Friday, August 16, 2013

IBM ODM Events from Sun JDK (Part 2)

Configuring a Sun JMS client to talk to WAS ...

Today I have to configure IBM ODM Events so that the SunJDK can send messages to it.  There's a few steps.  I'll be working mainly in the Rules Designer.  Review the Part 1 of this Blog Post, which just shows how to get a JMS client talking to ODM in with the IBMJDK.

Sun works with the JKS formatted trust and store files, although you can probably get it to work with the p12 formatted files, I find that converting them over to JKS is the simplest.

Go to your <ODM INSTALL>/bin directory and start ikeyman.  From there open the trust.p12 file.  The default password is WebAS.  And then just save it as trust.jks in the jks format with the same password.  And also do the same for your key.p12 file saving it as key.jks in the jks format.


Now, in Eclipse, copy the security configuration folder that we created in Part 1 and name it SunJDKSecurity.

Edit the ssl.client.props file and change the user.root to point to your current project/SunJDKSecurity folder. To do this right click on the project security folder that you created and select properties.  This will give you the full path to the folder.  Highlight the path and use ctrl-c to copy.  Then ctrl-s to save the file.

In addition you will have to replace some of the IBMJSSE settings with SunJSSE settings in this file. make the following edits.  The big change is modifying the certifcates from .p12 to .jks format.  We'll do that in the next step.

SettingIBMJDK ValueSunJDK Value
com.ibm.ssl.aliasDefaultSSLSettingsDefaultSSLSettings
com.ibm.ssl.protocolSSL_TLSSSL
com.ibm.ssl.securityLevelHIGHHIGH
com.ibm.ssl.trustManagerIbmPKIXPKIX
com.ibm.ssl.keyManagerIbmX509SunX509
com.ibm.ssl.contextProviderIBMJSSE2SunJSSE
com.ibm.ssl.enableSignerExchangePrompguigui
#com.ibm.ssl.keyStoreClientAliasdefault
#com.ibm.ssl.customTrustManagers
#com.ibm.ssl.customKeyManager
#com.ibm.ssl.dynamicSelectionInfo
#com.ibm.ssl.enabledCipherSuites
# KeyStore information
com.ibm.ssl.keyStoreNameClientDefaultKeyStoreClientDefaultKeyStore
com.ibm.ssl.keyStore${user.root}/etc/key.p12${user.root}/etc/key.jks
com.ibm.ssl.keyStorePasswordWebASWebAS
#com.ibm.ssl.keyStorePassword{xor}CDo9Hgw{xor}CDo9Hgw
com.ibm.ssl.keyStoreTypePKCS12JKS
com.ibm.ssl.keyStoreProviderIBMJCESUN
com.ibm.ssl.keyStoreFileBasedTRUETRUE
# TrustStore information
com.ibm.ssl.trustStoreNameClientDefaultTrustStoreClientDefaultTrustStore
com.ibm.ssl.trustStore${user.root}/etc/trust.p12${user.root}/etc/trust.jks
com.ibm.ssl.trustStorePasswordWebASWebAS
#com.ibm.ssl.trustStorePassword{xor}CDo9Hgw{xor}CDo9Hgw
com.ibm.ssl.trustStoreTypePKCS12JKS
com.ibm.ssl.trustStoreProviderIBMJCESUN
com.ibm.ssl.trustStoreFileBasedTRUETRUE
com.ibm.ssl.trustStoreReadOnlyFALSEFALSE




Check that you edited the sas.client.props file and set the following, which you would have done in the part 1 of this Blog)
com.ibm.CORBA.securityServerPort to your correct port, by default it is 2809.
com.ibm.CORBA.loginSource=properties
com.ibm.CORBA.loginUserid=admin and set
com.ibm.CORBA.loginPassword=admin
(Assuming admin/admin for authentication to the SamplesServer)

In project properties, (right click on project, find properties in the menu), go to the Java Builder tab.  Add the j2ee.jar as an External Jars from the <ODM Install Dir>/lib folder.

Now change the the runtime properties that you set in the first part of this exercise so they point to the SunJDKSecurity folder.  In the VM Arguments modify the following:
-Dcom.ibm.SSL.ConfigURL=file:///${project_loc}/SunJDKSecurity/properties/ssl.client.props
-Dcom.ibm.CORBA.ConfigURL=file:///${project_loc}/SunJDKSecurity/properties/sas.client.props


At this point, you should be able to run this app without errors using just the SunJDK.  Next we're going to add an ODM Events Project to the workspace.



No comments:

Post a Comment