                                WMB Direct IP Pub/Sub with BASIC Authetication Lab
                                ==================================================

1. ֹͣ BrokerConfigMgrUserNameServer

2. в User Name Server򴴽 User Name ServerѾڣġ
        mqsicreateusernameserver -i chenyux -a ch1shine -q WBRKQM -g c:/MQSI/6.0/sample/Auth/pwgroup.dat -j -r 5
                
        mqsichangeusernameserver -g c:/MQSI/6.0/sample/Auth/pwgroup.dat -j -r 5

3.  ConfigMgr  Broker User Name Server ҹý밲ȫ
        mqsichangeconfigmgr -s WBRKQM
        mqsichangebroker WBRK -s WBRKQM

4.  UserNameServerConfigMgrBroker

5.  Toolkit  Broker Administration Perspective д Topicsȷ pwgroup.dat ļеûسɹ
        ע⣺
                 2  mqsicreateusernameserver ָ -j  mqsichangeusernameserver ָ -o Toolkit ûӲϵͳмأUser Name Server Ȼָļмء -g ָļϵͳûһ

6.  Toolkit  Broker Administration Perspective е BrokerҼѡ Properties Authentication Protocol Type һ PM
        ע⣺
                P - simple telnet-like password authentication
                M - mutual challenge-response password authentication
                S - asymmetric SSL
                R - symmetric SSL

                MQJMS_DIRECTAUTH_BASIC          ൱ PM
                MQJMS_DIRECTAUTH_CERTIFICATE    ൱ SR

7.  AuthRealTimeInput.msgflow  AuthRealTimeOptimizedFlow.msgflow
        ע⣺
                ֻҪ RealTimeInput  RealTimeOptimizedFlow node  Authentication Դ򹴣ʾҪ֤Ա User Name Server  ConfigMgr  Broker ҹ Event Viewer п "JMS/IP ڵѱӳ١ JMS/IP ڵ֤ԱûƷ֤ϢյϢʱڵ㡣"ͬʱ node Ķ˿ʼ޷ Listener

8. ֤зֱУ
        java AuthPublisher localhost 2001 myTopic publisher pubpw
        java AuthSubscriber localhost 2001 myTopic subscriber subpw

        ע⣺
                publisher/pubpw  subscriber/subpw  pwgroup.dat ļжõ

9. ıʧܡ
        java AuthPublisher localhost 2001 myTopic publisher pubpw2
        java AuthSubscriber localhost 2001 myTopic subscriber subpw2

        ע⣺
                 topicConnectionFactory.createTopicConnection (username, password); ʱ
                        com.ibm.mq.jms.JMSWrappedException: MQJMS6115:  TopicConnection ʱ쳣
                        쳣 java.io.IOException: MQJMS6073: ޶ȿͻӱܾΪ֤ʧ










                                WMB Direct IP Pub/Sub with SSL Authetication Lab (ɹ)
                                =========================================================

1. ֹͣ BrokerConfigMgrUserNameServer

2. в User Name Server򴴽 User Name ServerѾڣġ
        mqsicreateusernameserver -i chenyux -a ch1shine -q WBRKQM -r 5
                
        mqsichangeusernameserver -g -r 5

3.  ConfigMgr  Broker User Name Server ҹý밲ȫ
        mqsichangeconfigmgr -s WBRKQM
        mqsichangebroker WBRK -s WBRKQM

4.  UserNameServerConfigMgrBroker

5.  WMQ  ikeyman  keystore.jksΪ 123456У½ǩ֤Ϊ pubsub

6.  keystore.txt ļΪģ123456ע⣺Ҫлس

7. ½ key.jksΪ 654321 keystore.jks е pubsub ֤ȡΪǩ֤鵼뵽 key.jks УΪ pubsub

8.  Toolkit  Broker Administration Perspective е BrokerҼѡ Properties
        Authentication Protocol Type    = SR
        SSL Keyring File Name           = D:\WMB_Workspace\MsgFlowProject\Security\keystore.jks
        SSL Pass Phrase File Name       = D:\WMB_Workspace\MsgFlowProject\Security\keystore.txt

9. ִ java SSLPublisher


        C:\temp>C:\MQSI\6.0\jre\bin\keytool -genkey -keystore keystore.jks -storetype JKS -storepass storepass -alias Jonathan -dname "CN=CHEN Jonathan, OU=localhost, O=IBM" -keypass keypass



        C:\temp>C:\MQSI\6.0\jre\bin\keytool -help
        keytool ÷

        -certreq     [-v] [-alias <alias>] [-sigalg <sigalg>]
                     [-file <csr_file>] [-keypass <keypass>]
                     [-keystore <keystore>] [-storepass <storepass>]
                     [-storetype <storetype>] [-provider <provider_class_name>] ...

        -delete      [-v] -alias <alias>
                     [-keystore <keystore>] [-storepass <storepass>]
                     [-storetype <storetype>] [-provider <provider_class_name>] ...

        -export      [-v] [-rfc] [-alias <alias>] [-file <cert_file>]
                     [-keystore <keystore>] [-storepass <storepass>] [-pkcs12]
                     [-storetype <storetype>] [-provider <provider_class_name>] ...

        -genkey      [-v] [-alias <alias>] [-keyalg <keyalg>]
                     [-keysize <keysize>] [-sigalg <sigalg>]
                     [-dname <dname>] [-validity <valDays>]
                     [-keypass <keypass>] [-keystore <keystore>]
                     [-storepass <storepass>] [-storetype <storetype>]
                     [-provider <provider_class_name>] ...

        -help

        -identitydb  [-v] [-file <idb_file>] [-keystore <keystore>]
                     [-storepass <storepass>] [-storetype <storetype>]
                     [-provider <provider_class_name>] ...

        -import      [-v] [-noprompt] [-trustcacerts] [-alias <alias>]
                     [-file <cert_file>] [-keypass <keypass>] [-pkcs12]
                     [-keystore <keystore>] [-storepass <storepass>]
                     [-storetype <storetype>] [-provider <provider_class_name>] ...

        -keyclone    [-v] [-alias <alias>] -dest <dest_alias>
                     [-keypass <keypass>] [-new <new_keypass>]
                     [-keystore <keystore>] [-storepass <storepass>]
                     [-storetype <storetype>] [-provider <provider_class_name>] ...

        -keypasswd   [-v] [-alias <alias>]
                     [-keypass <old_keypass>] [-new <new_keypass>]
                     [-keystore <keystore>] [-storepass <storepass>]
                     [-storetype <storetype>] [-provider <provider_class_name>] ...

        -list        [-v | -rfc] [-alias <alias>]
                     [-keystore <keystore>] [-storepass <storepass>]
                     [-storetype <storetype>] [-provider <provider_class_name>] ...

        -printcert   [-v] [-file <cert_file>] [-storetype <storetype>]

        -selfcert    [-v] [-alias <alias>] [-sigalg <sigalg>]
                     [-dname <dname>] [-validity <valDays>]
                     [-keypass <keypass>] [-keystore <keystore>]
                     [-storepass <storepass>] [-storetype <storetype>]
                     [-provider <provider_class_name>] ...

        -storepasswd [-v] [-new <new_storepass>]
                     [-keystore <keystore>] [-storepass <storepass>]
                     [-storetype <storetype>] [-provider <provider_class_name>] ...










                                WMB Direct IP Pub/Sub Access Control Lab
                                ========================================

1. ֹͣ BrokerConfigMgrUserNameServer

2. в User Name Server򴴽 User Name ServerѾڣġ
        mqsicreateusernameserver -i chenyux -a ch1shine -q WBRKQM -g c:/MQSI/6.0/sample/Auth/pwgroup.dat -j -r 5
                
        mqsichangeusernameserver -g c:/MQSI/6.0/sample/Auth/pwgroup.dat -j -r 5

3.  ConfigMgr  Broker User Name Server ҹý밲ȫƲ Pub/Sub Access Control
        mqsichangeconfigmgr -s WBRKQM
        mqsichangebroker WBRK -s WBRKQM -j

4.  UserNameServerConfigMgrBroker

5.  Toolkit  Broker Administration Perspective  Topics д myTopicָȨ:

        Principle       Publish         Subscribe       Persistent
        ---------       -------         ---------       ----------
        publisher       Allow           Deny            Yes
        subscriber      Deny            Allow           Yes

6.  Toolkit  Broker Administration Perspective е BrokerҼѡ Properties Authentication Protocol Type һ PM  P հףЧͬġ

7.  AuthRealTimeInput.msgflow  AuthRealTimeOptimizedFlow.msgflow

8. ֤
        java AuthPublisher localhost 2001 myTopic publisher pubpw               // OK
        java AuthPublisher localhost 2001 myTopic publisher pubpw2              // ERROR, MQJMS6115 + MQJMS6073
        java AuthSubscriber localhost 2001 myTopic subscriber subpw             // OK
        java AuthSubscriber localhost 2001 myTopic subscriber subpw2            // ERROR, MQJMS6115 + MQJMS6073

        java AuthPublisher localhost 2001 myTopic subscriber subpw              //  OK޷û
        java AuthSubscriber localhost 2001 myTopic publisher pubpw              // ERROR, MQJMS6312:  "myTopic" ķȨԤ










                                HTTPS Request Servlet Lab
                                =========================

1.  WAS ׼ÿͨ HTTPS õ JSP
        https://192.168.37.129:9443/WebProject/MyInput.jsp

2.  HTTPSRequestWAS HTTP Request node  Web Service URL 趨Ϊ
        https://192.168.37.129:9443/WebProject/MyInput.jsp

3.  WMQ  ikeyman ߴ WAS µ profiles\<server>\etc\DummyServerKeyFile.jksΪ WebASеĸ֤飨ֻһȡΪǩ֤ӵ WMB  <WMB_Install_Dir>\6.0\jre\lib\security\cacerts УΪ changeitſָ WAS ͬ jserver֤ļ JKS ʽġ

4.  Broker

5. ֤
         QIn ϢQOut  MyInput.jsp ҳϢ










                                HTTPS Input Lab
                                ===============

1.  WMQ  ikeyman  wbrk.jks 123456У½ǩ֤Ϊ wbrk

2.  Broker 
        mqsichangeproperties WBRK -b httplistener -o HTTPListener -n enableSSLConnector -v true
        mqsichangeproperties WBRK -b httplistener -o HTTPSConnector -n keystoreFile -v D:\WMB_Workspace\MsgFlowProject\Security\wbrk.jks
        mqsichangeproperties WBRK -b httplistener -o HTTPSConnector -n keystorePass -v 123456
        mqsichangeproperties WBRK -b httplistener -o HTTPSConnector -n port -v 7081

        ע⣺Ҫ Broker 
3. ֤
         IE з https://localhost:7081/myServletʾ֤鰲ȫ⣬Ƿѡ ""ʳɹ










                                HTTPS Request Lab
                                =================

1.  Lab HTTPS Input Lab еǩ֤ҪȡΪǩ֤ӵ WMB  <WMB_Install_Dir>\6.0\jre\lib\security\cacerts 

2. HTTPS Request node  HTTPS Input Lab ų https://localhost:7081/myServlet
