Thursday, January 17, 2013

Configuring TIBCO Web Messaging to Securely Connect to TIBCO EMS

If you want to configure your TIBCO Web Messaging gateway, which normally lives in the DMZ, to connect to TIBCO EMS messaging backbone over a TCP connection, the procedure is straightforward. Just point to the TIBCO EMS server hostname and port number, assuming that's already open in the firewall, in the trusted network and that's it.

Something similar to the following service (stomp.jms) configuration should be enough:

<service>
  <accept>ws://${gateway.hostname}:${gateway.nonsecure.port}/jms</accept>
  <type>stomp.jms</type>
    <properties>
      <connection.factory.name>GenericConnectionFactory</connection.factory.name>
      <context.lookup.topic.format>%s</context.lookup.topic.format>
      <context.lookup.queue.format>%s</context.lookup.queue.format>
      <env.java.naming.factory.initial>
            com.tibco.tibjms.naming.TibjmsInitialContextFactory
      </env.java.naming.factory.initial>
      <env.java.naming.provider.url>
            tcp://${EMS.hostname}:${EMS.portNumber}
      </env.java.naming.provider.url>
      <destination.strategy>session</destination.strategy>
    </properties>
    <realm-name>dev_realm</realm-name>
    <authorization-constraint>
      <require-role>AUTHORIZED</require-role>
    </authorization-constraint>
  </service>

Now, if you want to configure an end-to-end secured enabled environment then some extra parameters are necessary to make everything work correctly. The service configuration below will give you what you need (most of them are self-explanatory) to enable that.

<service>
    <accept>wss://${gateway.hostname}:${gateway.secure.port}/jms</accept>
    <type>stomp.jms</type>  
    <properties>
     <connection.factory.name>SecureConnectionFactory</connection.factory.name>
      <context.lookup.topic.format>%s</context.lookup.topic.format>
      <context.lookup.queue.format>%s</context.lookup.queue.format>
      <connection.security.principal>ems_user</connection.security.principal>
      <connection.security.credentials>ems_password</connection.security.credentials>
      <env.java.naming.factory.initial>
          com.tibco.tibjms.naming.TibjmsInitialContextFactory
      </env.java.naming.factory.initial>
      <env.com.tibco.tibjms.naming.security_protocol>
          ssl
      </env.com.tibco.tibjms.naming.security_protocol> 
      <env.java.naming.provider.url>
         ssl://${EMS.hostname}:${EMS.securePortNumber}
      </env.java.naming.provider.url>
      <env.com.tibco.tibjms.naming.ssl_enable_verify_host>
         true
      </env.com.tibco.tibjms.naming.ssl_enable_verify_host>  
      <env.com.tibco.tibjms.naming.ssl_trusted_certs>
         ems_certificate.pem
      </env.com.tibco.tibjms.naming.ssl_trusted_certs> 
      <env.com.tibco.tibjms.naming.ssl_trace>
         true
      </env.com.tibco.tibjms.naming.ssl_trace>
      <destination.strategy>session</destination.strategy>
     </properties>
     <realm-name>dev_realm</realm-name>
     <authorization-constraint>
      <require-role>AUTHORIZED</require-role>
    </authorization-constraint>  
  </service>

The current version of TIBCO Web Messaging also provides you a really nice feature called Reverse Connectivity where you will be able to close all incoming traffic ports while still allowing external clients to initiate the connection. But, this is a topic to be explored on a next post. Stay tuned!

7 comments:

  1. Hi Marcello

    I get javax.naming.ServiceUnavailableException. Failed to query JNDI. Failed to connnect to the server at tcp://...."

    EMS is running
    Its listening ports are open

    Any idea?

    ReplyDelete
  2. If after starting TIBCO Web Messaging for TIBCO Enterprise Message Service™, you see the following error:

    javax.naming.ServiceUnavailableException: Failed to query JNDI: Failed to connect to the server at tcp://localhost:7222 [Root exception is javax.jms.JMSException: Failed to connect to the server at tcp://localhost:7222] at com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:669) at com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:489) at javax.naming.InitialContext.lookup(InitialContext.java:392) at com.kaazing.gateway.jms.server.service.StompJmsService.initHandler(StompJmsService.java:96) at com.kaazing.gateway.jms.server.service.AbstractStompService.init(AbstractStompService.java:115) at com.kaazing.gateway.jms.server.service.AbstractStompFanoutService.init(AbstractStompFanoutService.java:60) at com.kaazing.gateway.jms.server.service.StompJmsService.init(StompJmsService.java:53) at com.kaazing.gateway.server.context.resolve.DefaultServiceContext.init(DefaultServiceContext.java:461) at com.kaazing.gateway.server.Gateway.init(Gateway.java:41) at com.kaazing.gateway.server.api.EmbeddedGateway.launch(EmbeddedGateway.java:237) at com.kaazing.gateway.server.Main.main(Main.java:31)

    This error may occur if you have not started TIBCO EMS before starting TIBCO Web Messaging for TIBCO Enterprise Message Service™.

    To resolve this issue, start TIBCO EMS, then restart TIBCO Web Messaging for TIBCO Enterprise Message Service™.

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. C:\tibco\webmsgems\3.5\bin>gateway.start
    INFO TIBCO Web Messaging for TIBCO Enterprise Message Service(tm) (3.5.0.44)
    INFO Configuration file: C:\tibco\webmsgems\3.5\conf\gateway-config.xml
    INFO Checking license information
    INFO Found license: TIBCO License for EMS, Maximum 2000 connections, See license.txt
    INFO Stopping server
    INFO Stopping management
    INFO jmx://localhost:2020/
    INFO Stopped management
    INFO Stopping services
    INFO http://localhost:8000/
    INFO http://localhost:8001/
    INFO http://localhost:8001/session
    INFO ws://localhost:8001/echo
    INFO ws://localhost:8001/jms
    INFO Stopped services
    INFO Stopped server successfully in 0.016 secs at 2013-05-23 04:50:28
    ERROR Error starting Gateway: caught exception javax.naming.ServiceUnavailableException:
    Failed to query JNDI: Failed to connect to the server at tcp://{EME server ip adress}:{port}
    [Root exception is javax.jms.JMS ..............
    ...
    ...(error stack description redacted)
    ...
    INFO Stopping server
    INFO Stopping management
    INFO jmx://localhost:2020/
    INFO Stopped management
    INFO Stopping services
    INFO http://localhost:8000/
    INFO http://localhost:8001/
    INFO http://localhost:8001/session
    INFO ws://localhost:8001/echo
    INFO ws://localhost:8001/jms
    INFO Stopped services
    INFO Stopped server successfully in 0.000 secs at 2013-05-23 04:50:28

    ReplyDelete
  5. That proves that the TWM machine is not able to connect to EMS.

    ReplyDelete
  6. Hi Marcelo

    Thank you for your response. It worked for me after opening the appropriate port on the firewall. The network admin help me do that. TWM is up and running. :)

    ReplyDelete
  7. Tibco Spotfire Online Training
    If you are seeking training and support you can reach me on 91-9000444287.
    Tibco Spotfire Course contents
    Tibco Spotfire is an analytics and business intelligence platform for analysis of data by predictive and complex statistics. Spot fire Training is a uniquely designed learning experience. Though the use of role-based, process-driven, hands-on learning approaches, we provide a variety of delivery vehicles to suit the board range of learning styles across our organization.
    Course Contents
    Introduction to Spot fire
    http://www.21cssindia.com/courses/tibco-spotfire-online-training-236.html

    ReplyDelete