| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ Binding in WESB export and Digital signature verification |
« View previous topic :: View next topic » |
| Author |
Message
|
| muralihegde |
 Posted: Wed Oct 08, 2008 8:25 pm Post subject: MQ Binding in WESB export and Digital signature verification |
 |
|
Centurion
Joined: 30 Apr 2002
Posts: 108
|
Hi
We have a requirement where in the export end points exposed by WESB have WS Security digital signature verification implemented. That is the consumer applications have to sign the soap body with a digital certificate and this signature is validated at WESB export end point.
For exports with web services binding with soap/http, this works perfectly fine, since the WS bindings configuration (using the deployment editor) has been configured for the same.
But when we expose the same via MQ Bindings in export (Message Bindings->MQ Binding), I could not see the WS bindings for the export in the deployment editor, as I understand because this not a web services binding.
How do we achieve this now?
The property tab for the export with MQ bindings has a security tab, but this has only SSL enablement. We do not want SSL authentication, but rather we want to consume the security header in the soap envelop and validate the signature against the certificate stored in the underlying WESB/WAS trust store. |
|
| Back to top |
|
 |
| JLRowe |
| Posted: Thu Oct 09, 2008 5:09 am Post subject: |
|
|
Yatiri
Joined: 25 May 2002
Posts: 664
Location: South East London
|
| Can you make the settings in the SOAP/JMS binding? - if yes, then use the SOAP/JMS binding to run over MQ. |
|
| Back to top |
|
|
| muralihegde |
| Posted: Mon Oct 13, 2008 6:59 am Post subject: |
|
|
Centurion
Joined: 30 Apr 2002
Posts: 108
|
Hi Using the soap-jms message, I have managed to get it working, by configuring the export with Web services binding for soap/jms. In this case, I could also configure the WS security to accept the digital signature.
But In our current case, we need to use a non-jms, pure MQ SOAP message. I am looking for how to achieve this, if the incoming message just has only MQMD followed by thh full SOAP pay load.
The databinding com.ibm.websphere.sca.mq.data.impl.MQDataBindingImplXML recognizes only the XML business object as long as the messasge body just matches the soap body, (without the soap tags). It does not recognize the soap headers.
I am not sure if I could conclude that the soap message has to have the jms header on MQ for WESB to interpret it as a soap message. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Oct 13, 2008 9:30 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| muralihegde wrote: |
Hi Using the soap-jms message, I have managed to get it working, by configuring the export with Web services binding for soap/jms. In this case, I could also configure the WS security to accept the digital signature.
But In our current case, we need to use a non-jms, pure MQ SOAP message. I am looking for how to achieve this, if the incoming message just has only MQMD followed by thh full SOAP pay load.
The databinding com.ibm.websphere.sca.mq.data.impl.MQDataBindingImplXML recognizes only the XML business object as long as the messasge body just matches the soap body, (without the soap tags). It does not recognize the soap headers.
I am not sure if I could conclude that the soap message has to have the jms header on MQ for WESB to interpret it as a soap message. |
You still need to use SOAP over JMS. However when specifying the JMS destination use the uri form:
| Code: |
| "queue://QMGR/QUEUE?targetClient=1". |
This should allow you to strip the RFH header from the message and get what you are looking for.
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
