If you want to configure your TIBCO Web Messaging gateway, which normally lives in the DMZ, to connect to TIBCO EMS messaging backbone over a TCP connection, the procedure is straightforward. Just point to the TIBCO EMS server hostname and port number, assuming that's already open in the firewall, in the trusted network and that's it.
Something similar to the following service (stomp.jms) configuration should be enough:
<service>
<accept>ws://${gateway.hostname}:${gateway.nonsecure.port}/jms</accept>
<type>stomp.jms</type>
<properties>
<connection.factory.name>GenericConnectionFactory</connection.factory.name>
<context.lookup.topic.format>%s</context.lookup.topic.format>
<context.lookup.queue.format>%s</context.lookup.queue.format>
<env.java.naming.factory.initial>
com.tibco.tibjms.naming.TibjmsInitialContextFactory
</env.java.naming.factory.initial>
<env.java.naming.provider.url>
tcp://${EMS.hostname}:${EMS.portNumber}
</env.java.naming.provider.url>
<destination.strategy>session</destination.strategy>
</properties>
<realm-name>dev_realm</realm-name>
<authorization-constraint>
<require-role>AUTHORIZED</require-role>
</authorization-constraint>
</service>
Now, if you want to configure an end-to-end secured enabled environment then some extra parameters are necessary to make everything work correctly. The service configuration below will give you what you need (most of them are self-explanatory) to enable that.
<service>
<accept>wss://${gateway.hostname}:${gateway.secure.port}/jms</accept>
<type>stomp.jms</type>
<properties>
<connection.factory.name>SecureConnectionFactory</connection.factory.name>
<context.lookup.topic.format>%s</context.lookup.topic.format>
<context.lookup.queue.format>%s</context.lookup.queue.format>
<connection.security.principal>ems_user</connection.security.principal>
<connection.security.credentials>ems_password</connection.security.credentials>
<env.java.naming.factory.initial>
com.tibco.tibjms.naming.TibjmsInitialContextFactory
</env.java.naming.factory.initial>
<env.com.tibco.tibjms.naming.security_protocol>
ssl
</env.com.tibco.tibjms.naming.security_protocol>
<env.java.naming.provider.url>
ssl://${EMS.hostname}:${EMS.securePortNumber}
</env.java.naming.provider.url>
<env.com.tibco.tibjms.naming.ssl_enable_verify_host>
true
</env.com.tibco.tibjms.naming.ssl_enable_verify_host>
<env.com.tibco.tibjms.naming.ssl_trusted_certs>
ems_certificate.pem
</env.com.tibco.tibjms.naming.ssl_trusted_certs>
<env.com.tibco.tibjms.naming.ssl_trace>
true
</env.com.tibco.tibjms.naming.ssl_trace>
<destination.strategy>session</destination.strategy>
</properties>
<realm-name>dev_realm</realm-name>
<authorization-constraint>
<require-role>AUTHORIZED</require-role>
</authorization-constraint>
</service>
The current version of TIBCO Web Messaging also provides you a really nice feature called Reverse Connectivity where you will be able to close all incoming traffic ports while still allowing external clients to initiate the connection. But, this is a topic to be explored on a next post. Stay tuned!
Setting Up Local Environment for Developing Oracle Intelligent Bots Custom Components
Oh the joy of having a local development environment is priceless. For most cloud based solutions the story repeats itself being hard to tr...
-
A few days ago I was helping an Apache user getting the ActiveMQ Web Console up and running on ServiceMix 4.4. At first instance, it seems ...
-
With the proliferation of new device models, form factors and operating systems, you may be thinking about the challenges to make your appl...
-
I just upgraded my machine to Mac OS X (10.6.7) and unfortunately the plugins I have installed with Mac Mail stopped working one more time. ...