Chapter 5 Integrating With WebLogic Server 10.0 : Modifying this Example to Use SSL Communication

Modifying this Example to Use SSL Communication
This section describes how to modify the above example to use SSL communications between the TIBCO Enterprise Message Service server, the WebLogic Server 10.0, and the client program. This section assumes you have already set up and run the example detailed in the previous sections.
Add the SSL JAR Files and New JNDI Properties File to the CLASSPATH
In the directory C:\bea\weblogic10\samples\domains\wl_server, modify the CLASSPATH environment variable in setExamplesEnv.cmd (the examples setup script) and startExamplesServer.cmd (the start script).
To add SSL JAR Files and New JNDI Properties File to the WLS 10.0 CLASSPATH:
1.
Open the setExamplesEnv.cmd and startExamplesServer.cmd files.
2.
   EMS_HOME\jar\tibcrypt.jar;EMS_HOME\jar
3.
Run the setExamplesEnv.cmd command to set up the client environment.
4.
Create a new file named jndi.properties, add the following lines and save it to the directory EMS_HOME\jar.
 
   com.tibco.tibjms.naming.security_protocol=ssl
   com.tibco.tibjms.naming.ssl_enable_verify_host=false
These properties specify that the "SSL" protocol should be used for JNDI lookups and that host verification is turned off (the client will trust any host). JNDI reads this file automatically and adds the properties to the environment of the initial JNDI context.
Configure the TIBCO Enterprise Message Service Server for SSL
In C:\Tibco\EMS\bin\tibemsd.conf, add the following lines:
 
listen = ssl://localhost:7243
ssl_server_identity = certs/server.cert.pem
ssl_server_key = certs/server.key.pem
ssl_password = password
listen = tcp://localhost:7222
These lines explicitly set the TCP and SSL listen ports and specify the three required server-side SSL parameters for identity, private key, and password.
Save the file, then stop and restart the TIBCO Enterprise Message Service server. When the server restarts, you should see messages like the following in the console window confirming SSL is enabled:
 
2008-06-14 10:00:05 Secure Socket Layer is enabled, using openSSL <version>
2008-06-14 10:00:05 Accepting connections on ssl://<machineName>:7243.
2008-06-14 10:00:05 Accepting connections on tcp://<machineName>:7222.
Modify the Example MDB to Use the SSL Protocol
Follow these steps to modify the example MDB:
1.
Change the providerUrl property to tibjmsnaming://localhost:7243.
2.
Change the connectionFactoryJndiName property to SSLTopicConnectionFactory.
After competing the modifications, the foreignJmsProvider tag should look like this:
@ForeignJmsProvider(providerUrl="tibjmsnaming://localhost:7243",
       initialContextFactory="com.tibco.tibjms.naming.TibjmsInitialContextFactory",
       connectionFactoryJndiName="SSLTopicConnectionFactory")
Modify the Example Client Program for SSL-Based Communication
The modifications necessary for the example client program are similar to those that were necessary for MDB:
1.
In Client.java, change the string TopicConnectionFactory or TIB CO.tcf to SSLTopicConnectionFactory.
2.
In Client.java, change the port number from 7222 to 7243 in the URL.
3.
In build.xml, change the port number from 7222 to 7243 for the URL.
Rebuilding and Redeploying the Example MDB
Restart the WebLogic Server Examples Server so that it picks up the SSL related changes to the environment.
From the example MDB source directory, enter the commands:
> ant clean
> ant build
> ant deploy
Running the Example MDB Client with SSL
Create a new command prompt window and run the examples setup script, setExamplesEnv.cmd, so that the SSL related changes to the environment are picked up.
From the example MDB source directory, enter the command:
> ant run
You should see the same messages sent by the client and received by the MDB in the WebLogic server window. You may notice that this example runs slightly slower than the non-SSL version. This is because of the SSL handshake that occurs before the messages are displayed.
To show that SSL communications are in fact occurring, you could remove the SSL settings you added to tibemsd.conf. Then restart the TIBCO Enterprise Message Service server and the WebLogic Server. If you check the WebLogic Server logs, you should see exceptions thrown indicating that it could not connect. If you now run the test program again, you should see that it throws an exception indicating that it could not connect to the server using the SSL protocol. Alternatively (or additionally), you could start the TIBCO Enterprise Message Service server from a command prompt window and turn SSL debug tracing on, as follows:
>tibemsd -ssl_debug_trace
Then, if you re-start WebLogic Server and re-run the test program, you will see SSL debugging output on the tibemsd console window.