Integrating WebSphere Message Broker with IBM Business Process Manager

This article shows you how to integrate WebSphere Message Broker with IBM Business Process Manager Standard Edition, with pragmatic ways to get the two products working together at both design time and run time.

Paul Smith (pasmith@uk.ibm.com), Solution Architect, WebSphere Connectivity and Integration team, IBM

Photo of Paul SmithPaul Smith is a Solution Architect on the WebSphere Connectivity and Integration team at the IBM Software Lab in Hursley Park, United Kingdom. You can contact Paul at pasmith@uk.ibm.com.



06 March 2013

Also available in Chinese

Introduction

This article describes the integration of IBM® WebSphere® Message Broker (hereafter called Message Broker) with IBM Business Process Manager Standard Edition (hereafter called IBM BPM) . Because Message Broker V8.0.0.1 is going to change the way in which services are created, this article focuses on bottom-up scenarios for the time being. As soon as Message Broker Fix Pack 1 is available, the top-down scenarios can be completed.

This article describes pragmatic ways to get the two products to work together from both design-time and run-time perspectives. For design time, integration involves methods that will make the different tools look more or less aligned. The key deliverable is to make the tools look like they work together in an aligned way so that you can easily do demo's, pilots, and proofs-of-concept (PoCs).

The article focuses on out-of-the-box features, even though many utilities have been developed to extend Message Broker capabilities. The article does not cover development governance, impact analysis, or changes to existing implementations, which will need to be addressed in the future. Also, the article covers only web service integration between the two products, and leaves JMS and MQ integration for a future article.

Configuring the Message Broker SSL environment

This section is relevant only if you want to connect Message Broker and IBM BPM using SSL. In both cases the article uses self-signed certificates, which clearly is not recommended for production environments, but will work for demos and PoCs, and can easily be adapted to use certificates from the various certificate authorities.

Create a Message Broker key and trust store

Assuming it has not already been done, you need to create a key store and a trust store for Message Broker to use:

  1. Start Message Broker ikeyman whilst logged in as a Message Broker administrator:
  2. Add a new database:
  3. Create a new self-signed certificate:
  4. Configure the certificate as required:
  5. Export the newly configured certificate to the filesystem so that you can import it into IBM BPM later:
  6. Perform steps 1 and 2 to also create the Trust Store database.

Configure Message Broker to use the key and trust stores

  1. Open a command window as a Message Broker administrator and issue the following commands:
    mqsichangeproperties <BROKERNAME> –o BrokerRegistry –n brokerKeystoreFile 
        –v /var/mqm/BrokerKeyStore.jks
    mqsichangeproperties <BROKERNAME> –o BrokerRegistry –n brokerTruststoreFile 
        –v /var/mqm/BrokerTrustStore.jks
    mqsistop <BROKERNAME>
    mqsisetdbparms <BROKERNAME> –n brokerKeystore::password –u ignore –p *******
    mqsisetdbparms <BROKERNAME> –n brokerTruststore::password –u ignore –p *******
    mqsistart <BROKERNAME>
  2. Check that Message Broker has been configured correctly:
    mqsireportproperties <BROKERNAME> -o BrokerRegistry -r

Swapping certificates between runtimes

You now need to swap certificates between the two runtimes. On the IBM BPM side, you need to be aware of two certificate stores – the standard WebSphere Application Server Trust Store, which is used by the runtime to pass credentials when SSL services are being invoked, and the Trust Store used by WebSphere Application Server Java, which is used during discovery of services by IBM BPM Process Designer. The copying of the required certificates is show below:

Copying the IBM BPM root certificate to the JVM certificates file is not required, but will help if Process Designer needs to find SSL services on its own server.

Extract signer certificate from IBM BPM and install on Message Broker

Next, extract the self signed root certificate from IBM BPM and install it into the Message Broker Trust Store:

Export IBM BPM certificate

  1. Log into the WebSphere Application Server admin console.
  2. Select Security => SSL Certificate and Key Management => Key Stores and Certificates => nodeDefaultTrustStore => Signer Certificates.
  3. Select the root certificate and then click Export:
  4. Enter a name for the export file and click OK:

Import into Message Broker Trust Store

  1. Copy the file from <WAS_profile_home>/etc to your Message Broker environment.
  2. On the Message Broker server, start ikeyman, open the Trust Store, and select Signer Certificates:
  3. Click OK to install your certificate from IBM BPM:

    You should see the certificate installed into the Trust Store:

Install Message Broker certificate on IBM BPM server

You need to do install the certificate into two locations. The first supports execution of SSL services between IBM BPM and Message Broker, and the second supports discovery of SSL services on Message Broker by IBM BPM Process Designer.

Install certificate into WebSphere Application Server Trust Store

  1. Log into the WebSphere Application Server admin console.
  2. Select Security => SSL Certificate and Key Management => Key Stores and Certificates => nodeDefaultTrustStore => Signer Certificates.
  3. Click Retrieve from Port:
  4. Select the hostname and SSL port of Message Broker and click Retrieve Signer Information:
  5. Click OK and then save to the master configuration.

Install the certificate into the WebSphere Application Server JRE Certificate Store

This step is required to support service discovery from IBM BPM Process Designer:

  1. Start ikeyman in <WAS_home>/java/jre/bin.
  2. Open the “cacerts” file in <WAS_home>/java/jre/lib/security:

    Unless it has been changed, the password will be changeit.

  3. You will see a large number of the standard certificate and security providers listed:
  4. Add into the store both the Message Broker self-signed certificate and the IBM BPM signer certificate that you extracted earlier.
  5. Close ikeyman and restart your IBM BPM server. Your environment should now support SSL between IBM BPM and Message Broker!

Top-down integration using web services

To be done:

  • Method 1: Start simply with business objects (BOs):
    • Define BOs.
    • Export BOs to Message Broker.
    • Define interface.
    • Create service.
    • Deploy service.
    • Discover service in PD.
    • Test integration.
  • Method 2: Additionally define a web service:
    • Define the BOs.
    • Define the IBM BPM web service.
    • Export WSDL to Message Broker.
    • Create service.
    • Deploy service.
    • Discover service in PD.
    • Test integration.
  • Redefine BOs
    • Make a change to an existing BO used in a service.
    • Export BOs to Message Broker.
    • Modify service.
    • Deploy service.
    • Discover service in PD.
    • Test integration.
  • Faults and errors
    • Define a fault on a service call.
    • Define BOs.
    • Export BOs to Message Broker.
    • Define interface.
    • Create service.
    • Deploy service.
    • Discover service in PD.
    • Test integration.

Bottom-up integration using web services

For these scenarios, assume that the services in question exist already and that the Process Author wishes to make use of them. There will be no requirement for the Process Author to define any of the business objects or service interfaces; they will simply be reusing the existing services.

Tips to make services easily consumable by IBM BPM

IBM Process Designer V8.0 has some limitations on WSDL and schema support that are described in the information centre:

In addition, IBM Process Designer has specific requirements for namespaces and namespace prefixes in XML Schemas when imported in bottom-up scenarios. To avoid these requirements you need to either ensure that your schemas are in the format required by IBM Process Designer, or if this is not possible, mediate between existing schemas and schemas created in the format required by IBM Process Designer and IBM BPM.

  1. Ensure that your schema has a global element using the type contained within the schema.
  2. Give the schema a prefix as well as a namespace on the General tab of the Schema Editor:
  3. On the Advanced tab, set the Prefix for Elements to Qualified:

This procedure matches the schemas and messages that are passed back from IBM BPM to Message Broker during service interactions.

Integrate an existing Message Broker service

In this section you integrate an existing Message Broker service exposed over HTTPS simply using the IBM Process Designer tools:

  1. Create a new integration service:
  2. Add a Web Service Integration to the diagram:
  3. Select the Implementation tab and enter the WSDL URI of the service. For example:
    https:<hostname>:<port>/<service>?wsdl
  4. Click Discover and then Discover again:
  5. Select the appropriate operation:
  6. Click Generate Types then Next:
  7. The types that are about to be generated are listed. Click Next:
  8. Click Finish to add the types to the project:
  9. Wire the service into the diagram:
  10. Add input and output variables for the service:
  11. Switch to the Data Mapping tab and add the variables:
  12. Test the service.

Integrate an existing service with defined faults

This procedure extends the previous scenario, and shows how to handle modelled SOAP faults produced by the Message Broker service:

  1. Add a private variable that is the same type thrown by your Message Broker service (this type will have already been imported when you discovered the service previously):
  2. Catch the fault from the service invocation. Select an Error Intermediate Event from the palette:
  3. Attach the event directly to the web service component on the diagram:
  4. On the Implementation tab, select Catch All Errors:
  5. Select an Error End Event and add it to the diagram:
  6. Wire the end event to the intermediate event:
  7. Select the Implementation tab of the error end event.
  8. Give the error code a name, which can then be used in BPDs to handle the error.
  9. Add the BCMFault private variable to the Error Mapping:
  10. Test the service.

Integrate an existing service with endpoint stored in WebSphere Service Registry and Repository (WSRR)

Next, integrate the same service as previously, but this time with the existing Message Broker service endpoint stored in WSRR. Use IBM Process Designer to discover the service in WSRR.

Configure IBM Process Designer to access services in WSRR

First, ensure that IBM Process Designer can communicate with WSRR, using the same steps as allowing IBM Process Designer to discover Message Broker services:

  1. Export the WSRR root certificate as shown in Export IBM BPM certificate above.
  2. Install the exported certificate into the WebSphere Application Server JVM Certificate Store, as shown in Install the certificate into the WebSphere Application Server JRE Certificate Store above.
  3. Restart the IBM BPM server.

Discover existing services in WSRR

You will need to have an existing service loaded into WSRR.

  1. Open Process Designer and create a new integration service:
  2. Drag a web service integration onto the diagram:
  3. Go to the Implementation tab and click Browse:
  4. Choose WSRR as the Registry Type and enter the URL, username, and password to connect to WSRR. Click Next:
    https://<hostname>:<port>/WSRR/<version>/

    The trailing “/” is required.

  5. Click on Search services to find existing services stored within WSRR:
  6. Select the service you require and click Next:
  7. A detailed view of the service being imported is displayed. Click Finish:
  8. Service details in the Implementation tab is displayed. Select the operation that you require:
  9. Click Generate Types and then click Next:
  10. After the generation has completed, click Next:
  11. Click Finish to complete the generation and add the types to the project:
  12. Create input and output variables for the service invocation as required:
  13. Map the variables to the input and output of the service:
  14. Wire the service into the diagram and test the service:

Resources

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into WebSphere on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=WebSphere
ArticleID=860392
ArticleTitle=Integrating WebSphere Message Broker with IBM Business Process Manager
publish-date=03062013