This section describes how to modify the above example to use SSL communications between the TIBCO Enterprise Message Service server, the WebLogic 7.0 Server, and the client program. This section assumes you have already set up and run the example detailed in the previous sections.
The following JAR files distributed with TIBCO Enterprise Message Service must be added to the CLASSPATH
:
You can add them to the extEnv.cmd
file that you created in Adding TIBCO Enterprise Message Service to the WebLogic Server CLASSPATH.
Next, create a new file named jndi.properties
containing the following lines:
Save the file to directory C:\Tibco\EMS\clients\java
. This directory must then also be added to the CLASSPATH
in extEnv.cmd
.
These properties specify that the "SSL" protocol should be used for JNDI lookups and that host verification is turned off (the client will trust any host). JNDI reads this file automatically and adds the properties to the environment of the initial JNDI context.
In C:\Tibco\EMS\bin\tibemsd.conf
, add the following lines:
listen = ssl://localhost:7243 ssl_server_identity = certs/server.cert.pem ssl_server_key = certs/server.key.pem ssl_password = password listen = tcp://localhost:7222
These lines explicitly set the tcp
and ssl
listen ports and specify the three required server-side SSL parameters: identity, private key, and password.
Save the file, then stop and restart the TIBCO Enterprise Message Service server. When the server restarts, you should see messages like the following in the console window confirming SSL is enabled:
2002-03-19 13:48:34 Secure Socket Layer is enabled. 2002-03-19 13:48:34 Accepting connections on ssl://localhost:7243. 2002-03-19 13:48:34 Accepting connections on tcp://localhost:7222.
Modify the file weblogic-ejb-jar.xml
to change the values of the JNDI provider URL and the connection factory JNDI name, as follows:
<provider-url> tibjmsnaming://localhost:7243 </provider-url> <connection-factory-jndi-name> SSLTopicConnectionFactory </connection-factory-jndi-name>
The provider URL is changed to connect to port 7243 (instead of 7222), and the connection factory JNDI name is changed to specify the SSL-based topic connection factory that comes preconfigured in TIBCO Enterprise Message Service.
The modifications necessary for the example client program are similar to those that were necessary for MDB:
Restart the WebLogic Server Examples Server so that it picks up the changes to the environment.
From the example MDB source directory, enter the command:
As the build completes, you should see messages in the WebLogic Server Examples Server window indicating that it is activating the "message" application.
Create a new command prompt window and run the examples setup script so that the changes to the environment are picked up.
From the example MDB source directory, enter the command:
You should see the same messages sent by the client and received by the MDB in the WebLogic server window. You may notice that this example runs slightly slower than the non-SSL version. This is because of the SSL handshake that occurs before the messages are displayed.
To show that SSL communications are in fact occurring, you could remove the SSL settings you added to tibemsd.conf
. Then restart the TIBCO Enterprise Message Service server and the WebLogic Server. If you check the WebLogic Server logs, you should see exceptions thrown indicating that it could not connect. If you now run the test program again, you should see that it throws an exception indicating that it could not connect to the server using the SSL protocol.
Alternatively (or additionally), you could start the TIBCO Enterprise Message Service server from a command prompt window and turn SSL debug tracing on, as follows:
Then, if you re-start WebLogic Server and re-run the test program, you will see SSL debugging output on the tibemsd
console window.
TIBCO Enterprise Message Service™ Application Integration Guide Software Release 4.3, February 2006 Copyright © TIBCO Software Inc. All rights reserved www.tibco.com |