Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Configuring TIBCO Web Messaging to Securely Connect to TIBCO EMS

DZone's Guide to

Configuring TIBCO Web Messaging to Securely Connect to TIBCO EMS

· Integration Zone ·
Free Resource

SnapLogic is the leading self-service enterprise-grade integration platform. Download the 2018 GartnerMagic Quadrant for Enterprise iPaaS or play around on the platform, risk free, for 30 days.

If you want to configure your TIBCO Web Messaging gateway, which normally lives in the DMZ, to connect to TIBCO EMS messaging backbone over a TCP connection, the procedure is straightforward. Just point to the TIBCO EMS server hostname and port number, assuming that's already open in the firewall, in the trusted network and that's it.

Something similar to the following service (stomp.jms) configuration should be enough:

<service>
  <accept>ws://${gateway.hostname}:${gateway.nonsecure.port}/jms</accept>
  <type>stomp.jms</type>
    <properties>
      <connection.factory.name>GenericConnectionFactory</connection.factory.name>
      <context.lookup.topic.format>%s</context.lookup.topic.format>
      <context.lookup.queue.format>%s</context.lookup.queue.format>
      <env.java.naming.factory.initial>
            com.tibco.tibjms.naming.TibjmsInitialContextFactory
      </env.java.naming.factory.initial>
      <env.java.naming.provider.url>
            tcp://${EMS.hostname}:${EMS.portNumber}
      </env.java.naming.provider.url>
      <destination.strategy>session</destination.strategy>
    </properties>
    <realm-name>dev_realm</realm-name>
   <authorization-constraint>
      <require-role>AUTHORIZED</require-role>
    </authorization-constraint>
  </service>



Now, if you want to configure an end-to-end secured enabled environment then some extra parameters are necessary to make everything work correctly. The service configuration below will give you what you need (most of them are self-explanatory) to enable that.

<service>
    <accept>wss://${gateway.hostname}:${gateway.secure.port}/jms</accept>
    <type>stomp.jms</type>  
    <properties>
     <connection.factory.name>SecureConnectionFactory</connection.factory.name>
     <context.lookup.topic.format>%s</context.lookup.topic.format>
      <context.lookup.queue.format>%s</context.lookup.queue.format>
      <connection.security.principal>ems_user</connection.security.principal>
      <connection.security.credentials>ems_password</connection.security.credentials>
      <env.java.naming.factory.initial>
          com.tibco.tibjms.naming.TibjmsInitialContextFactory
      </env.java.naming.factory.initial>
      <env.com.tibco.tibjms.naming.security_protocol>
          ssl
      </env.com.tibco.tibjms.naming.security_protocol> 
      <env.java.naming.provider.url>
         ssl://${EMS.hostname}:${EMS.securePortNumber}
      </env.java.naming.provider.url>
      <env.com.tibco.tibjms.naming.ssl_enable_verify_host>
         true
      </env.com.tibco.tibjms.naming.ssl_enable_verify_host>  
      <env.com.tibco.tibjms.naming.ssl_trusted_certs>
         ems_certificate.pem
      </env.com.tibco.tibjms.naming.ssl_trusted_certs> 
      <env.com.tibco.tibjms.naming.ssl_trace>
         true
      </env.com.tibco.tibjms.naming.ssl_trace>
      <destination.strategy>session</destination.strategy>
     </properties>
     <realm-name>dev_realm</realm-name>
     <authorization-constraint>
      <require-role>AUTHORIZED</require-role>
    </authorization-constraint>  
  </service>



The current version of TIBCO Web Messaging also provides you a really nice feature called Reverse Connectivity where you will be able to close all incoming traffic ports while still allowing external clients to initiate the connection. But, this is a topic to be explored on a next post. Stay tuned!

With SnapLogic’s integration platform you can save millions of dollars, increase integrator productivity by 5X, and reduce integration time to value by 90%. Sign up for our risk-free 30-day trial!

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}