WebSphere MQ Everyplace provides sophisticated security that allows applications to run over HTTP, through the protection of an Internet firewall. The purpose of the WebSphere Everyplace communications adapter is to allow WebSphere MQ Everyplace applications to authenticate themselves with the WebSphere Everyplace authentication proxy and thus allow messages to flow through it. Figure 2 shows a basic scenario with two applications communicating over the Internet through the WebSphere Everyplace authentication proxy.
Figure 2. Applications communicating through the WebSphere authentication proxy
The WebSphere MQ Everyplace adapter acts as the Auth HTTP adapter on the sending application. The receiving application could use either the same adapter or the standard HTTP adapter provided with WebSphere MQ Everyplace.
However, the real value of WebSphere MQ Everyplace is that it allows asynchronous messaging to occur in a typically synchronous environment. It is possible to gather enqueued requests from the receiving application and deal with them time-independently. Figure 3 shows how incoming requests could be made to reach WebSphere MQ servers asynchronously.
Figure 3. Applications communicating asynchronously through the WebSphere Authentication Proxy
In each of these environments the WebSphere authentication proxy is adding the ability to control access to the receiving applications. The adapter code supports this by adding (application-supplied) user ID and password information to each outgoing HTTP request. The WebSphere authentication proxy accepts these requests and verifies that the supplied credentials are valid for the current environment. If the credentials are valid the proxy forwards the request to the receiving application.
In a standard WebSphere MQ Everyplace installation the WebSphere Everyplace adapter consists of, and is supported by the following files:
If your environment CLASSPATH variable is set to find all classes within the WebSphere MQ Everyplace Java folder, the WebSphere Everyplace adapter class files should be accessible from within the Java environment. If the files are not accessible, issue a command such as:
set CLASSPATH=%CLASSPATH%;c:\mqe\java
This will make the new classes visible to Java. (The exact format of this command may vary from system to system.) Once this is complete you should be able to use the WebSphere Everyplace adapter classes in the same way as any other WebSphere MQ Everyplace classes.
This section provides information on how to use the WebSphere Everyplace adapter. The information is divided into three parts:
The information in this section assumes that both the WebSphere Everyplace authentication proxy and WebSphere MQ Everyplace have been installed and configured correctly. It is also assumed that an WebSphere MQ Everyplace server queue manager and an WebSphere MQ Everyplace client queue manager have been configured.
(ascii)Network=com.ibm.mqe.adapters.MQeWESAuthenticationAdapter
(ascii)Network=com.ibm.mqe.adapters.MQeWESAuthenticationAdapter
(ascii)Network=com.ibm.mqe.adapters.MQeTcpipHttpAdapter
com.ibm.mqe.adapters.MQeWESAuthenticationAdapter. setBasicAuthorization("myUserId@myRealm", "myPassword");Replace the parameters with a valid WES Server user ID and password.
You also need to add code to catch the new MQeException Except_Authenticate after each network operation, in case the supplied credentials were invalid.
The above parameters can be set by adding the following to your Java application:
System.getProperties( ).put( "http.proxySet", "true" ); System.getProperties( ).put( "http.proxyHost", "wes.hursley.ibm.com" ); System.getProperties( ).put( "http.proxyPort", "8082" );
The client queue manager's connection to the target WebSphere MQ Everyplace server is similar to a connection that doesn't use the WES proxy.
Figure 4. Administration interface panel
You need to restart the server and client queue managers for the new settings to take effect. The client should then be able to send messages to the server through the proxy.
To set this up from WebSphere MQ Everyplace you need to update the client's connection reference to the server.
If you are using the WebSphere MQ Everyplace Example Administration tool, select Connection and then Update to configure this.
Figure 5. Administration interface panel
The following information describes the use of the example class file, examples.adapters.WESAuthenticationGUIAdapter. This class adds a small user interface to the base WES adapter function.
Figure 6. WebSphere Everyplace Suite adapter user dialog
The client should now able to send messages to the server using the WESAuthenticationGUIAdapter. This adapter intercepts write calls to the WES adapter, and on the first request it pops up a dialog box that prompts for user ID and password information.
When the user clicks on OK or presses the Enter key, the setBasicAuthorization() method is called with the values from the userid and password fields. The write() is then forwarded on to the underlying WES adapter. The dialog box also has a Cancel button which, when selected, cancels the current write operation by not forwarding the request to the WES adapter. This causes an MQeException (Except_Stopped) to be thrown.
If authentication fails, the dialog box is redisplayed on the next write() along with any information provided by the server. In order to learn of an authentication failure, the example adapter intercepts read() calls and catches any Except_Authenticate MQeExceptions coming from the adapter.
The following information describes the use of the example application file, examples.application.Example7. This example behaves in a similar way to the MQSeries Everyplace programming example examples.application.Example1 and uses the basic WES adapter for communications.
java examples.application.Example7 Server client.iniwhere