darrenzhu
- 浏览: 781394 次
- 性别:
- 来自: 上海
-
文章分类
- 全部博客 (360)
- Java (101)
- JPA/Hibernate (10)
- Spring (14)
- Flex/BlazeDS (37)
- Database (30)
- Lucene/Solr/Nutch (0)
- Maven/Ant (25)
- CXF/WebService (3)
- RPC/RMI/SOAP/WSDL (1)
- REST (6)
- TDD/BDD/JUnit (1)
- Servlet/JSP (2)
- AI/MachineLearning (3)
- Resource (1)
- 字符编码 (2)
- OOA/OOPS/UML (5)
- DesignPattern (8)
- 算法与数据结构 (11)
- Web&App Server (13)
- 并发&异步&无阻塞 (7)
- Entertainment (4)
- JavaScript/ExtJS (45)
- CodeStyle&Quality (1)
- svn/git/perforce (8)
- JSON (2)
- JavaScriptTesting (4)
- Others (6)
- RegularExpression (2)
- Linux/Windows (12)
- Protocal (2)
- Celebrities (1)
- Interview (1)
- 计算机语言 (1)
- English (2)
- Eclipse (5)
- TimeZone/时区 (1)
- Finance (1)
- 信息安全 (1)
- JMS/MQ (2)
- XSD/XML/DTD (3)
- Android (4)
- 投资 (3)
- Distribution (3)
- Excel (1)
最新评论
-
qdujunjie:
如果把m换成具体的数字,比如4或者5,会让读者更明白
m阶B树中“阶”的含义 -
java-admin:
不错,加油,多写点文章
关于Extjs的mixins和plugin -
xiehuaidong880827:
你好,我用sencha cmd打包完本地工程后,把app.js ...
ExtJS使用Sencha Cmd合并javascript文件为一个文件 -
KIWIFLY:
lwpan 写道inverse = "true&qu ...
Hibernate中什么时候使用inverse=true -
luedipiaofeng:
good
消除IE stop running this script弹出框
IBM官方配置指南
http://www-01.ibm.com/support/docview.wss?uid=swg24010367
另外可以参考IBM关于Security方面的详细文档
http://www.slideshare.net/MoragHughson/websphere-mq-v8-security-deep-dive
直接使用Java配置SSL
/********************************************************************/
/* */
/* Program name: SSLSample */
/* */
/* Description: Sample Java program that demonstrates how to */
/* specify SSL client connection information for a */
/* MQQueueManager connection. */
/* */
/* <START_COPYRIGHT> */
/* Licensed Materials - Property of IBM */
/* */
/* (C) Copyright IBM Corp. 2006,2009 All Rights Reserved. */
/* */
/* US Government Users Restricted Rights - Use, duplication or */
/* disclosure restricted by GSA ADP Schedule Contract with */
/* IBM Corp. */
/* <END_COPYRIGHT> */
/* */
/********************************************************************/
/* */
/* Overview: */
/* */
/* This sample is provided with WebSphere MQ SupportPac MO04 - */
/* WebSphere MQ SSL Wizard. The wizard will generate command line */
/* options to be used with this program. */
/* */
/* It is assumed that the SSL server connection channel and other */
/* SSL administration, as instructed by the wizard, has been */
/* completed before running this program. */
/* */
/* If the SSL connection is successful the program should output: */
/* */
/* "Connection Successful!" */
/* */
/********************************************************************/
/* */
/* Function: */
/* */
/* SSLSample is a sample Java program that demonstrates how to */
/* supply SSL information for a client connection on a */
/* MQQueueManager connection. */
/* */
/* The sample simply connects to the queue manager by */
/* constructing the MQQueueManager object and then disconnects */
/* using the MQQueueManager disconnect method. */
/* */
/********************************************************************/
/* */
/* Usage: */
/* */
/* SSLSample has 7 parameters, all of which are mandatory: */
/* */
/* java SSLSample Conname Port SvrconnChannelName */
/* QMgrName SSLCiph SSLKeyr SSLKeyrPassword */
/* */
/* The parameters are: */
/* */
/* Conname - the connection name of the server queue */
/* manager in the same format as the CONNAME */
/* parameter on the MQSC DEFINE CHANNEL command, */
/* but without the port specified. */
/* */
/* Port - the connection port of the server queue */
/* manager. */
/* */
/* SvrconnChannelName */
/* - the name of the server connection channel */
/* on the server queue manager with which the */
/* sample program will try to connect. */
/* */
/* QMgrName - the name of the server queue manager. */
/* */
/* SSLCiph - the SSL CipherSpec. */
/* */
/* SSLKeyr - the name of a single store, which is both the */
/* keystore and truststore. */
/* */
/* SSLKeyrPassword */
/* - the SSL key repository password. */
/* */
/* For example: */
/* */
/* java SSLSample myhost1 1414 SSL.SVRCONN QM1 NULL_MD5 */
/* C:\mq\ssl\client.kdb password */
/* */
/********************************************************************/
import java.util.Hashtable;
import com.ibm.mq.*; //Include the WebSphere MQ classes for Java package
import com.ibm.mq.constants.MQConstants;
public class SSLSample {
// define the parms
private static String conname ;
private static String port ;
private static String channel ;
private static String qmgr ;
private static String sslciph ;
private static String sslkeyr ;
private static String sslpass ;
public static void main(String args[]) {
/****************************************************************/
/* Check for correct number of arguments */
/****************************************************************/
if (args.length == 7) {
conname = args[0];
port = args[1];
channel = args[2];
qmgr = args[3];
sslciph = args[4];
sslkeyr = args[5];
sslpass = args[6];
}
else {
System.out.println("Usage parms: Conname Port Channel Qmgr SSLCiph SSLStore SSLKeyStorePassword");
System.out.println(" NOTE - SSLStore is the name of a single store, which is both the keystore and truststore.");
return;
}
new SSLSample().runSample();
}
public void runSample() {
//System.setProperty("javax.net.debug", "true");
/****************************************************************/
/* Utilise the arguments */
/****************************************************************/
System.setProperty("javax.net.ssl.trustStore", sslkeyr );
System.setProperty("javax.net.ssl.keyStore", sslkeyr );
System.setProperty("javax.net.ssl.keyStorePassword", sslpass );
MQEnvironment.hostname = conname;
MQEnvironment.port = Integer.parseInt(port);
MQEnvironment.channel = channel;
MQEnvironment.properties.put(MQConstants.SSL_CIPHER_SUITE_PROPERTY,sslciph);
/****************************************************************/
/* Print out parms */
/****************************************************************/
System.out.println("Connecting to:");
System.out.println(" Conname = " + MQEnvironment.hostname);
System.out.println(" Port = " + MQEnvironment.port);
System.out.println(" Channel = " + MQEnvironment.channel);
System.out.println(" Qmgr = " + qmgr);
System.out.println(" SSLCiph = "+ MQEnvironment.properties.get(MQConstants.SSL_CIPHER_SUITE_PROPERTY));
System.out.println(" SSLTrustStore = "+ System.getProperty("javax.net.ssl.trustStore"));
System.out.println(" SSLKeyStore = "+ System.getProperty("javax.net.ssl.keyStore"));
System.out.println(" SSLKeyStorePassword = "+ System.getProperty("javax.net.ssl.keyStorePassword"));
try {
/**************************************************************/
/* Connect to queue manager */
/**************************************************************/
System.out.println("Connecting...");
MQQueueManager qMgr = new MQQueueManager(qmgr);
System.out.println("Connection successful!");
/**************************************************************/
/* Disconnect from queue manager */
/**************************************************************/
System.out.println("Disconnecting from the Queue Manager");
qMgr.disconnect();
System.out.println("Done!");
}
catch (MQException ex) {
System.out.println("A WebSphere MQ Error occured : Completion Code "
+ ex.completionCode + " Reason Code " + ex.reasonCode);
}
}
}
使用JMS配置SSL
/********************************************************************/
/* */
/* Program name: SSLSampleJMS */
/* */
/* Description: Sample JMS program that demonstrates how to */
/* specify SSL client connection information for a */
/* MQQueueConnectionFactory connection. */
/* */
/* <START_COPYRIGHT> */
/* Licensed Materials - Property of IBM */
/* */
/* (C) Copyright IBM Corp. 2006, 2009 All Rights Reserved. */
/* */
/* US Government Users Restricted Rights - Use, duplication or */
/* disclosure restricted by GSA ADP Schedule Contract with */
/* IBM Corp. */
/* <END_COPYRIGHT> */
/* */
/********************************************************************/
/* */
/* Overview: */
/* */
/* This sample is provided with WebSphere MQ SupportPac MO04 - */
/* WebSphere MQ SSL Wizard. The wizard will generate command line */
/* options to be used with this program. */
/* */
/* It is assumed that the SSL server connection channel and other */
/* SSL administration, as instructed by the wizard, has been */
/* completed before running this program. */
/* */
/* If the SSL connection is successful the program should output: */
/* */
/* "Connection Successful!" */
/* */
/********************************************************************/
/* */
/* Function: */
/* */
/* SSLSampleJMS is a sample Java program that demonstrates how to */
/* supply SSL information for a client connection on a */
/* MQQueueConnectionFactory connection. */
/* */
/* The sample simply connects to the queue manager. */
/* */
/********************************************************************/
/* */
/* Usage: */
/* */
/* SSLSampleJMS has 7 parameters, all of which are mandatory: */
/* */
/* java SSLSampleJMS Conname Port SvrconnChannelName */
/* QMgrName SSLCiph SSLKeyr SSLKeyrPassword */
/* */
/* The parameters are: */
/* */
/* Conname - the connection name of the server queue */
/* manager in the same format as the CONNAME */
/* parameter on the MQSC DEFINE CHANNEL command, */
/* but without the port specified. */
/* */
/* Port - the connection port of the server queue */
/* manager. */
/* */
/* SvrconnChannelName */
/* - the name of the server connection channel */
/* on the server queue manager with which the */
/* sample program will try to connect. */
/* */
/* QMgrName - the name of the server queue manager. */
/* */
/* SSLCiph - the SSL CipherSpec. */
/* */
/* SSLKeyr - the name of a single store, which is both the */
/* keystore and truststore. */
/* */
/* SSLKeyrPassword */
/* - the SSL key repository password. */
/* */
/* For example: */
/* */
/* java SSLSampleJMS myhost1 1414 SSL.SVRCONN QM1 */
/* NULL_MD5 C:\mq\ssl\client.kdb password */
/* */
/********************************************************************/
import javax.jms.*;
import com.ibm.mq.*;
import com.ibm.mq.jms.*;
import com.ibm.mq.jms.services.*;
import com.ibm.msg.client.wmq.common.CommonConstants;
//import com.ibm.mq.constants.MQConstants;
public class SSLSampleJMS {
private static String conname ;
private static String port ;
private static String channel ;
private static String qmgr ;
private static String sslciph ;
private static String sslkeyr ;
private static String sslpass ;
private MQQueueConnectionFactory qcf;
private QueueConnection queueCon;
private QueueSession queueSession;
public static void main(String args[]) {
/**************************************************************/
/* Check for correct number of arguments */
/**************************************************************/
if (args.length == 7) {
conname = args[0];
port = args[1];
channel = args[2];
qmgr = args[3];
sslciph = args[4];
sslkeyr = args[5];
sslpass = args[6];
}
else {
System.out.println("Usage parms: Conname Port Channel Qmgr SSLCiph SSLStore SSLKeyStorePassword");
System.out.println(" NOTE - SSLStore is the name of a single store, which is both the keystore and truststore.");
return;
}
new SSLSampleJMS().runSample();
}
public void runSample() {
//System.setProperty("javax.net.debug", "true");
/****************************************************************/
/* Utilise the arguments */
/****************************************************************/
System.setProperty("javax.net.ssl.trustStore", sslkeyr );
System.setProperty("javax.net.ssl.keyStore", sslkeyr );
System.setProperty("javax.net.ssl.keyStorePassword", sslpass );
try {
/**************************************************************/
/* Utilise the arguments */
/**************************************************************/
qcf = new MQQueueConnectionFactory();
qcf.setHostName(conname);
qcf.setPort(Integer.parseInt(port));
qcf.setQueueManager(qmgr);
qcf.setChannel(channel);
qcf.setTransportType(CommonConstants.WMQ_CM_CLIENT);
qcf.setSSLCipherSuite(sslciph);
/**************************************************************/
/* Print out parms */
/**************************************************************/
System.out.println("Connecting to:");
System.out.println(" Conname = " + qcf.getHostName());
System.out.println(" Port = " + qcf.getPort());
System.out.println(" Channel = " + qcf.getChannel());
System.out.println(" Qmgr = " + qcf.getQueueManager());
System.out.println(" SSLCiph = "+ qcf.getSSLCipherSuite());
System.out.println(" SSLTrustStore = "+ System.getProperty("javax.net.ssl.trustStore"));
System.out.println(" SSLKeyStore = "+ System.getProperty("javax.net.ssl.keyStore"));
System.out.println(" SSLKeyStorePassword = "+ System.getProperty("javax.net.ssl.keyStorePassword"));
/**************************************************************/
/* Connect to queue manager */
/**************************************************************/
queueCon = qcf.createQueueConnection();
queueSession = queueCon.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
System.out.println("Connection Successful!" );
} catch(Exception e){
e.printStackTrace();
}
}
}
http://www.ibm.com/developerworks/cn/websphere/library/techarticles/0510_fehners/0510_fehners.html
http://www.ibm.com/developerworks/cn/websphere/techjournal/0211_yusuf/yusuf.html
Troubleshooting Java/JMS SSL Configurations
http://www-01.ibm.com/support/docview.wss?uid=swg21614686
Can I use the same keystore for AMS as used for MQ SSL?
http://stackoverflow.com/questions/4271116/wmq-ams-keystore
You can, but also have the option to use separate certs and/or keystores if you want. The keystore.conf file contains the details of the keystore and the label of the certificate that AMS will use for encrypting and signing messages. This can point to the same certificate as used by the application for making connections to WebSphere MQ, the same certificate the app server uses for SSL connections or an entirely separate keystore dedicated to AMS.
The key (excuse the pun) is to manage the keystores based on the security model required. The app server's keystore probably has a number of external-facing certificates in its trust store. For example, it might trust several commercial certificate authorities. The AMS keystore must contain the certificates of anyone who will be signing or encrypting messages that your app will consume or receiving encrypted messages from your app. Since these are usually internal-facing it might be worthwhile to use a separate keystore for AMS than is used for external-facing entities. Otherwise the two different security models (internal-facing and external-facing) end up trusting each others participants.
This is just one example and in general the idea is to construct the keystores based on the specific security model required and using a least-trust principle. You have to balance the cost of maintaining separate keystores against the extra security of maintaining individual ones.
Secure Your Messages with IBM MQ Advanced Message Security
http://www.slideshare.net/MoragHughson/ame2286-ams
Key slides
分享到:
发表评论
相关推荐
Websphere MQ JavaJMS 客户端的 SSL 配置.doc
WebSphere MQ配置.rar WebSphere MQ配置.rar WebSphere MQ配置.rar
本人自学IBM的WebSphereMQ自学笔记,内有MQ安装文档,建MQ的例子等。 1、 MQ6.0安装 2 1.1 启动MQ v6.0 安装程序 2 1.2 软件需求检查 2 1.3 WebSphere Eclipse Platform V3.0.1软件安装 2 1.4 网络配置检查 3 1.5 ...
用jms 向webshpere mq里发送消息
WebSphere MQ7.0配置与测试 WebSphere MQ发送接收消息的实现 附java 源码
Java下操作IBM Websphere MQ的项目案例, eclipse工程压缩包, 导入直接可用.
12.2.2 WebSphere MQ for Java的运行环境 159 12.3 使用WebSphere MQ for Java 161 12.3.1客户机连接模式 161 12.3.2绑定模式 162 12.3.3 类库 162 12.4用WebSphere MQ Java API开展工作 164 12.4.1 设置连接 164 ...
Java连接IBM WebSphere MQ 7处理队列信息所需jar包,从安装目录直接打的包。主要包括: /com.ibm.mq.commonservices.jar /com.ibm.mq.defaultconfig.jar /com.ibm.mq.fta.jar /com.ibm.mq.headers.jar /...
WebSphere® MQ (也称MQSeries)以一致的、可靠的和易于管理的方式来连接应用程序,并为跨部门、企业范围的集成提供了可靠的基础。通过为重要的消息和事务提供可靠的、一次且仅一次的传递,Websphere MQ 可以处理...
WebSphere MQ Using Java,MQ作为一种中间件还是不错的,可以由一个系统发送一些消息给MQ Server,然后另外一个系统来取得这些消息。比较方便的实现不同系统、不同语言间的通信。
Websphere Message Broker实践,WebSphere MQ Java编程,Message Broker 计时器节点编程模式,MessageBroker TCPIP通信协议,wmb关于ws服务的引用,WMB连接oracle数据库实践,全部组件
IBM WebSphere MQ是IBM业界领先面向消息的中间件产品,也是MQ系列产品的基础和核心,它使不同的应用程序能够以企业级的性能,在广泛的平台上安全而可靠地通讯。
Websphere MQ using java. Websphere MQ class for java and JMS.
Websphere MQ Programming Guide,Websphere MQ Using C++,WebSphere MQ Using Java,WEBSPHERE MQ6.0 JAVA编程,WebSphere MQ基础教程,IBM WEBSPHERE MQ教程,精通WebSphere MQ,WebSphere MQ开发快速入门,IBM ...
本书适用于管理WebSphere MQ 的配置和管理任务的系统管理员和系统程序员。对于那些必须理解WebSphere MQ 管理任务的应用程序员也是有帮助的。要使用本书,您需要对此处描述的操作系统和其相关联的实用程序有很好的...
IBM WebSphere MQ Java编程(中文版) [消息中间件]
第二部分 WebSphere MQ系统管理,分为六章,分别介绍安装、配置、管理、控制命令和问题确定;第三部分 WebSphere MQ应用开发,由五章组成,介绍程序设计、编写和例子程序。 本书是WebSphere MQ产品的实用指南,...
Java 通过PCF连接WebSphere MQ7.1以上版本获取数据。!!!
Websphere MQ java编程发送和接收代码
IBM WEBSPHERE MQ 客户端--服务器端安装配置