| Author |
Message
|
| kuzman |
 Posted: Tue May 03, 2011 8:12 am Post subject: Https web service calling |
 |
|
Apprentice
Joined: 24 Aug 2010
Posts: 27
|
Hi,
I would like to call https webservice.
I have imported the key(cer) in my broker keystore successfully.
My broker is configured as following:
mqsireportproperties WMB01P -o BrokerRegistry -r
BrokerRegistry
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile='brokerkeyswin.jks'
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile='brokerkeyswin.jks'
brokerTruststorePass='brokerTruststore::password'
httpConnectorPortRange=''
httpsConnectorPortRange=''
operationMode='enterprise'
shortDesc=''
longDesc=''
The command:
gsk7cmd -cert -details -db brokerkeyswin.jks -label mylabel
Gave back my certificaty details.
If I call the WS from the flow with http request node I got the following exception:
(0x01000000:Name ):SocketException = (
(0x03000000:NameValue):File = '/build/S700_P/src/WebServices/WSLibrary/ImbSocket.cpp' (CHARACTER)
(0x03000000:NameValue):Line = 1007 (INTEGER)
(0x03000000:NameValue):Function = 'ImbSocketJNIManager::handleGeneralJavaException' (CHARACTER)
(0x03000000:NameValue):Type = '' (CHARACTER)
(0x03000000:NameValue):Name = '' (CHARACTER)
(0x03000000:NameValue):Label = '' (CHARACTER)
(0x03000000:NameValue):Catalog = 'BIPmsgs' (CHARACTER)
(0x03000000:NameValue):Severity = 1 (INTEGER)
(0x03000000:NameValue):Number = 3165 (INTEGER)
(0x03000000:NameValue):Text = 'An error occurred whilst performing an SSL socket operation' (CHARACTER)
(0x01000000:Name ):Insert = (
(0x03000000:NameValue):Type = 5 (INTEGER)
(0x03000000:NameValue):Text = 'createSocket' (CHARACTER)
)
(0x01000000:Name ):Insert = (
(0x03000000:NameValue):Type = 5 (INTEGER)
(0x03000000:NameValue):Text = 'java.net.SocketException: java.security.NoSuchAlgorithmException: SSLContext Default implementation not found: ' (CHARACTER)
) |
|
| Back to top |
|
 |
| Vitor |
| Posted: Tue May 03, 2011 9:19 am Post subject: Re: Https web service calling |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| kuzman wrote: |
mqsireportproperties WMB01P -o BrokerRegistry -r
|
Are the other properties indicated in the documentation also correctly set (as indicated by their mqsireportproperties?
Did you perform the configuration test indicated in the documentation? Was that successful?
Is this your "real" flow or a simpler test harness to demonstrate correct SSL configuration? If the former, have you considered the latter to iron out any issues?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| kuzman |
| Posted: Tue May 03, 2011 11:11 pm Post subject: |
|
|
Apprentice
Joined: 24 Aug 2010
Posts: 27
|
The checks are:
mqsireportproperties WMB01P -o BrokerRegistry -r
BrokerRegistry
uuid='BrokerRegistry'
brokerKeystoreType='JKS'
brokerKeystoreFile='brokerkeyswin.jks'
brokerKeystorePass='brokerKeystore::password'
brokerTruststoreType='JKS'
brokerTruststoreFile='brokerkeyswin.jks'
brokerTruststorePass='brokerTruststore::password'
httpConnectorPortRange=''
httpsConnectorPortRange=''
operationMode='enterprise'
shortDesc=''
longDesc=''
Check exec level:
mqsireportproperties WMB01P -e WebSrv -o ComIbmJVMManager -r
ComIbmJVMManager
uuid='ComIbmJVMManager'
userTraceLevel='none'
traceLevel='none'
userTraceFilter='none'
traceFilter='none'
resourceStatsReportingOn='inactive'
resourceStatsMeasurements='<ResourceStatsSwitches ResourceType="JVM" version='1'> <Measurement name="CommittedMemoryInMB" collect="on" /> <Measurement name="CumulativeGCTimeInSeconds" collect="on" /> <Measurement name="CumulativeNumberOfGCCollections" collect="on" /> <Measurement name="InitialMemoryInMB" collect="on" /> <Measurement name="MaxMemoryInMB" collect="on" /> <Measurement name="UsedMemoryInMB" collect="on" /> </ResourceStatsSwitches>'
jvmVerboseOption='none'
jvmDisableClassGC='false'
jvmShareClasses='false'
jvmNativeStackSize='-1'
jvmJavaOSStackSize='-1'
jvmMinHeapSize='33554432'
jvmMaxHeapSize='-1'
jvmDebugPort='2112'
keystoreType=''
keystoreFile=''
keystorePass=''
truststoreType=''
truststoreFile=''
truststorePass=''
From the debugport the configs are emtpy. Was the deployment unsuccessfull? The previous check "BrokerRegistry" shows the keytore (jks) file name and others..
I have made the following steps to configure the key to the broker (not for the execution group):
mqsichangeproperties WMB01P -o BrokerRegistry -n brokerKeystoreFile -v BrokerKeystore.jks
mqsichangeproperties WMB01P -o BrokerRegistry -n brokerTruststoreFile -v BrokerKeystore.jks
mqsistop WMB01P
mqsisetdbparms WMB01P -n brokerKeystore::password -u ignore -p password
mqsisetdbparms WMB01P -n brokerTruststore::password -u ignore -p password
mqsistart WMB01P
It is not the final version. The flow has manly a httprequest node the make a request.
Should I set the certificate label or something in the flow or the broker automticly search and use the proper key to call https request? |
|
| Back to top |
|
|
| kuzman |
| Posted: Wed May 04, 2011 1:24 am Post subject: |
|
|
Apprentice
Joined: 24 Aug 2010
Posts: 27
|
I try to get existing https address, but I sill have the errors above..
Paralelly I am working on create(provide) https web service also.
and I have also made the following commands:
https->7085 port
mqsichangeproperties WMB01P -b httplistener -o HTTPListener -n enableSSLConnector -v true
mqsichangeproperties WMB01P -b httplistener -o HTTPSConnector -n keystoreFile -v brokerkeyswin.jks
mqsichangeproperties WMB01P -b httplistener -o HTTPSConnector -n keystorePass -v password
mqsichangeproperties WMB01P -b httplistener -o HTTPSConnector -n port -v 7085
Check:
mqsireportproperties WMB01P -b httplistener -o HTTPSConnector -a
HTTPSConnector
uuid='HTTPSConnector'
algorithm='Platform Default'
clientAuth='Platform Default'
keystoreFile='brokerkeyswin.jks'
keystorePass='*********'
keystoreType='Platform Default'
sslProtocol='Platform Default'
ciphers='Platform Default'
address=''
port='7085'
allowTrace=''
maxPostSize=''
acceptCount=''
bufferSize=''
compressableMimeTypes=''
compression=''
connectionLinger=''
connectionTimeout=''
maxHttpHeaderSize=''
maxKeepAliveRequests=''
maxSpareThreads=''
maxThreads=''
minSpareThreads=''
noCompressionUserAgents=''
restrictedUserAgents=''
socketBuffer=''
tcpNoDelay=''
enableLookups='false'
I have checked the computer with portscan and it does not have any opened port at: 7085 |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed May 04, 2011 1:31 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Two points to consider
1) After setting the HTTPS port on the broker, did you restart it?
2) Have you checked that there are no firewall rules preventing the portscan from seeing the HTTPS port.
The solution COULD be 1 or 2 or even both points.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| kuzman |
| Posted: Wed May 04, 2011 1:43 am Post subject: |
|
|
Apprentice
Joined: 24 Aug 2010
Posts: 27
|
| yes of course. I have restarted the broker and there is no firewall. |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed May 04, 2011 2:42 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Perhaps it might be like this.
The HTTPS listener is not started until such time as there is something actually deployed to listen for an incoming HTTPS connection.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| kuzman |
| Posted: Wed May 04, 2011 2:46 am Post subject: |
|
|
Apprentice
Joined: 24 Aug 2010
Posts: 27
|
| I have deployed one flow what act as https web service(SOAP ode) and I checked the https checkbox inside the flow. |
|
| Back to top |
|
|
| kuzman |
| Posted: Wed May 04, 2011 5:14 am Post subject: |
|
|
Apprentice
Joined: 24 Aug 2010
Posts: 27
|
I have finded the solution , how can I make https webservice.
I replaced all SOAP nodes to Http nodes and after the deploy it opens a port and working as https webservice(Http nodes instead of soap nodes) 
Another question:
How can I get some web pages with http request node?
Basicly it is for webservice calling? |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed May 04, 2011 5:25 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| kuzman wrote: |
| I replaced all SOAP nodes to Http nodes and after the deploy it opens a port and working as https webservice(Http nodes instead of soap nodes) |
That's a fairly odd solution. 
| kuzman wrote: |
| How can I get some web pages with http request node? |
By configuring the node in your flow to make the request.
| kuzman wrote: |
| Basicly it is for webservice calling? |
Or any other application which is fronted with http.
Clearly if you're calling a webservice which is SOAP based (as most are) it's easier to use the SOAPRequest node in the same way it's easier to use a SOAPInput node to front a flow that's exposed as a webservice (because people expect webservices, even ones which are flows) to have wsdls and so forth.
But this is a path you seem to have turned away from. Your way will still work of course (as you've discovered), just means you'll need to do the heavy lifting manually inside code.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed May 04, 2011 5:25 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed May 04, 2011 5:37 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Ah!
I looked back at your posts. Perhaps this could be the reason.
You have set the HTTPS port for the broker wide HTTP Listener.
for example.
| Code: |
mqsichangeproperties WMB01P -b httplistener -o HTTPSConnector -n port -v 7085
|
In V7 (& later) you can have a HTTP Listener for each ExecutionGroup just like you can with SOAP Listener. The default is one HTTP/HTTPS Listener for the broker. This is the same behaviour as in previous versions.
To use SOAP/HTTPS you need to configure the listener at EG level.
To quote the mqsichangeproperties section of the infocentre.
| Quote: |
Set the port number when changing properties for execution groups:
mqsichangeproperties TEST -e exgroup1 -o HTTPSConnector
-n explicitlySetPortNumber -v 7777
|
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| kuzman |
| Posted: Wed May 04, 2011 5:52 am Post subject: |
|
|
Apprentice
Joined: 24 Aug 2010
Posts: 27
|
I am understand a better a ports. It was a little bit confused me.
How can I configure the httprequest node to get some web page?
I have searched the google but I haven't find any discussion on it. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed May 04, 2011 5:59 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| kuzman wrote: |
How can I configure the httprequest node to get some web page?
I have searched the google but I haven't find any discussion on it. |
Have you tried the HTTPRequest node's description in the InfoCentre? Granted it's not a discussion but it does describe the configuration 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed May 04, 2011 6:05 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
The Email sample flow does just this. Take a look.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
|
|
