As per my last question and with the help I was successfully able to look up an ejb deployed in websphere using the thin client.
Unable to lookup if SSL is enabled in Websphere 8.5
I had also made the SSL-Required for both the inbound and outbound communication.
To conclude my testing I thought of capturing the traffic using the Wireshark to ensure that all the communication is happening over SSL instead of TCP/IP but to my surprise when I seen the packets in wireshark it is still using the TCP/IP and all the data was transferring in text format.
My understanding is once the "SSL-Required" is enabled at the transport layer all the communication and handshake should be happening over SSL rather than TCP/IP. Is my understanding correct ?
Server Configuration :
Sample Client:
public static void main(String args[]) throws NamingException {
Properties ejbProps = new Properties();
ejbProps.put("org.omg.CORBA.ORBClass", "com.ibm.CORBA.iiop.ORB");
ejbProps.put(Context.INITIAL_CONTEXT_FACTORY,
"com.ibm.websphere.naming.WsnInitialContextFactory");
ejbProps.put(Context.PROVIDER_URL, "corbaloc:iiop:160.XX.XX.XX:2809");
InitialContext ffmContext = new InitialContext(ejbProps);
Object remoteObject = ffmContext
.lookup("ejb/MyAppEar-CLUSTER/MyAppEJB.jar/BatchIdTrackingBean#indi.nh.business.framework.bos.di.BatchIdTrackingBeanRemote");
BatchIdTrackingBeanRemote serviceTester = (BatchIdTrackingBeanRemote) PortableRemoteObject
.narrow(remoteObject, BatchIdTrackingBeanRemote.class);
System.out.println(serviceTester);
}
Wireshark capture :
Here , X.X.X.126 is my client location from where I am executing thin client and X.X.X.241 is my websphere app server where i am doing the lookup.
Update :
On analyzing more , i found that when I had enabled the "SSL-Required" , all the data is transferring over TCP/IP but it is encrypted , my understanding is it should be displayed as SSL instead of TCP in wireshark , isn't it ? . And when I made the transport type as only "TCP/IP" , then data transfers over GIOP and I can see the all the data in Text format.
Can anybody please confirm on this behavior ?
Related
Trying to publish a message to RabbitMQ using Masstransit but its failing.
I've looked at a few SO posts on this but none have a concrete answer. I've tried different ways of formatting the connection string, hard coding, etc but nothing seems to work.
If I connect outside of the app just via the browser, everything works fine.
In my app though, it just can't connect?
[09:09:46 WRN] Connection Failed: rabbitmq://{host}:15672/
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
---> System.IO.IOException: connection.start was never received, likely due to a network timeout
I'm registering it like:
serviceCollection.AddMassTransit(x =>
{
x.UsingRabbitMq((rabbitContext, rabbitConfig) =>
{
rabbitConfig.Host(new Uri("amqps://{host}:15672/"), h =>
{
h.Username("admin");
h.Password("...");
});
rabbitConfig.ConfigureEndpoints(rabbitContext);
rabbitConfig.Durable = true;
});
});
If I just use the RabbitMQ library it also connects fine, so Masstransit seems to be the issue here?
/var/log/rabbitmq/rabbit#mg.log only logs failed connections via the management panel it seems, at least its not logging for failed app connects.
Check that you are using the right network port. Port 15672 is the default port for the web-based management console, which is not the same port MassTransit needs to connect to. That defaults to 5672 for plain AMQP, and 5671 for TLS-secured AMQP.
To confirm which ports your RabbitMQ server is listening on, and that your web server can access them see this troubleshooting guide and the answers to this question.
In one of our spring boot apps used in Springcloud dataflow streams, we are currently using HapiContext to construct a new HL7 client and establish a connection out of it to send HL7 messages to a TCP host and port.
#Autowired
HapiContext context;
Connection connection = context.newClient(host, Integer.parseInt(port), false);
// The initiator which will be used to transmit our message
Initiator initiator = connection.getInitiator();
Message response = initiator.sendAndReceive(adtMessage);
Currently we are not using SSL/TLS for this connection and call. but we now have a requirement such that the call should be changed to an SSL based one.
I have tried doing a lot of searches on the Internet, but I am not able to find any documentation on how to achieve this.
Is there anyway to get this done?
How are you creating the HapiContext?
The DefaultHapiContext seems to provide for creating a client with a tls parameter.
lookup for the ca.uhn.hl7v2.hoh.sockets.CustomCertificateTlsSocketFactory, this should have createClientSocket which will add the SSL context necessary
Can I simulate a TCP client/server interaction using Apache NiFi processors alone or do I have to write code for this? The processors to be considered here are ListenTCP, PutTCP, and GetTCP. In particular, I want to simulate and show a POC for sending HL7 messages from a TCP client to a TCP server. Anyone done this before using NiFi? Any help would be appreciated. Thanks.
ListenTCP starts a server socket waiting for incoming TCP connections. Your client can make connections to the hostname where NiFi is running and the port specified in ListenTCP. If your client needs to send multiple pieces of data over a single connection, then it must send new-lines in between each message. You can simulate a client in NiFi by using PutTCP and pointing it at the same host/port where ListenTCP is running.
UPDATE - Here is an example of the flow:
By default, the activemq uses tcp protocol. But now, I change it to use ssl.
If I deploy the publisher and server on one machine, it makes no difference with regard to the speed. But after I deploy them on different machine, it's much slower to use ssl than to use tcp. Is this normal? If not, what's probably wrong with my code?
Thanks.
Depends on how much slower your application is working.
If you process huge amount of data volumes, SSL will take a decent amount of CPU cycles to encrypt (and also decrypt) the data. Is it the ActiveMQ server that is slower or is it the client. Profile the system setup to get an overview where to find the bottenecks.
Another possibillity is frequent hand shakes. Say your client code (can you post it?) to send messages by opening a connection for each message, it might be the case that the latency for sending a message will suffer from the increased SSL handshake time compared to plain tcp.
UPDATE:
A speed up would be to reuse your connection. A SSL handshake has to be done for every message sent in your case which involves cpu expensive asymmetric crypto and a few more tcp roundtrips than plain TCP. It is easy to do, with the pooling connection factory provided by activemq. This example does not alter your code much:
public class MySender{
private static ConnectionFactory factory = new org.apache.activemq.pool.PooledConnectionFactory("ssl://192.168.0.111:61616");
public void send(){
Connection connection = factory.createConnection();
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
Topic topic = session.createTopic(newDataEvent.getDataType().getType());
MessageProducer producer = session.createProducer(topic);
TextMessage message = session.createTextMessage();
message.setText(xstream.toXML(newDataEvent));
producer.send(message);
session.close();
connection.close();
}
}
I am facing two issues when i try to connect to MQ which is deployed on a Remote Server from Weblogic Server(WLS) by creating a Foreign Server.
1. When I try to connect to MQ Queuemanager in Bindings mode(after importing the .Bindings file) i keep getting the below error in WLS console:
java.lang.UnsatisfiedLinkError: no mqjbnd05 in java.library.path
If i Switch the Transport to Client i keep getting:
JMSWMQ0018: Failed to connect to queue manager '' with connection mode 'Client' and host name 'localhost'. Check the queue manager is started and if running in client mode, check there is a listener running. Please see the linked exception for more information.
Has anyone seen this, and are there any performance implications which dictate the use of client over bindings and vice versa?
TIA
Finally i was able to resolve this, i had to recreate the .bindings file in the client mode, with changes to the IVTsetup.bat which is most likely present in
C:\Program Files\IBM\WebSphere MQ\java\bin, I had to run this
def qcf(psQCF) TRANSPORT(CLIENT) HOST(SMEKA) PORT(1415) CHANNEL(ps_SRV_CHANNEL) QMGR(psQM)
to generate the .bindings file.
Refer to this link for more details:
http://publib.boulder.ibm.com/infocenter/wbihelp/v6rxmx/index.jsp?topic=/com.ibm.wbia_adapters.doc/doc/peoplesoft/peopleso103.htm
Where the question states that I try to connect to MQ which is deployed on a Remote Server from Weblogic Server I assume this means that WLS and WMQ are on two different hosts. If that is the case, then a bindings mode connection (which relies on shared memory segments) won't work.
The client mode connection appears to be using a CF that is pointed to localhost rather than the IP or hostname of the WMQ server. This would work for an application on the same host as the queue manager but not when the app and QMgr are on separate servers.
As far as choosing between client and bindings mode, the answer is that if the QMgr is local use bindings. This provides highest reliability, best performance and XA transactionality. When using client mode, two-phase XA commit is not supported without the Extended Transactional Client. Per the JMS specification, there is an ambiguity that can exist if an app loses the connection during a COMMIT call. Depending on how the app handles this it's possible to end up with duplicate messages. (The JMS spec refers to these as "functionally duplicate.") This ambiguity is much less likely to occur with a bindings mode connection since there is no network latency and not even any traversal of the IP stack or interface. So use bindings mode where possible.
UPDATE:
Removed note about Extended Transactional Client being a chargeable component. As of April 24th, XTC is free of charge for all versions of WMQ on all platforms.