大小: 237.5 KB
  • 大小: 190.3 KB
  • 大小: 91.3 KB
  • 大小: 142.1 KB
  • 大小: 131 KB
  • 大小: 113 KB
分享到:
评论

相关推荐

    WebsphereMQ.rar_JMS MQ_MQ_MQ JMS_java mq jms_websphereMQ downloa

    安装后,需要配置相关的服务器和客户端连接参数,包括主机名、端口、通道、队列管理器名称等,以便JMS应用程序能够正确连接到MQ服务器。 总结起来,"用jms向WebSphere mq里发送消息"涉及了JMS和WebSphere MQ的集成...

    Java下操作IBM Websphere MQ的项目案例

    在这个“Java下操作IBM Websphere MQ的项目案例”中,我们将探讨如何使用Java语言与IBM MQ进行交互,以及如何在Eclipse开发环境中设置和运行相关的项目。 首先,我们需要了解IBM MQ的基本概念。IBM MQ提供了一个...

    在IBM WebSphere 6.1中配置IBM MQ并通过JMS验证的方法和详细示例

    在本文档中,我们将详细介绍如何在IBM WebSphere 6.1中配置IBM MQ,并通过Java消息服务(JMS)进行验证的过程。IBM MQ是一种高级的消息中间件,用于在分布式应用程序之间传递消息。通过集成WebSphere Application ...

    Websphere MQ using java

    2. **安装 JMS 客户端库**:安装包含 JMS API 的客户端库,这些库通常作为 WebSphere MQ 安装的一部分提供。 3. **配置 Java 安全策略**:如果应用程序运行在启用了安全策略的环境中,需要配置相应的安全策略文件。 ...

    学习使用WebSphere MQ for Java编程

    WebSphere MQ for Java 是 IBM 提供的一个用于 Java 开发者集成消息传递功能的库,它使得 Java 应用程序能够直接与 WebSphere MQ Server 交互,或者作为客户端连接到 WebSphere MQ 服务。这个框架提供了可靠的、跨...

    WebSphere MQ配置.rar

    WebSphere MQ配置.rar WebSphere MQ配置.rar WebSphere MQ配置.rar

    Ibm - Websphere Mq Using Java (v5.3), 3Rd Ed - 2004 - (By Laxxuss).pdf

    《WebSphere MQ 使用 Java (V5.3)》第三版为开发者提供了全面深入的指导,涵盖了 WebSphere MQ Java 的各个方面,包括基础知识、API 使用方法、安装配置以及最佳实践等内容。通过学习本书,开发者可以更好地掌握如何...

    java访问IBM MQ SSL加密通道

    描述了java程序代码去访问MQ的SSL加密的通道。如何配置JKS,如何配置MQ服务器的SSL秘钥库,如何配置证书制作证书和秘钥库。主要是如何编写java代码去访问SSL通道并取到数据。

    Linux 上的 WebSphere MQ 开发快速入门

    本文将介绍如何在 Linux 上安装和配置 WebSphere MQ,以及如何使用 Java 应用程序开发 MQ 环境。本文将通过示例应用程序说明如何向队列发送消息和从队列接收消息。 WebSphere MQ 简介 WebSphere MQ 是一种可靠的...

    WebSphere MQ Using Java

    ### WebSphere MQ 使用 Java 的关键知识点 #### 一、WebSphere MQ 概述与 Java 集成 **WebSphere MQ**(以下简称 WMQ)是一款由 IBM 开发的消息队列中间件,它允许应用程序在分布式环境中通过消息进行通信。WMQ ...

    websphere mq using java

    文档还介绍了如何使用 Java Message Service (JMS) 规范来访问 WebSphere MQ。这使得 Java 开发者能够利用标准接口与消息中间件进行交互,增强了应用的可移植性和互操作性。 ##### 示例代码 文档提供了大量的示例...

    Java监控WebSphere MQ 7.5中间件信息

    Java监控WebSphere MQ 7.5中间件信息主要涉及到的是如何使用Java编程语言与IBM的WebSphere MQ消息中间件进行交互,以便收集、分析和管理MQ的运行时信息。WebSphere MQ,以前被称为MQSeries,是IBM提供的一种企业级的...

    IBM WebSphere MQ 安装包

    6. **API与开发**:WebSphere MQ提供了丰富的编程接口,包括Java、C、C++等,开发者可以使用这些接口编写应用程序,实现与消息队列的交互。 7. **最佳实践**:为了确保系统稳定和性能,建议定期备份配置,监控队列...

    WebSphere MQ7.0配置与测试(java 源码,含图)

    在本文中,我们将深入探讨如何在WebSphere MQ 7.0版本中进行配置和测试,以及如何通过Java源码实现消息的发送和接收。 首先,我们需要在发送方机器上进行以下配置: 1. 创建一个队列管理器,例如名为"Send",并...

    基于WebSphere MQ发送消息的简单JMS实例

    3. **引入JMS和WebSphere MQ依赖**:在Java项目中,添加WebSphere MQ的JMS API和客户端库。你可以通过Maven或Gradle等构建工具来管理这些依赖。 4. **编写JMS代码**:创建一个Java类,初始化JMS连接工厂、会话、...

    IBMMQ配置SSL连接

    手把手教你怎么配置IBM WEBSPHERE MQ通过SSL连接,附详细步骤和实例代码

    IBM WebSphere MQ Java编程(中文版)

    ### IBM WebSphere MQ Java编程(中文版)知识点详解 #### 一、概述 IBM WebSphere MQ 是一款业界领先的消息中间件产品,它提供了一个可靠、高效的信息传递平台,支持多种平台之间的消息通信。本文档主要介绍了如何...

    mq客户端安装包7.5.0.3

    MQ客户端安装包7.5.0.3是IBM WebSphere MQ客户端的一个版本,它提供了与IBM消息中间件交互的能力。WebSphere MQ,通常简称为MQ,是一个强大的消息传递平台,用于在不同应用程序之间可靠地传输数据,确保了数据的高...

Global site tag (gtag.js) - Google Analytics