<rt id="bn8ez"></rt>
<label id="bn8ez"></label>

  • <span id="bn8ez"></span>

    <label id="bn8ez"><meter id="bn8ez"></meter></label>

    ゞ沉默是金ゞ

    魚離不開水,但是沒有說不離開哪滴水.
    posts - 98,comments - 104,trackbacks - 0

    The following step explains how you can enable a security layer for communication between your environment's endpoints.

    Before you begin

    Be sure you have completed Java SE security tutorial - Step 3 prior to proceeding with this task.

    About this task

    The eXtreme Scale topology supports both Transport Layer Security/Secure Sockets Layer (TLS/SSL) for secure communication between ObjectGrid endpoints (client, container servers, and catalog servers). This step of the tutorial builds upon the previous steps to enable transport security.

    Procedure

    1. Create TLS/SSL keys and key stores
      In order to enable transport security, you must create a key store and trust store. This exercise only creates one key and trust-store pair. These stores are used for ObjectGrid clients, container servers, and catalog servers, and are created with the JDK keytool.
      • Create a private key in the key store

        keytool -genkey -alias ogsample -keystore key.jks -storetype JKS -keyalg rsa -dname "CN=ogsample, OU=Your Organizational Unit, O=Your Organization, L=Your City, S=Your State, C=Your Country" -storepass ogpass -keypass ogpass -validity 3650

        Using this command, a key store key.jks is created with a key "ogsample" stored in it. This key store key.jks will be used as the SSL key store.

      • Export the public certificate

        keytool -export -alias ogsample -keystore key.jks -file temp.key -storepass ogpass

        Using this command, the public certificate of key "ogsample" is extracted and stored in the file temp.key.

      • Import the client's public certificate to the trust store

        keytool -import -noprompt -alias ogsamplepublic -keystore trust.jks -file temp.key -storepass ogpass

        Using this command, the public certificate was added to key store trust.jks. This trust.jks is used as the SSL trust store.

    2. Configuring ObjectGrid property files

      In this step, you must configure the ObjectGrid property files to enable transport security.

      First, copy the key.jks and trust.jks files into the objectgridRoot/security directory.

      We set the following properties in the client.properties and server.properties file.

      transportType=SSL-Required  alias=ogsample contextProvider=IBMJSSE2 protocol=SSL keyStoreType=JKS keyStore=../security/key.jks keyStorePassword=ogpass trustStoreType=JKS trustStore=../security/trust.jks trustStorePassword=ogpass

      transportType: The value of transportType is set to "SSL-Required", which means the transport requires SSL. So all the ObjectGrid endpoints (clients, catalog servers, and container servers) should have SSL configuration set and all transport communication will be encrypted.

      The other properties are used to set the SSL configurations. See Transport layer security and secure sockets layer for a detailed explanation. Make sure you follow the instructions in this topic to update your orb.properties file.

      Make sure you follow this page to update your orb.properties file.

      In the server.properties file, you must add an additional property clientAuthentication and set it to false. On the server side, you do not need to trust the client.

      clientAuthentication=false

    3. Run the application

      The commands are the same as the commands in the Java SE security tutorial - Step 3 topic.

      Use the following commands to start a catalog server.
      1. Navigate to the bin directory: cd objectgridRoot/bin
      2. Start the catalog server:
        • [Linux][Unix]
          startOgServer.sh catalogServer -clusterSecurityFile ../security/security.xml  -serverProps ../security/server.properties -JMXServicePort 11001  -jvmArgs -Djava.security.auth.login.config="../security/og_jaas.config"
        • [Windows]
          startOgServer.bat catalogServer -clusterSecurityFile ../security/security.xml  -serverProps ../security/server.properties -JMXServicePort 11001 -jvmArgs  -Djava.security.auth.login.config="../security/og_jaas.config"

        The security.xml and server.properties files were created in the Java SE security tutorial - Step 2 page.

        Use the -JMXServicePort option to explicitly specify the JMX port for the server. This option is required to use the xsadmin command.

        Run a secure ObjectGrid container server:

      3. Navigate to the bin directory again: cd objectgridRoot/bin
        • [Linux][Unix]
          startOgServer.sh c0 -objectGridFile ../xml/SecureSimpleApp.xml  -deploymentPolicyFile ../xml/SimpleDP.xml -catalogServiceEndPoints  localhost:2809 -serverProps ../security/server.properties  -JMXServicePort 11002 -jvmArgs  -Djava.security.auth.login.config="../security/og_jaas.config"  -Djava.security.auth.policy="../security/og_auth.policy"
        • [Windows]
          startOgServer.bat c0 -objectGridFile ../xml/SecureSimpleApp.xml  -deploymentPolicyFile ../xml/SimpleDP.xml -catalogServiceEndPoints localhost:2809  -serverProps ../security/server.properties -JMXServicePort 11002  -jvmArgs -Djava.security.auth.login.config="../security/og_jaas.config"  -Djava.security.auth.policy="../security/og_auth.policy"
      Notice the following differences from the previous container server start command:
      • Use SecureSimpleApp.xml instead of SimpleApp.xml
      • Add another -Djava.security.auth.policy to set the JAAS authorization policy file to the container server process.

      Run the following command for client authentication:

      1. cd objectgridRoot/bin
      2. javaHome/java -classpath ../lib/objectgrid.jar;../applib/secsample.jar  com.ibm.websphere.objectgrid.security.sample.guide.SecureSimpleApp  ../security/client.properties manager manager1

        Because user "manager" has permission to all the maps in the accounting ObjectGrid, the application runs successfully.

      You may also use xsadmin to show the mapsizes of the "accounting" grid.
      • Navigate to the directory objectgridRoot/bin.
      • Use the xsadmin command with option -mapSizes as follows.
        • [Unix][Linux]
          xsadmin.sh -g accounting -m mapSet1 -mapsizes -p 11001 -ssl  -trustpath ..\security\trust.jks -trustpass ogpass -trusttype jks  -username manager -password manager1
        • [Windows]
          xsadmin.bat -g accounting -m mapSet1 -mapsizes -p 11001 -ssl  -trustpath ..\security\trust.jks -trustpass ogpass -trusttype jks  -username manager -password manager1

        Notice we specify the JMX port of the catalog service using -p 11001 here.

        You see the following output.

        This administrative utility is provided as a sample only and is not to  be considered a fully supported component of the WebSphere eXtreme Scale product. Connecting to Catalog service at localhost:1099 *********** Displaying Results for Grid - accounting, MapSet - mapSet1 *********** *** Listing Maps for c0 *** Map Name: customer Partition #: 0 Map Size: 1 Shard Type: Primary Server Total: 1 Total Domain Count: 1

      Running the application with an incorrect key store

      If your trust store does not contain the public certificate of the private key in the key store, you will get an exception complaining that the key cannot be trusted.

      In order to show this, create another key store key2.jks.

      keytool -genkey -alias ogsample -keystore key2.jks -storetype JKS -keyalg rsa -dname "CN=ogsample, OU=Your Organizational Unit, O=Your Organization, L=Your City, S=Your State, C=Your Country" -storepass ogpass -keypass ogpass -validity 3650

      Then modify the server.properties to make the keyStore point to this new key store key2.jks:

      keyStore=../security/key2.jks

      Run the following command to start the catalog server:

      1. Navigate to bin: cd objectgridRoot/bin
      2. Start the catalog server:
        [Linux][Unix]
        startOgServer.sh c0 -objectGridFile ../xml/SecureSimpleApp.xml  -deploymentPolicyFile ../xml/SimpleDP.xml -catalogServiceEndPoints localhost:2809  -serverProps ../security/server.properties -jvmArgs  -Djava.security.auth.login.config="../security/og_jaas.config"  -Djava.security.auth.policy="../security/og_auth.policy"
        [Windows]
        startOgServer.bat c0 -objectGridFile ../xml/SecureSimpleApp.xml  -deploymentPolicyFile ../xml/SimpleDP.xml -catalogServiceEndPoints localhost:2809  -serverProps ../security/server.properties -jvmArgs  -Djava.security.auth.login.config="../security/og_jaas.config"  -Djava.security.auth.policy="../security/og_auth.policy"

        You see the following exception:

        Caused by: com.ibm.websphere.objectgrid.ObjectGridRPCException:     com.ibm.websphere.objectgrid.ObjectGridRuntimeException:         SSL connection fails and plain socket cannot be used.

        Finally, change the server.properties file back to use the key.jks file.

    posted on 2012-06-26 19:33 ゞ沉默是金ゞ 閱讀(847) 評論(0)  編輯  收藏 所屬分類: eXtreme
    主站蜘蛛池模板: 亚洲av无码电影网| 成人免费看黄20分钟| 亚洲最大的视频网站| 成人性生免费视频| 一区二区三区免费看| 亚洲一级毛片免费看| 亚洲日韩精品射精日| 又粗又大又黑又长的免费视频 | 成年大片免费高清在线看黄| 在线看片人成视频免费无遮挡| 极品美女一级毛片免费| 亚洲av无码天堂一区二区三区| 久久免费公开视频| 久热综合在线亚洲精品| 男人进去女人爽免费视频国产| 亚洲熟女www一区二区三区| 亚洲无码在线播放| 大陆一级毛片免费视频观看i| 99在线免费视频| 亚洲AV无码一区二区三区牲色| 在线观看免费高清视频| 国产免费一级高清淫曰本片| 亚洲福利一区二区精品秒拍| 亚洲综合激情另类专区| 中文字幕视频免费在线观看 | 亚洲视频一区在线观看| 国产hs免费高清在线观看| 国产亚洲精品成人久久网站| 97久久精品亚洲中文字幕无码 | 亚洲人成无码www久久久| 无码日韩精品一区二区免费| 少妇性饥渴无码A区免费| 视频一区二区三区免费观看| 国产精品亚洲片夜色在线| 亚洲精品国产成人99久久| MM131亚洲国产美女久久| 国产高清在线精品免费软件| 亚洲精品免费网站| 少妇太爽了在线观看免费视频 | 国产精品亚洲二区在线| 国产亚洲玖玖玖在线观看|