Integrating WebSphere Commerce V7 with external systems using WebSphere Message Broker V7 and Web services

This tutorial describes how to integrate WebSphere® Commerce V7 with external systems using WebSphere Message Broker and Web services. It also discusses how to secure Web services using certificates generated by a Certificate Authority (CA).

Share:

Samanvitha Kumar (samanvitha.kumar@in.ibm.com), Staff Software Developer, IBM

Photo of the author, Samanvitha KumarSamanvitha Kumar is an IBM Accredited IT Specialist and works as a Staff Software Engineer at the IBM Software Lab, India. She is currently part of the WebSphere Commerce Development Team and is an IBM developerWorks Contributing Author, having published multiple articles on the developerWorks WebSphere site.


developerWorks Contributing author
        level

Chetan Mehta (chet.mehta@au1.ibm.com), Software Consultant, IBM

Author photo of Chetan MehtaChetan Mehta is a Senior Enterprise Application Integration Consultant at IBM Global Business Services, Australia. He has 5 years of experience in designing and implementing integration solutions using various products in WebSphere suite, focusing on WebSphere Message Broker and message queues.



14 April 2010

Also available in

Before you start

This tutorial provides instructions to integrate WebSphere Commerce V7.0 with external systems using WebSphere Message Broker V7.0 (hereafter called Message Broker). This will showcase an external inventory check scenario where WebSphere Commerce needs to contact an external system to fetch the inventory details of a product. We will deal with Web services based integration where Message Broker acts both as the middleware and as a Web service provider (used to simulate a third party inventory system), while WebSphere Commerce acts as the service consumer. Securing the Web services using certificates generated by a Certificate Authority (CA) will also be discussed.

Objectives

Learn how to:

  • Use a sample inventory check scenario to showcase the Web services based integration between WebSphere Commerce and Message Broker.
  • Configure WebSphere Commerce to talk to an external system.
  • Use Message Broker as the middleware platform to integrate applications and perform data transformations.
  • Configure Message Broker as a Web service provider, which will be consumed by WebSphere Commerce to request for inventory information.
  • Configure WebSphere Commerce and Message Broker to secure the Web service request and response.
  • Use XCA (graphical tool used to create and manage X.509 certificates) and the IBM Key Management tool to create and manage certificates.

Prerequisites

You need to be familiar with WebSphere Commerce, WebSphere Message Broker, and Web services.

System requirements

To implement the tasks listed in this tutorial, you need WebSphere Message Broker V7.0, WebSphere Commerce V7.0, XCA and IBM Key Management Tool. You will use the WebSphere Message Broker Toolkit V7.0 to build the Web service provider.

Duration

4 hours

Download file

The provided Utils.zip file contains functions that parse the data coming from WebSphere Commerce and converts them into a format that is understandable by WebSphere Message Broker.


Introduction

WebSphere Commerce provides a powerful customer interaction platform that results in a robust platform for cross channel selling. It provides rich, out-of-the-box capabilities for catalog and content management, member management, contracts and entitlements, negotiations, order management, and so on, which help an enterprise set up an online presence. In some cases, enterprises choose to use a subset of its capabilities and use an external inventory or order management systems based on their needs. In such cases, it is necessary to integrate WebSphere Commerce with external applications and using a middleware product is the best approach.

WebSphere Message Broker is a powerful Enterprise Service Bus (ESB) with extensive connectivity and message handling capabilities. It helps in simplifying, enabling fast and flexible application integration with reduced cost by eliminating complex, point-to-point connectivity. It also simplifies integration with intelligent routing, pre-built mediation and transformation, regardless of the platform, network, or device.

This tutorial discusses the methodology that will integrate WebSphere Commerce with external systems using Message Broker. It discusses Web services based integration along with the steps required to secure these services using certificates generated by a CA.


Configuration

This section covers all the tasks that need to be executed to configure WebSphere Commerce before you start building the application.

Configuring WebSphere Commerce to make external calls

  1. Start the WebSphere Commerce server.
  2. Open the Administration Console. For example:
    https://localhost:8002/webapp/wcs/admin/servlet/ToolsLogon?XMLFile=
     adminconsole.AdminConsoleLogon
  3. On the Site/Store Selection page, select Store. Choose the Store Name and click OK.
  4. Select Configuration > Transports.
  5. Click on Add.
  6. Select WebServices (HTTP).
  7. Click Add. The new transport is created as shown in Figure 1.
    Figure 1. Create the WebServices Transport in WebSphere Commerce
    Create the WebServices Transport in WebSphere Commerce
  8. Select Configuration > Message Types.
  9. Click New and provide the following values as shown in Figure 2.
    • Message type: Message for the external inventory system
    • Transport: WebServices (HTTP)
    • Device format: Webservices
    Figure 2. Create the Message Type
    Create the Message Type
  10. Click Next and provide the URL value of the external endpoint as shown in Figure 3. This is the URL of the InventoryService Web service that is hosted on Message Broker. In this tutorial, the URL is set to http://9.185.118.124:7845/webapp/wcs/component/inventory/services/InventoryServices. Refer to Implementing the Get Inventory Availability scenario in WebSphere Message Broker for details about hosting the Web service.
    Figure 3. Provide the end point URL
    Provide the end point URL

Configuring the WebSphere Commerce database

By default, WebSphere Commerce stores the inventory details of a product in its own database. To configure WebSphere Commerce to send an external request to fetch the inventory details, you need to modify some of its tables as shown below:

  1. Connect to the WebSphere Commerce database using one of the following methods:
    • Runtime version: Use a database client to connect to the WebSphere Commerce database.
    • WebSphere Commerce Toolkit: Navigate to the following URL: http://localhost/webapp/wcs/admin/servlet/db.jsp.
  2. Execute the following SQL statements to configure WebSphere Commerce:
    UPDATE STORE SET INVENTORYSYSTEM=-5 WHERE STORE_ID = ‘11011’

    The value of STORE_ID is the store identifier of the store on which you want to enable external inventory processing:

    INSERT INTO INVCNF(invcnf_id,identifier, flags,cachepriority) 
     values(10001,'External Inventory Config',4,0) ;

The field flags is a bit field used to specify the following inventory configuration options:

  • 1: Cache inventory availability in a WebSphere distributed object cache.
  • 2: Cache inventory availability in the WebSphere Commerce database.
  • 4: Retrieve inventory availability from the DOM by making an outbound GetInventoryAvailability service request when the information is not cached locally, or when the cached information is no longer valid.
  • 8: Decrement the cached inventory availability records when an order or shopping cart is submitted for processing.
  • 16: Update the cached inventory availability records as the information is retrieved from the DOM.

By setting the value of flag to 4, you are configuring WebSphere Commerce to send a request to fetch inventory:

INSERT into INVCNFREL(invcnfrel_id,invcnf_id,store_id) 
 values (10002,10001, 11011’);

The value of invcnf_id is the same as the newly created entry in INVCNF, and the value of store_id is the store identifier of the store on which you want enable external inventory processing.


Implementing the Get Inventory Availability scenario in WebSphere Message Broker

The WebSphere Commerce admin console is configured to send the GetInventoryAvailability request to a Web service end point, as shown in Configuring WebSphere Commerce to make external calls. This task shows how the Web service can be hosted on Message Broker, by using the InventoryServices.wsdl provided by WebSphere Commerce.

WebSphere Message Broker V6.1 and V7.0 natively support Web services to include:

  • SOAP nodes for native support of Web services.
  • Message flows that can act as a Web service consumer or provider.
  • SOAP domain and parser for support of model-driven parsing of messages.
  • Web services extensions, including WS-Addressing and WS-Security.

In this example, Message Broker acts as a Web service provider and uses WebSphere Commerce foundation Jar files to parse the Web service request. As these Jar files require JDK V6, Message Broker V7.0 has been selected over Message Broker V6.1.

Creating the WebSphere Message Broker message flow

Creating the Message Set and importing service specification

  1. Open the Message Broker Toolkit and switch to the Broker Application Development perspective.
  2. Create a new Message Set (a message set defines the structure and format into which a message can be parsed) by choosing File > New > Message Set.
  3. Enter MS_GetInventory as the message set and message set project name and select Next.
  4. Select the default message type as Web Services SOAP and select Finish.
  5. Create a folder named import in the MS_GetInventory message set project by selecting the message set project and choosing File > New > Other > Folder option.
  6. Import the WebSphere Commerce wsdl and xsd files by choosing File > Import > File System. The location of these files in WebSphere Commerce are:
    1. Runtime instance: WC_eardir/WebServicesRouter.war/WebContent/component-services
    2. Toolkit instance: WCDE_installdir/workspace/WebServicesRouter/WebContent/component-services
  7. Select the component-services folder as the source and import folder as the destination as shown in Figure 4. This will import a copy of all the WSDL and XSD files into the import folder.
    Figure 4. Import WSDL and XSD into the message set
    Import WSDL and XSD into the message set
  8. The next task is to create a deployable WSDL for the SOAP nodes. Select the InventoryServices.wsdl file from import > wsdl folder. Right-click the file and select New > Message Definition File From > WSDL file and choose the default selections as shown in Figure 5.
    Figure 5. Create deployable WSDL for SOAP nodes
    Create deployable WSDL for SOAP nodes

This will create a deployable WSDL file and the required message definitions files using the xsd files.

Creating a message flow using the WSDL

  1. Create a new message flow project and name it as MFP_GetInventory. Ensure that the MS_GetInventory message set project is selected as the referenced project.
  2. Create a new message flow named MF_GetInventory in the newly created message flow project. This will open the empty message flow in the message flow editor.
  3. The Message Broker Toolkit automatically creates a template for the Web service using the WSDL file. To do this, select the InventoryServices wsdl file from the deployable WSDL folder of the MS_GetInventory message set project. Drag and drop the InventoryServices.wsdl file into the message flow in the message flow editor as shown in Figure 6.
    Figure 6. Creating a Web service template from WSDL
    Creating a Web service template from WSDL
  4. Dragging the WSDL into the message flow will open up the editor to configure the Web service. In the Web service usage section, select Expose message flow as web service and in the Binding Operation section, ensure that only the GetInventoryAvailability operation is selected as shown in Figure 7. This is the operation that is invoked by WebSphere Commerce to fetch the inventory details of a product.
    Figure 7. Configuring operations to import from WSDL
    Configuring operations to import from WSDL
  5. Select Next and select SOAP Nodes as the node type. Click Finish to create the Web service provider template in the message flow as shown in Figure 8.
    Figure 8. Web Service Provider message flow template
    Web Service Provider message flow template
  6. The created Web Service Provider template contains a subflow, which extracts the SOAP header from the Web Service Request message and stores it in the message’s local environment. This envelope will need to be used for sending the Web service response back to WebSphere Commerce. It is the URL of this service that is configured in WebSphere Commerce, as shown in Configuring WebSphere Commerce to make external calls.

Completing the message flow

For the purpose of this tutorial, Message Broker is used to simulate an external inventory system. In actual implementations, you can use other nodes available in Message Broker to integrate with systems such as SAP®, Siebel®, and so on to fetch the inventory information.

In the current implementation, the message flow parses the WebSphere Commerce request (using WebSphere Commerce parsing functions), invokes a function with the retrieved parameters, and creates a Web service response using the retrieved information and SOAP headers from the Web Service Request message. The implementation is shown in Figure 9.

Figure 9. GetInventory Web Service Provider message flow
GetInventory Web Service Provider message flow
  1. Parsing the WebSphere Commerce expression: WebSphere Commerce exchanges data in the form of OAGIS BOD messages. Hence, you see that the request message for the fetch inventory scenario also adheres to this format. Therefore, you need some utility classes to extract the request data from the message and will use the Foundation-Core.jar and Foundation-Server.jar provided by WebSphere Commerce.

    You can obtain the Foundation-Core.jar and Foundation-Server.jar from the following location in WebSphere Commerce:

    • Runtime: WC_eardir
    • Toolkit: <WC Toolkit installation directory>/workspace/ WC

    WebSphere Commerce uses XPath expressions to send the query in the Web service request. You can parse this XPath expression within Message Broker using the SelectionCriteria class, which is provided in the foundation Jar files. In this example, the JavaCompute node named Parse WC Msg & Create Req and a custom Java™ class (to use an object of SelectionCriteria class) have been used to extract the PartNumber and NameIdentifier from the request. The PartNumber and the NameIdentifier parameters are required to fetch the inventory information of a product. Listing 1 and Listing 2 show the input and output messages of the Java compute code.

    Listing 1. Input messages of parse WebSphere Commerce Msg & Create Req node
    <oa:Expression expressionLanguage="_wcf:XPath"> {_wcf.ap=IBM_Store_Details}/
    InventoryAvailability [InventoryAvailabilityIdentifier/ExternalIdentifier 
    [CatalogEntryIdentifier/ExternalIdentifier
    [(PartNumber=&apos;R-T019&apos;)] and OnlineStoreIdentifier/
     ExternalIdentifier
    [(NameIdentifier=&apos;Madisons&apos;)]]]</oa:Expression>
    Listing 2. Output messages of parse WebSphere Commerce Msg & Create Req node
    <oa:Expression expressionLanguage="accessProfile"> IBM_Store_Details
    </oa:Expression>
     <oa:Expression expressionLanguage="XPath">
    	/InventoryAvailability[InventoryAvailabilityIdentifier/ExternalIdentifier
    [CatalogEntryIdentifier/ExternalIdentifier[(PartNumber=)] and 
     OnlineStoreIdentifier/ExternalIdentifier[(NameIdentifier=)]]]
    </oa:Expression>
    <oa:Expression expressionLanguage="PartNumber~NameIdentifier">
     R-T019~Madisons
     </oa:Expression>

For the custom Java class, use the Utils.zip file provided with the tutorial and call the following static method, parseExp(String reqdParameter, MbElement expressionElement provided in Utils.java.

Listing 3. Calling custom Java method from JavaCompute node
MbElement msgBodyRoot = outAssembly.getMessage().getRootElement().getLastChild();

MbElement expElement = msgBodyRoot.getLastChild().getFirstElementByPath("DataArea")
.getFirstElementByPath("Get").getFirstElementByPath("Expression");

Utils.parseExp("PartNumber",expElement)

This parseExp method parses the value of the expression element, which is the xpath expression using the parameter (for example, PartNumber) and updates the expression tree in the output message to the required format. The parseExp method invokes the SelectionCriteria class using the provided xpathExpression and the parameter string (PartNumber), which returns the list of the parsed xpath expression. The parseExp method then uses the expression (reference to the expression attribute from the message) to provide a modified list within the message as shown in Listing 1.

  1. Creating the Web service response: The Create WS Response is the node that is used to simulate an external inventory system. Since integration with an external system is out of scope of this tutorial, this compute node invokes a custom function or module to retrieve the inventory information for the Part Number and the Name Identifier provided. The amount or quantity returned is used to determine if the specified part if available or not (the status is said to be “Available” if quantity is greater than 0) and a Web Service Response is then created with this data.
  2. Correlating Web service response to a Web service request: When the SOAP Input node receives a Web service request, it creates a Reply Identifier in the message’s local environment to correlate a response with the Web service request. The SOAP Reply uses this Reply Identifier to send the Web service reply back to the requesting system. To allow the response to be correlated to the right request, ensure that the local environment is propagated through the message flow. For example, if any compute nodes are used in the message flow, then ensure that the Compute Mode does not contain “Local Environment”.
  3. Using WS-Addressing for response (optional): In case the Web service response needs to be sent to a system other than the one which sent the request, you can use WS-Addressing.

Deploying the WebSphere Message Broker code

To deploy the Message Broker code, a broker archive file needs to be created and deployed in message broker.

  1. Create a bar file with the message flow - MF_GetInventory, message set - MS_GetInventory and the associated Java projects (including ParsingUtility).
  2. Open the Brokers view in the WebSphere Message Broker Toolkit by selecting Window > Show View > Brokers. In the Brokers view, start the Broker instance. Once started, right-click the created bar file and select Deploy. In the Deploy dialog, select the Broker instance and click Finish to deploy the bar file o the Broker.

Testing the application

In this section, you will learn how to test the application that you have built. First, open the store and browse to the product details page. You will then see the inventory details of a product displayed on this page. The Message Broker Web service provider implementation is invoked in the background by WebSphere Commerce and this sends back the inventory details.

  1. Open a browser and point to the store, which has been configured to make an external request for inventory. For example, for this tutorial, we have enabled the Madisons store and hence use the following URL: http://localhost/webapp/wcs/stores/servlet/Madisons/index.jsp.
  2. Browse to any category and click on any product whose details you wish to view. You will see that the inventory details are displayed as shown in Figure 10. The availability message displayed here is "In-stock" as the quantity returned by Message Broker is greater than 0.
    Figure 10. Inventory availability of a product
    Inventory availability of a product
  3. What happens in the background is that WebSphere Commerce sends the GetInventoryAvailability request to the endpoint configured in Configuring WebSphere Commerce to make external calls. The request data is shown in Listing 4.
    Listing 4. The GetInventoryAvailability request sent by WebSphere Commerce
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
     xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" 
     xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <soapenv:Header>
          <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/
           oasis-200401-wss-wssecurity-secext-1.0.xsd">
             <wsse:UsernameToken>
                <wsse:Username/>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/
                 oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
             </wsse:UsernameToken>
          </wsse:Security>
       </soapenv:Header>
       <soapenv:Body>
          <_inv:GetInventoryAvailability releaseID="9.0" versionID="7.0.0.0" 
           xmlns:_inv="http://www.ibm.com/xmlns/prod/commerce/9/inventory" 
           xmlns:_wcf="http://www.ibm.com/xmlns/prod/commerce/9/foundation" 
           xmlns:oa="http://www.openapplications.org/oagis/9" 
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <oa:ApplicationArea xsi:type="_wcf:ApplicationAreaType">
        <oa:CreationDateTime>2010-03-04T06:30:36.343Z</oa:CreationDateTime>
        <oa:BODID>7130b621-2757-11df-81df-842c4b8f485d</oa:BODID>
        <_wcf:BusinessContext/>
      </oa:ApplicationArea>
      <_inv:DataArea>
        <oa:Get>
          <oa:Expression expressionLanguage="_wcf:XPath">
           {_wcf.ap=IBM_Store_Details}/InventoryAvailability
           [InventoryAvailabilityIdentifier/ExternalIdentifier
           [CatalogEntryIdentifier/ExternalIdentifier
           [(PartNumber=&apos;FUCO-0201&apos;)] and 
           OnlineStoreIdentifier/ExternalIdentifier
           [(NameIdentifier=&apos;Madisons&apos;)]]]</oa:Expression>
        </oa:Get>
      </_inv:DataArea>
    </_inv:GetInventoryAvailability>
       </soapenv:Body>
    </soapenv:Envelope>
  4. This data is processed by the mediation flow, which simulates an external inventory system and returns the inventory details. The response sent to WebSphere Commerce is shown in Listing 5.
Listing 5. The ShowInventoryAvailability response sent by WebSphere Message Broker
<?xml version="1.0" encoding="ibm-437"?>
   <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
      <soapenv:Body>
         <NS1:ShowInventoryAvailability xmlns:NS1="http://www.ibm.com/xmlns/prod/
          commerce/9/inventory">
            <NS2:ApplicationArea xmlns:NS2="http://www.openapplications.org/oagis/9">
               <NS2:CreationDateTime>2010-03-04T17:30:39.027819</
                NS2:CreationDateTime>
            </NS2:ApplicationArea>
            <NS1:DataArea>
               <NS3:Show xmlns:NS3="http://www.openapplications.org/oagis/9">
                </NS3:Show>
               <NS1:InventoryAvailability>
                  <NS1:InventoryAvailabilityIdentifier>
                     <NS4:ExternalIdentifier xmlns:NS4="http://www.ibm.com/xmlns/prod
                      /commerce/9/foundation">
                        <NS4:CatalogEntryIdentifier>
                           <NS4:ExternalIdentifier>
                              <NS4:PartNumber>FUCO-0201</NS4:PartNumber>
                              <NS4:StoreIdentifier>
                                 <NS4:ExternalIdentifier>
                                    <NS4:NameIdentifier>Madisons</
                                     NS4:NameIdentifier>
                                 </NS4:ExternalIdentifier>
                              </NS4:StoreIdentifier>
                           </NS4:ExternalIdentifier>
                        </NS4:CatalogEntryIdentifier>
                     </NS4:ExternalIdentifier>
                  </NS1:InventoryAvailabilityIdentifier>
                  <NS1:InventoryStatus>Available</
                   NS1:InventoryStatus>
                  <NS1:AvailableQuantity uom="C62">99999</
                   NS1:AvailableQuantity>
               </NS1:InventoryAvailability>
            </NS1:DataArea>
         </NS1:ShowInventoryAvailability>
      </soapenv:Body>
   </soapenv:Envelope>

You have now successfully tested the end-to-end scenario that was built using Message Broker, WebSphere Commerce, and Web services. The next section describes how to secure the Web services, based on the business need. If you are not concerned about Web service security, you can safely skip that section.


Configuring certificates in WebSphere Commerce and WebSphere Message Broker to secure the Web service

The basic Web service security can be provided by securing the transport layer, for example, by enabling HTTPS with client authentication. For this, both the Web service consumer and the provider, such as WebSphere Commerce and Message Broker, have to be configured to use certificates and enable HTTPS. There are two methods of creating certificates:

  • Create self-signed certificates for both WebSphere Commerce and Message Broker. To enable authentication, the public keys for each of the system will need to be added as a signer key in the other system.
  • Use a CA to sign certificates for WebSphere Commerce and Message Broker.

The following section describes how to use XCA (graphical tool used to create and manage X.509 certificates) and IBM Key Management tool to create a CA certificates for Message Broker and WebSphere Commerce.

Creating CA certificates

  1. Open the XCA tool and create a new certificate database by selecting File > New Database and giving an appropriate filename, such as TestCerts.xdb.
  2. When prompted, provide a password that will be used to open the certificate database.
  3. Once the database has been created, under the Certificates tab, select New Certificate.
  4. In the new window for the certificate, ensure CA is selected from drop down list in the template section and the signature algorithm is set to SHA1. Click Apply to set the certificate and algorithm type.
  5. Under the Subject tab, give the internal name (label) for the certificate, such as TEST_CA, and then enter the distinguished name for the certificate in the reverse order using the drop down list as shown in Figure 11. The sample data is given below:
    • countryName = AU (2 letter country code)
    • organisationName = IBM (optional)
    • organisationUniteName = DW (optional)
    • commonName = TEST_CA (mandatory)
    Figure 11. Setting the DN for the CA certificate
    Setting the DN for the CA certificate
  6. Next, click Generate a new key and give the name for the key (CA_KEY) and press OK. This will generate a CA certificate.
  7. To extract the public key of the CA certificate, go back to the main screen. Under the Certificates tab, select the newly created CA certificate and select Export option from the right side of the panel, as shown in Figure 12.
    Figure 12. Exporting the certificate
    Exporting the certificate
  8. Change the Export Format to PEM and set the file name as TEST_CA.crt.

Creating certificates for WebSphere Message Broker

The following section describes how to create a keystore and a truststore file to configure in Message Broker. The keystore contains the private key and the truststore will contain the public key for the CA certificate.

  1. Open the certificate database in XCA, if it is not already open.
  2. Under the Certificates tab, select the CA certificate (such as TEST_CA), and then select the New Certificate option from the right side of the panel.
  3. Under the Source tab, change the Template for the new certificate to HTTPS_server and Signature Algorithm to SHA1. Click Apply to apply the changes to the certificate.
  4. Under the Subject tab, provide the internal name (label) and the Distinguished Name for the Message Broker certificate. The sample data is shown below:
    • countryName = AU (2 letter country code)
    • organisationName = IBM (optional)
    • organisationUniteName = DW (optional)
    • commonName = WMB (mandatory)
  5. Generate a new key for the Message Broker certificate and click OK to create a CA signed Message Broker certificate.
  6. To extract the public key of the Message Broker certificate, go back to the main screen. Under the Certificates tab, select the newly created Message Broker certificate and select export option from the right side of the panel.
  7. Change the Export Format to PKCS #12 and set the file name, such as wmb.p12.

To create the Java Key Stores for use in Message Broker, refer to the following steps:

  1. Open the IBM Key Management tool.
  2. Create a new certificate by selecting New from Key Database File menu.
  3. Change the key database type to jks.
  4. Change the location to the required folder and name the file as keystore.jks.
  5. When prompted, enter the password for the keystore.
  6. Under the key database content, select Signer Certificates from the drop down menu, click Add from the right menu; click on Browse and change file of types to all files. Browse to the folder, which contains the CA certificate and select it (such as TEST_CA.crt).
  7. Press OK to add the CA certificate as a signer certificate in the keystore.
  8. Under the key database content, select Personal Certificates, click import, change key file type to PKCS12, browse and select the wmb.p12 file to import it.
  9. Close the certificate from Key Database File menu to save and close the keystore.

To create the trust store, follow the above process (Steps 1 to 7) with the file name as truststore.jks.

Creating a certificate for WebSphere Commerce

  1. Open the certificate database in XCA, if it is not already open.
  2. Under the Certificates tab, select the CA certificate (such as TEST_CA), and then select the New Certificate option from the right side of the panel.
  3. Under the Source tab, change the Template for the new certificate to HTTPS_client and Signature Algorithm to SHA1. Click Apply to apply the changes to the certificate.
  4. Under the Subject tab, provide the internal name (label) and the Distinguished Name for the WebSphere Commerce certificate. The sample data is shown below:
    • countryName = IN (2 letter country code)
    • organisationName = IBM (optional)
    • organisationUniteName = DW (optional)
    • commonName = WC (mandatory)
  5. Generate a new key for the WebSphere Commerce certificate and click OK to create a CA signed WebSphere Commerce certificate.
  6. To extract the public key of the WebSphere Commerce certificate, go back to the main screen. Under the Certificates tab, select the newly created WebSphere Commerce certificate and select Export option from the right side of the panel.
  7. Change the Export Format to PKCS #12 and set the file name, such as wc.p12.

You have now successfully created the certificates for both Message Broker and WebSphere Commerce, as shown in Figure 13. You can now import the files wc.p12 and Test_CA.crt into the keystore and truststore of WebSphere Commerce.

Figure 13. Certificates created in XCA
Certificates created in XCA

Configuring certificates in WebSphere Commerce

After having generated the certificates using the CA, import these files into the keystore and truststore in WebSphere Commerce. Since WebSphere Commerce runs on WebSphere Application Server (hereafter called Application Server), we will make use of the keystore and truststore in Application Server to achieve secure communication. Application Server uses Java Secure Sockets Extension (JSSE) as the Secure Sockets Layer (SSL) implementation for secure connections.

When an Application Server process starts for the first time, the SSL runtime initializes the default keystores and truststores that are specified in the SSL configuration. Application Server creates the key.p12 default keystore file and the trust.p12 default truststore file during profile creation. The default key and trust stores are stored in the node directory of the configuration repository. In the case of WebSphere Commerce, these files are located at <Toolkit Install Directory>\wasprofile\config\cells\localhost\nodes\localhost.

Importing the personal certificate into the WebSphere Commerce keystore

  1. Start the WebSphere Commerce server.
  2. Open the Application Server Administration Console (http://localhost:9060/ibm/console).
  3. Select Security > SSL certificate and key management > Key stores and certificates. This displays the keystore and truststore present in Application Server, as shown in Figure 14.
    Figure 14. The keystore and truststore in WebSphere Application Server
    The keystore and truststore in WebSphere Application Server
  4. Select NodeDefaultKeyStore and choose Personal Certificates. Click the Import button to import the certificate you received from the CA.
  5. Choose Key store file option and provide the path of the file exported using XCA (for example, C:\Temp\wc.p12). Provide the key file password and click Get Key File Aliases. This displays the certificates in the key store file. Choose the appropriate one and provide a name for the Imported certificate alias. Click Apply as shown in Figure 15.
    Figure 15. Importing the certificate
    Importing the certificate
  6. Click Save to save the changes to the master configuration.
  7. The list of personal certificates is displayed as shown in Figure 16.
    Figure 16. List of personal certificates in the keystore
    16. List of personal certificates in the keystore
  8. Click the newly imported certificate to view its details as shown in Figure 17.
    Figure 17. Details of the newly imported personal certificate
    Details of the newly imported personal certificate

Importing the signer certificate into the WebSphere Commerce truststore

  1. Select NodeDefaultTrustStore and choose Signer Certificates. Click the Add button to import the certificate you received from the CA.
  2. Provide the Alias (such as Test_CA) for the new signer certificate and the location of the file that you received from the CA (the Test_CA.crt file). Click Apply as shown in Figure 18.
    Figure 18. Newly imported signer certificate
    Newly imported signer certificate
  3. Figure 19 displays the details of the signer certificate. Click Save.
    Figure 19. Details of the signer certificate
    Details of the signer certificate
  4. The list of signer certificates present in the truststore are displayed, as shown in Figure 20.
    Figure 20. List of signer certificates in the truststore
    List of signer certificates in the truststore
  5. Restart the WebSphere Commerce server for these changes to be picked up.

Configuring certificates in WebSphere Message Broker

To enable the Web service to use HTTPS, the provider message flow needs to be modified to enable HTTPS and the broker or execution group needs to be configured to use the keystore and the truststore files for HTTPS connection.

Although you can configure the certificates at either the broker or execution group level, setting the certificates at the execution group level enables Web services running in different execution groups to use different authenticating certificates. You can use the following commands to configure the certificates:

  1. Configuring the execution group to use the keystore:
    mqsichangeproperties <broker> -e <eg_name> -o ComIbmJVMManager 
     -n keystoreType -v JKS
    
    mqsichangeproperties <broker> -e <eg_name> -o ComIbmJVMManager 
     -n keystoreFile -v <absolute path and keystore file name eg C:\keystore.jks>
    
    mqsichangeproperties <broker> -e <eg_name> -o ComIbmJVMManager 
     -n keystorePass -v <mb_keystore_password>
  2. Configuring truststore on broker:
    mqsichangeproperties <broker> -e <eg_name> -o 
     ComIbmJVMManager -n truststoreFile -v <absolute path and truststore file name>
    
    mqsichangeproperties <broker> -e <eg_name> -o 
     ComIbmJVMManager -n truststoreType -v JKS
    
    mqsichangeproperties <broker> -e <eg_name> -o 
     ComIbmJVMManager -n truststorePass -v <mb_truststore_password>
  3. Explicitly define the HTTPS port the execution group. Note: This port number will need to be defined in WebSphere Commerce to invoke the Web service.
    mqsichangeproperties <broker> -e <eg_name> -o 
     HTTPSConnector -n explicitlySetPortNumber -v <port eg 7845>
    
    mqsichangeproperties <broker> -e <eg_name> -o 
     HTTPSConnector -n sslProtocol -v SSL
  4. Enable the client authentication:
    mqsichangeproperties <broker> -e <eg_name> -o 
     HTTPSConnector -n clientAuth -v true
  5. Confirm the properties set in the previous steps:
    mqsireportproperties <broker> -e <eg_name> -o 
     HTTPSConnector –r
    mqsireportproperties <broker> -e <eg_name>  -o 
     ComIbmJVMManager -r

Enabling HTTPS in the Web service provider message flow

You can enable the Web service to use HTTPS by enabling HTTPS on the SOAP Input node in the message flow.

  1. Open the message flow in the Broker Application Development perspective.
  2. Select SOAP Input node and in the properties panel, open the HTTP Transport tab.
  3. Check the Use HTTPS property of the node as shown in Figure 21.
    Figure 21. Enabling HTTPS in the message flow
    Enabling HTTPS in the message flow
  4. Save the message flow, rebuild the broker archive, and deploy it to the execution group that has been enabled for HTTPS.

Configuring WebSphere Commerce to make HTTPS calls

Refer to Configuring WebSphere Commerce to make external calls and modify the endpoint URL to point to the new service, which now runs in secure mode.


Conclusion

This tutorial has shown how you can use WebSphere Message Broker to integrate WebSphere Commerce with external systems. It covered an external inventory check scenario that was built using Message Broker, WebSphere Commerce, and Web services. It also showed how you can secure the Web service using certificates generated by a CA.


Download

DescriptionNameSize
Utils.java fileUtils.zip3KB

Resources

Learn

Discuss

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into WebSphere on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=WebSphere, SOA and web services, Commerce
ArticleID=482073
ArticleTitle=Integrating WebSphere Commerce V7 with external systems using WebSphere Message Broker V7 and Web services
publish-date=04142010