Configuring the MQ server
- Download apache-activemq-<version>-bin.tar.gz to the server that will host Active MQ.
- Install the following packages if not already present:
- Add firewall rules for the following ports:
- 8161
- 8888
- 61616
- Extract the contents of apache-activemq-<version>-bin.tar.gz to /opt
- Navigate to /opt/apache-activemq-<version>/
- Start the ActiveMQ server via `bin/activemq start`
- Access the ActiveMQ management console via the web browser:
- http://mqserver.example.com:8161
- Provide the default administrative credentials:
- Username: admin
- Password: admin
- Select "Queues."
- Create a new queue, specifying a unique name.
Configuring the Layer 7 Gateway appliance
- Copy activemq-all-<version>.jar to the Layer 7 Gateway appliance as the ssgconfig user.
- Move activemq-all-<version>.jar to /opt/SecureSpan/Gateway/runtime/lib/ext
- Set ownership to layer7:layer7 for activemq-all-<version>.jar
- Set permissions to 444 for activemq-all-<version>.jar
- Restart the Gateway service.
Configuring the Outbound JMS Destination
- Log into the Layer 7 Policy Manager as an administrative user.
- Select "Manage JMS Destinations" from the "Tasks" menu.
- Add a new JMS destination.
- Specify a uniquely identifiable name.
- Select the "General" tab.
- Set the "Direction" as "Outbound."
- Set the "Provider Type" as "Generic JMS."
- Select the "JNDI" tab.
- Set the "Initial Context Factory class name" as "org.apache.activemq.jndi.ActiveMQInitialContextFactory"
- Set the "JNDI URL" as "tcp://mqserver.example.com:61616"
- Select the "Destination" tab.
- Set the "Connection Factory Name" as "ConnectionFactory".
- Set the "Destination Name" as "dynamicQueues/<queue name>" where <queue name> is the queue created in the ActiveMQ management console.
- Select the "Test" button.
- Save the destination and close the dialog.
Publishing the Outbound JMS service policy
- Publish a new service policy.
- Insert the "Route via JMS" assertion.
- Set the "JMS Destination" as the name of the previously configured destination.
- Save the assertion properties.
- Save and activate the policy.
Consuming the Outbound JMS service policy
- Log into the MQ server as any user.
- Push a message to the Outbound JMS service policy created previously:
- curl -H "Content-Type: text/xml" -d "<xml>Test message.</xml>" http://gateway.example.com:8080/service
- Log into the ActiveMQ management console via the web browser.
- View the queue that was created. A message should be visible.
Configuring a simple MQ message recipient
- Log into the MQ server as any user.
- Open a TCP port to listen for incoming connections:
- while true ; do nc -l 8888 <<< "HTTP/1.1 200 OK\r\SUCCESS" ; done
- NOTE: The above command will open a TCP port on 8888 and respond to TCP connections with the above string. This simulates a web server accepting requests from the Gateway.
Publishing the Inbound JMS service policy
- Log into the Layer 7 Policy Manager as an administrative user.
- Publish a new service policy.
- Insert the "Route via HTTP" assertion.
- Set the routing URL as "http://mqserver.example.com:8888"
- Save and activate the policy.
Configuring the Inbound JMS Destination
- Select "Manage JMS Destinations" from the "Tasks" menu.
- Clone the previously created JMS destination.
- Select the "General" tab.
- Set the "Direction" as "Inbound."
- Select the "Inbound Options" tab.
- Check "Associate destination with published service (bypass resolution)."
- Set the "Service name" to the newly created inbound JMS service policy.
- Save the destination and close the dialog.
The simple MQ recipient created previously should then receive the message that was transmitted via `curl`.