CopyrightIBMCorporation2010TrademarksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page1of33ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Shenfu(Mike)FanAugust04,2010AWebSphereMessageBrokerapplicationcanparticipateinaWebservicesenvironmentasaservicerequester,serviceprovider,orboth.
WebServicesSecurity(WS-Security)isasetofenhancementstoSOAPmessagingthatprovidesuserauthorizationandauthentication,messageintegrity,andmessageconfidentiality.
ThisarticleshowsyouhowtoimplementWS-SecurityinmessageflowsusingtheMessageBrokerSOAPnodes.
IntroductionThisarticleshowsyoustep-by-stephowtoimplementWebServicesSecurity(WS-Security)inIBMWebSphereMessageBrokerV7(hereaftercalledMessageBroker).
YoucreateamessageflowasaWebserviceproviderbyusingtheMessageBrokerSOAPnodes,thenusethemessageflowtoconfigureWS-Securityforidentityauthentication,messagesigningandencryption.
ReviewofWebservicesandWS-SecurityAWebserviceisdefinedbytheWorldWideWebConsortium(W3C)asasoftwaresystemdesignedtosupportinteroperablemachine-to-machineinteractionoveranetwork.
AWebserviceisdescribedinXMLviaWebServiceDescriptionLanguage(WSDL),whichprovidesallofthedetailsneededtointeractwiththeWebservice,includingmessageformatsthatdetailtheoperations,transportprotocols,andlocation,withoutdetailsofhowtheserviceisimplemented.
AWebserviceconsumerusesSOAPmessagestointeractwiththeWebservice,typicallybyusingHTTPwithanXMLserializationinconjunctionwithotherWebstandards.
AMessageBrokerapplicationcanparticipateinaWebservicesenvironmentasaprovider,aconsumer,orboth.
Thefollowingpre-builtSOAPnodescanbeusedinamessageflow:NodesforWebserviceproviders:SOAPInputSOAPReplyNodesforWebserviceconsumers:SOAPRequestSOAPAsyncRequestdeveloperWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page2of33SOAPAsyncResponseWS-SecuritydescribesasetofenhancementstoSOAPmessagingtoprovidequalityofprotectionthroughmessageauthentication,integrity,andconfidentiality.
PolicysetsandpolicysetbindingsareusedtodefineandconfiguretheWS-Securityrequirements.
ApolicysetisacontainerfortheWS-Securitypolicytype.
Apolicysetbindingassociatedwithapolicysetcontainsinformationthatisspecifictotheenvironmentandplatform,suchasinformationaboutkeys.
MessageBrokerprovidesthefollowingfunctionstosupportWS-Security:IdentityauthenticationSendingsecuritytokensaspartofamessageMessageconfidentialityEncryptingthemessagecontenttopreventunauthorizeddisclosureMessageintegritySigningthemessagecontenttopreventunauthorizedandundetectedmodificationCreatingamessageflowbyusingtheMessageBrokerSOAPnodesInthisarticle,youcreateamessageflowasaWebserviceproviderbasedonaWSDLfilethatdescribestheemployeeinformationqueryservice.
ThismessageflowisusedtoconfigureWS-Securityforauthentication,signing,andencryptionusingthesecurityprofile,policyset,andpolicysetbinding.
1.
Tocreatethemessageflow,fromtheBrokerApplicationDevelopmentperspectiveoftheMessageBrokerToolkit,clickStartfromWSDLand/orXSDfiles:Figure1.
QuickstartfromaWSDLfile2.
OntheQuickStartdialog,providetheprojectandothernamesasshowninFigure2:ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page3of33Figure2.
Settingupthebasicresources3.
OntheResourceSelectiondialog,selectUseexternalresourcesandprovidetheWSDLfileEmployeeService.
wsdl,asshowninFigure3:Figure3.
SelectingaWSDLfiledeveloperWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page4of334.
OntheBindingSelectiondialog,theEmployeeServiceSOAPbindingshouldbecheckedbydefault.
ClickFinish.
ThemessageflowWS_Security_MFwithnoimplementationiscreated.
5.
DraganddropthefileEmployeeService.
wsdlintotheMessageFlowEditor:Figure4.
DraganddroptheWSDLfileintotheFlowEditor6.
OntheConfigureWebserviceusagedialog,keepallthedefaultsettings,asshowninFigure5.
ThemessageflowisbuiltastheWebserviceprovider:Figure5.
ExposingthemessageflowasWebserviceprovideribm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page5of337.
OntheFlowGenerationDetailsdialog,keepallthedefaultsettings.
MakesuretheSOAPnodetypeisselectedtobeusedintheflow.
ClickFinish.
Youshouldseethepartially-builtmessageflow,asshowninFigure6:Figure6.
Partiallybuiltmessageflow8.
AddaComputenodeandwirethenodestogether:Figure7.
AddingaComputenodetothemessageflow9.
ThefollowingESQLcodeiscreatedintheComputenode.
Forsimplicity,theWebserviceprovidesinformationonlyforemployeeid12345--informationforanyotheridisnotavailable.
DECLAREnsNAMESPACE'http://www.
mycompany.
com/EmployeeService';CREATECOMPUTEMODULEWS_Security_MF_ComputeCREATEFUNCTIONMain()RETURNSBOOLEANBEGINIFInputRoot.
XMLNSC.
ns:EmployeeInfoRequest.
id='12345'THENSETOutputRoot.
XMLNSC.
ns:EmployeeInfoResponse.
id=InputRoot.
XMLNSC.
ns:EmployeeInfoRequest.
id;SETOutputRoot.
XMLNSC.
ns:EmployeeInfoResponse.
ssn='88888888';SETOutputRoot.
XMLNSC.
ns:EmployeeInfoResponse.
employeeName.
firstName='John';SETOutputRoot.
XMLNSC.
ns:EmployeeInfoResponse.
employeeName.
lastName='Doe';SETOutputRoot.
XMLNSC.
ns:EmployeeInfoResponse.
address.
street='555CreekRoad';SETOutputRoot.
XMLNSC.
ns:EmployeeInfoResponse.
address.
city='NYC';SETOutputRoot.
XMLNSC.
ns:EmployeeInfoResponse.
address.
state='NY';SETOutputRoot.
XMLNSC.
ns:EmployeeInfoResponse.
address.
zipCode='54321';ELSESETOutputRoot.
XMLNSC.
ns:EmployeeInfoResponse.
status='Theid'||InputRoot.
XMLNSC.
ns:EmployeeInfoRequest.
id||'doesnotexist';ENDIF;RETURNTRUE;END;ENDMODULE;10.
CreateaBrokerArchive(BAR)filenamedWS_Security.
bartodeploythemessageflowonabrokerruntime.
Inthisexample,theexecutiongroupdefaultinthebrokerMB7BROKERisused.
developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page6of3311.
Runthemessageflow:invoketheWebserviceusingNetTool,adownloadableopen-sourcegraphicalutility.
YoushouldseethesuccessfulresponsesifthemessageflowisbuiltcorrectlyusingthetestmessagesinFigure8:Figure8.
InvokingtheWebserviceflowusingNetToolThetestmessageEmployeeInfoRequest.
xml:12345ConfiguringidentityauthenticationAnexternalsecurityproviderisrequiredfortheWebserviceidentityauthentication.
Asecurityprofileisusedtospecifywhetherauthentication,authorization,andidentitymappingandpropagationareperformedontheidentityofmessagesinthemessageflow,andifso,whichexternalsecurityproviderisused.
SettinguptheexternalsecurityproviderIBMTivoliDirectoryServer(LDAP)isusedastheexternalsecurityprovider.
TheLDAPserverhasbeensetupandisrunningonthelocalhost(WindowsXP)withport389.
ThegroupsanduserslistedinTable1areaddedintheLDAP.
ForinstructionsonhowtoaddtheseobjectsintheLDAP,ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page7of33seethedeveloperWorksarticleImplementingmessageflowsecurityinWebSphereMessageBrokerV7.
Table1.
EntitiescreatedintheLDAPUserDistinguishedName(DN)PasswordGroupwmbuser1cn=wmbuser1,ou=users,ou=wmbv7,o=ibm,c=ususer1pwcn=authorized,ou=users,ou=wmbv7,o=ibm,c=uswmbuser2cn=wmbuser2,ou=users,ou=wmbv7,o=ibm,c=ususer2pwwmbuser3cn=wmbuser3,ou=users,ou=wmbv7,o=ibm,c=ususer3pwcn=authorized,ou=users,ou=wmbv7,o=ibm,c=uswmbuser4cn=wmbuser4,ou=users,ou=wmbv7,o=ibm,c=ususer4pwwmbuser5cn=wmbuser5,ou=users,ou=wmbv7,o=ibm,c=ususer5pwcn=authorized,ou=users,ou=wmbv7,o=ibm,c=usCreatingasecurityprofileAsecurityprofileLDAP_SP1iscreatedwiththeinformationshowninTable2:Table2.
DetailsofthesecurityprofileLDAP_SP1FieldValueAuthenticationLDAPAuthorizationLDAPLDAPserverlocalhost:389IdentitymappingNoIdentitypropagationYesAuthenticationConfigou=users,o=wmbv7,ou=ibm,c=us(uid)AuthorizationConfigcn=authorized,ou=users,ou=wmbv7,o=ibm,c=us1.
OpentheMessageBrokerExplorer,right-clickMB7BROKER,andselectProperties:developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page8of33Figure9.
Openingthebrokerproperties2.
ClickSecurityandSecurityProfilesonthePropertieswindow,thenclickAddtocreateanewsecurityprofile.
ChangethenametoLDAP_SP1andprovidethevaluesbasedonTable2forthefields:ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page9of33Figure10.
CreatingtheLDAP_SP1securityprofileRunthefollowingcommandtocheckthedetailsofthesecurityprofileyoucreated:mqsireportpropertiesMB7BROKER-cSecurityProfiles-oLDAP_SP1-rSecurityProfilesLDAP_SP1authentication='LDAP'authenticationConfig='ldap://localhost:389/ou=users,ou=wmbv7,o=ibm,c=usuid'authorization='LDAP'authorizationConfig='ldap://localhost:389/cn=authorized,ou=users,ou=wmbv7,o=ibm,c=us'keyStore='keystore.
jks'mapping='NONE'mappingConfig=''passwordValue='PLAIN'propagation='TRUE'trustStore='Reservedforfutureuse'Usingthepre-builtpolicysetandbindingSincethemessageflowisaWebserviceapplicationimplementedbyusingthebrokerSOAPnodes,theauthenticationtokensaredefinedthroughanappropriatepolicysetandbinding.
Thepre-builtpolicysetandbindingWSS10Defaultisprovidedwhenabrokeriscreated.
AuserNameauthenticationtokenisdefinedinthepolicysetWSS10Default.
Youcanusethispolicysetandbindingpairforauthentication.
AnewpolicysetandpolicysetbindingarecreatedlaterformessagesigningandencryptionintheSectionCreatingapolicysetandbinding.
AssociatingtheWS-SecuritysettingswiththemessageflowThenextstepistoconfigurethesecurityprofile,policyset,andbindingatthemessageflowlevelusingtheBARFileEditor.
Ofcourse,youcanalsosetitattheSOAPnodelevel,whichoverridesthesecuritysettingatthemessageflowlevel.
developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page10of331.
OpentheBARfileWS-Security.
barintheMessageBrokerToolkit.
2.
ClickWebServiceSecurity_MF.
cmfontheManagetabandprovidethesecurityprofileLDAP_SP1andthedefaultpolicysetandbindingWSS10Default:Figure11.
Associatingsecuritysettingswiththemessageflow3.
SavetheBARfileanddeployitintotheexecutiongroupdefaultofthebrokerMB7BROKER.
Thedeploymentprocessverifiestheassociatedsecurityprofile,policyset,andpolicysetbinding.
Ifanyerrorsoccur--suchaspolicysetnamenotfoundorkeystoresettingnotcorrect--thedeploymentprocessfails.
Runteststoevaluateauthentication1.
Beforetesting,makesurethattheIBMDirectoryServer(LDAP)isrunning.
2.
AddtheWS-SecurityheaderintheinputtestmessageandensurethatthecorrectuserIDandpasswordareused.
TheWS-Securityheaderneedstobeincludedinthetestmessage,becausetheusernameandpasswordtokenisexpectedfromtheWS-SecurityheaderbasedontheWS-specification.
3.
OpenthetestutilityNetToolandprovidetheWebserviceURL:http://localhost:7800/EmployeeService.
LoadthefileEmployeeInfoRequest_withWSSHeader.
xmlandclickSend,asshownbelow.
Youshouldbeabletoaccess,run,andgetasuccessfulresponsefromthemessageflow,asshowninFigure12:ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page11of33Figure12.
TestingidentityauthenticationThetestmessageEmployeeInfoRequest_withWSSHeader.
xml:wmbuser1user1pw12345TheSOAPresponsemessagefortheWebserviceEmployeeInforequest:HTTP/1.
1200OKContent-Type:text/xml;charset=utf-8Content-Length:233Date:Thu,06May201021:19:48GMTServer:Apache-Coyote/1.
1Connection:closedeveloperWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page12of331234588888888JohnDoe555CreekRoadNYCNY54321Iftheinvalidusertoken--eitherwronguserIDorpassword--isinthesecurityheader,thenthefollowingerroroccurs:HTTP/1.
1500InternalServerErrorContent-Type:text/xml;charset=UTF-8Content-Length:2297Date:Tue,25May201019:57:20GMTServer:Apache-Coyote/1.
1Connection:closeaxis2ns2:Server.
securityExceptionCWWSS6521E:TheLoginfailedbecauseofanexception:javax.
security.
auth.
login.
LoginException:Brokersecurityreturnedfailure;system.
wss.
consume.
untorg.
apache.
axis2.
AxisFault:CWWSS6521E:TheLoginfailedbecauseofanexception:javax.
security.
auth.
login.
LoginException:Brokersecurityreturnedfailure;system.
wss.
consume.
untatorg.
apache.
axis2.
AxisFault.
makeFault(AxisFault.
java:430)atcom.
ibm.
ws.
wssecurity.
handler.
WSSecurityConsumerBase.
invoke(WSSecurityConsumerBase.
java:142)atcom.
ibm.
ws.
wssecurity.
handler.
WSSecurityConsumerHandler.
invoke(WSSecurityConsumerHandler.
java:461)atorg.
apache.
axis2.
engine.
Phase.
invoke(Phase.
java:295)atorg.
apache.
axis2.
engine.
AxisEngine.
invoke(AxisEngine.
java:266)atorg.
apache.
axis2.
engine.
AxisEngine.
receive(AxisEngine.
java:163)atcom.
ibm.
broker.
axis2.
Axis2Invoker.
processInboundRequest(Axis2Invoker.
java:2481)atcom.
ibm.
broker.
axis2.
Axis2Invoker.
invokeAxis2OverHTTP(Axis2Invoker.
java:2182)atcom.
ibm.
broker.
axis2.
TomcatNodeRegistrationUtil.
invokeAXIS2(TomcatNodeRegistrationUtil.
java:377)Causedby:com.
ibm.
wsspi.
wssecurity.
core.
SoapSecurityException:CWWSS6521E:TheLoginfailedbecauseofanexception:javax.
security.
auth.
login.
LoginException:Brokersecurityreturnedfailure;system.
wss.
consume.
untatcom.
ibm.
wsspi.
wssecurity.
core.
SoapSecurityException.
format(SoapSecurityException.
java:67)atcom.
ibm.
ws.
wssecurity.
wssapi.
token.
impl.
CommonTokenConsumer.
invoke(CommonTokenConsumer.
java:291)atcom.
ibm.
ws.
wssecurity.
core.
WSSConsumer.
callTokenConsumer(WSSConsumer.
java:2048)atcom.
ibm.
ws.
wssecurity.
core.
WSSConsumer.
callTokenConsumer(WSSConsumer.
java:1909)atcom.
ibm.
ws.
wssecurity.
core.
WSSConsumer.
invoke(WSSConsumer.
java:750)ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page13of33atcom.
ibm.
ws.
wssecurity.
handler.
WSSecurityConsumerBase.
invoke(WSSecurityConsumerBase.
java:107).
.
.
7moreKeepinmindthatifonlythesecurityprofileisprovidedintheBARfileconfigurationbutnotthepolicysetandbinding,thesecuritymanagerofthebrokercanbedeployed,butitrejectstheaccessofthemessageflowandthefollowingerroroccurs,becausethereisnoindicationwherethebrokersecuritymanagercangettheidentitytokenfrom:HTTP/1.
1500InternalServerErrorContent-Type:text/xml;charset=UTF-8Content-Length:719Date:Tue,25May201020:04:47GMTServer:Apache-Coyote/1.
1Connection:closesoapenv:ServerBIP3113E:ExceptiondetectedinmessageflowWS_Security_MF.
SOAPInput(brokerMB7BROKER)BIP2708W:Aninputmessagetoflow''WS_Security_MF''doesnothaveanidentity.
Inputmessagestotheflowmusthaveanidentityforaccess.
Modifytheclientcallingtheflowtoprovideanidentityforthemessage.
::\build\S000_P\src\DataFlowEngine\MessageServices\ImbSecurityManager.
cpp:801:ImbSecurityManager::noIdentityFound::Ofcourse,thereisnoissueifthepolicysetandbindingareprovidedwithoutthesecurityprofileontheBARfileforthemessageflow.
Inthiscase,thetestSOAPmessagestillneedsthesecurityheader,becausethepolicysetPS1definestheUsernametoken,andthebrokersecuritymanagerstillchecksthetokendefinedinthepolicyset,butdoesn'tperformidentityauthentication.
ConfiguringmessagesigningandencryptionInordertosignandencryptmessages,certificatesmustbecreatedandexchangedinkeystoresandtruststores.
Creatingkeystoresandtruststores1.
Runthecommandikeyman.
exeinthedirectoryjre16\binundertheWebSphereMessageBrokerproductinstalldirectory(usuallyC:\IBM\WMB7\jre16\bin).
2.
ClickKeyDatabaseFileandselectNewtocreateakeystorenamedwmbkeystorefortheWebserviceprovider.
Providethefilenameandlocation,andmakesurethatthekeydatabasetypeisJKS,asshowninFigure13:developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page14of33Figure13.
Creatingakeystore3.
Afterprovidingthepasswordwmbv7pw,thekeystoreiscreated.
ClickNewSelf-Signedtocreateaself-signedcertificate:ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page15of33Figure14.
Creatingaself-signedcertificate4.
ClickOK.
ThecertificatewmbcertshouldbelistedinPersonalCertificates.
5.
ClickExtractCertificatetoexporttheservercertificate:.
developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page16of33Figure15.
Extractingacertificate6.
ProvidethefilenameandlocationasshowninFigure16belowandclickOK.
ThisservercertificatewillbeaddedintotheWebserviceconsumer'skeystorelater.
Figure16.
Providingthecertificatefilenameandlocation7.
Repeatsteps2through6abovetocreateakeystorenamedwmbclientkeystorefortheWebserviceconsumer.
Createaself-signedcertificateandextractthepublickeyintothefilewmbclient.
armintheC:\MyBindirectory.
Usethesamekeystorepasswordwmbv7pw.
Ifakeystoreisusedtocontaintrustedcertificates,itisusuallycalledatruststore.
Ideally,akeystoreisforprivatekeysandatruststoreisforpubliccertificates.
Forthepurposeofsimplicity,thekeystorescreatedarealsousedasthetruststores.
8.
Importtheclient'scertificateintotheserver'skeystore.
Assumethatthekeystoreisstillopen,selectSignerCertificatesfromthedropdownlist,andclickAdd:ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page17of33Figure17.
Providingthecertificatefilenameandlocation9.
Providethefilenamewmbclientcert.
armandthelocationC:\MyBin.
ClickOKandtypethepasswordwmbv7pwforthecertificate.
AnentryshouldbeaddedintheSignerCertificateslist,asshowninFigure18:developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page18of33Figure18.
TheclientcertificateonthelistofSignerCertificates10.
Repeatsteps8and9abovetoimporttheserver'scertificateintotheclient'skeystore.
11.
Runthefollowingcommandforboththeserverandclientkeystorestoseethecontent.
Eachkeystoreshouldhavetwoentries:keyEntryandtrustedCertEntry.
keytool-list-keystoreC:\MyBin\wmbkeystore.
jks-vEnterkeystorepassword:Keystoretype:jksKeystoreprovider:IBMJCEYourkeystorecontains2entriesAliasname:wmbclientcertCreationdate:Apr21,2010Entrytype:trustedCertEntryOwner:CN=WMBClient,OU=ISSW,O=IBM,ST=Char,C=USIssuer:CN=WMBClient,OU=ISSW,O=IBM,ST=Char,C=USSerialnumber:4bcf2ac0Validfrom:4/21/1012:41PMuntil:4/18/2012:41PMCertificatefingerprints:MD5:29:E4:97:06:EC:BD:FB:3A:24:DE:C3:2F:50:DD:8D:8ESHA1:3C:AC:1C:F8:AF:39:8F:90:11:5B:26:B6:E7:FF:4C:8B:08:12:C7:3FAliasname:wmbcertCreationdate:Apr21,2010Entrytype:keyEntryCertificatechainlength:1ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page19of33Certificate[1]:Owner:CN=WMBServer,OU=ISSW,O=IBM,ST=Char,C=USIssuer:CN=WMBServer,OU=ISSW,O=IBM,ST=Char,C=USSerialnumber:4bcf21d0Validfrom:4/21/1012:03PMuntil:4/18/2012:03PMCertificatefingerprints:MD5:58:8B:BE:72:F9:01:C3:5B:CD:A6:A6:77:A8:7B:32:F0SHA1:32:9A:21:BB:3B:0A:B0:3F:37:F5:5E:9B:EC:E0:7F:62:52:17:57:B4keytool-list-keystoreC:\MyBin\wmbclientkeystore.
jks-vEnterkeystorepassword:Keystoretype:jksKeystoreprovider:IBMJCEYourkeystorecontains2entriesAliasname:wmbclientcertCreationdate:Apr21,2010Entrytype:keyEntryCertificatechainlength:1Certificate[1]:Owner:CN=WMBClient,OU=ISSW,O=IBM,ST=Char,C=USIssuer:CN=WMBClient,OU=ISSW,O=IBM,ST=Char,C=USSerialnumber:4bcf2ac0Validfrom:4/21/1012:41PMuntil:4/18/2012:41PMCertificatefingerprints:MD5:29:E4:97:06:EC:BD:FB:3A:24:DE:C3:2F:50:DD:8D:8ESHA1:3C:AC:1C:F8:AF:39:8F:90:11:5B:26:B6:E7:FF:4C:8B:08:12:C7:3FAliasname:wmbcertCreationdate:May7,2010Entrytype:trustedCertEntryOwner:CN=WMBServer,OU=ISSW,O=IBM,ST=Char,C=USIssuer:CN=WMBServer,OU=ISSW,O=IBM,ST=Char,C=USSerialnumber:4bcf21d0Validfrom:4/21/1012:03PMuntil:4/18/2012:03PMCertificatefingerprints:MD5:58:8B:BE:72:F9:01:C3:5B:CD:A6:A6:77:A8:7B:32:F0SHA1:32:9A:21:BB:3B:0A:B0:3F:37:F5:5E:9B:EC:E0:7F:62:52:17:57:B4Atthispoint,thekeystoresarecreatedfortheWebserviceproviderandconsumerwiththecertificatesexchanged.
Thekeystoreinformationisusedtocreatethepolicysetandbinding,asdescribedbelow.
ConfiguringthebrokerwiththekeystoresInorderforthebrokertousethesekeystores,youmustconfigurethebrokerproperties.
Usethefollowingcommandstosetuptheproviderkeystoreandtruststore:developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page20of33mqsichangepropertiesMB7BROKER-edefault-oComIbmJVMManager-nkeystoreFile-vC:\MyBin\wmbkeystore.
jksmqsichangepropertiesMB7BROKER-edefault-oComIbmJVMManager-nkeystoreType-vJKSmqsichangepropertiesMB7BROKER-edefault-oComIbmJVMManager-nkeystorePass-vdefault::keystorepassmqsichangepropertiesMB7BROKER-edefault-oComIbmJVMManager-ntruststoreFile-vC:\MyBin\wmbkeystore.
jksmqsichangepropertiesMB7BROKER-edefault-oComIbmJVMManager-ntruststoreType-vJKSmqsichangepropertiesMB7BROKER-edefault-oComIbmJVMManager-ntruststorePass-vdefault::truststorepassRunthefollowingcommandtoviewthesettingsforexecutiongroupdefaultofthebrokerMB7BROKER:mqsireportpropertiesMB7BROKER-oComIbmJVMManager-a-edefaultComIbmJVMManageruuid='ComIbmJVMManager'userTraceLevel='none'traceLevel='none'userTraceFilter='none'traceFilter='none'resourceStatsReportingOn='inactive'resourceStatsMeasurements=''jvmVerboseOption='none'jvmDisableClassGC='false'jvmShareClasses='false'jvmNativeStackSize='-1'jvmJavaOSStackSize='-1'jvmMinHeapSize='33554432'jvmMaxHeapSize='-1'jvmDebugPort='5000'keystoreType='JKS'keystoreFile='C:\MyBin\wmbkeystore.
jks'keystorePass='default::keystorepass'truststoreType='JKS'truststoreFile='C:\MyBin\wmbkeystore.
jks'truststorePass='default::truststorepass'ThevalueforthepropertykeystorePassisareferencetowherethepasswordisstored.
Runthefollowingcommandtosetuptheactualpasswordsothatthebrokercanaccessthekeystore.
Thecommandoption-uforuserisnotused:mqsisetdbparmsMB7BROKER-ndefault::keystorepass-uany-pwmbv7pwmqsisetdbparmsMB7BROKER-ndefault::truststorepass-uany-pwmbv7pwRestartthebrokerMB7BROKERforthesettingtotakeeffect.
CreatingpolicysetandbindingIntheprevioussectionConfiguringidentityauthentication,thedefaultpolicysetandbindingWSS10Defaultwereused,whichisgoodforauthenticationpurposes.
InordertoaccomplishWS-ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page21of33Securitymessagesigningandencryption,youneedtocreateanewpolicysetandbindingandassociatethemwiththemessageflow.
Creatingapolicyset1.
OpenMessageBrokerExplorer,right-clickthebrokerMB7BROKER,andselectProperties.
2.
OnthePropertiesdialog,selectSecurity=>PolicySets.
3.
SelectPolicySets=>AddtoaddanewpolicysetontheSetupPolicySetsandPolicySetBindingsforthisbrokerdialog.
RenameitasPS1.
4.
ExpandWS-SecurityandhighlightMessageLevelProtectionontheleft.
CheckMessagelevelprotectionandIncludetimestampinsecurityheaderontheright:Figure19.
Messagelevelprotection5.
ClickTokensandaddtwotokens,onerepresentingthecertificatefortheproviderandonefortheconsumer:Figure20.
Addingentriesformessageintegrityandconfidentialitypolicies6.
ClickAlgorithmsandselectBasic128Rsa15:developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page22of33Figure21.
Selectingalgorithmsuite7.
HighlightMessagePartProtectionandclickAddtoaddtwoentries,oneforsignatureandanotherforencryption:Figure22.
Addingentriesformessagepartprotection8.
HighlightQNameandclickAddtoaddentriesasshowninFigure23below.
ThesetwonamespaceentriesindicatethattheWS-Addressingheadersmustbesigned.
ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page23of33Figure23.
AddingentriesforQName9.
HighlightXPathandclickAddtoassociatethepre-definedXPathtoeachoftheentriesthatwerecreatedinStep7,asshowninFigure24:Figure24.
AddingentriesforXPath10.
ClickFinishtosavethepolicysetPS1.
11.
RunthefollowingcommandtoseethedetailsofthepolicysetPS1.
mqsireportpropertiesMB7BROKER-cPolicySets-oPS1-rPolicySetsPS1config=''ws-security='/*[namespace-uri()='http://schemas.
xmlsoap.
org/soap/envelope/'andlocal-name()='Envelope']/*[namespace-uri()='http://schemas.
xmlsoap.
org/soap/envelope/'andlocal-name()='Header']/*[namespace-uri()='http://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.
xsd'andlocal-name()='Security']/*[namespace-uri()='http://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.
0.
xsd'andlocal-name()='Timestamp']/*[namespace-uri()='http://www.
w3.
org/2003/05/soap-envelope'andlocal-name()='Envelope']/*[namespace-uri()='http://www.
w3.
org/2003/05/soap-envelope'andlocal-name()='Header']/*[namespace-uri()='http://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.
xsd'andlocal-name()='Security']/*[namespace-uri()='http://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.
0.
xsd'andlocal-name()='Timestamp']/*[namespace-uri()='http://schemas.
xmlsoap.
org/soap/envelope/'andlocal-name()='Envelope']/*[namespace-uri()='http://schemas.
xmlsoap.
org/ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page25of33soap/envelope/'andlocal-name()='Header']/*[namespace-uri()='http://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.
xsd'andlocal-name()='Security']/*[namespace-uri()='http://www.
w3.
org/2000/09/xmldsig#'andlocal-name()='Signature']/*[namespace-uri()='http://www.
w3.
org/2003/05/soap-envelope'andlocal-name()='Envelope']/*[namespace-uri()='http://www.
w3.
org/2003/05/soap-envelope'andlocal-name()='Header']/*[namespace-uri()='http://docs.
oasis-open.
org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.
xsd'andlocal-name()='Security']/*[namespace-uri()='http://www.
w3.
org/2000/09/xmldsig#'andlocal-name()='Signature']'ThepolicysetiscreatedonlyfortheWebserviceprovider(SOAPInputandSOAPReplynodes),sincethemessageflowtobeconfiguredfortheWS-SecurityinthisarticleistheWebserviceprovider.
Ofcourse,youcanaddentriesinthepolicysetfortheWebserviceconsumerifneeded.
CreatingapolicysetbindingfortheWebserviceprovider1.
Right-clickthebrokerMB7BROKER,selectPropertiesandSecurity,andthenclickPolicySets.
2.
SelectPolicySetBindingsontheleftandthenclickAddtocreateanewentry.
RenameittoPSB1_Provider.
SelectPS1tobeassociated,andmakesurethebindingisusedwithProvider,asshowninFigure25:Figure25.
CreatingapolicysetbindingfortheWebserverprovider3.
SelectPSB1_Provider=>WS-Security=>MessagePartPolicy.
Theentriesarepartiallycompletedbasedonthesecuritypolicybasedonthepolicysetassociated.
CompleteencryptionandsignatureentriesasshowninFigure26.
TheOrderindicateswhetherthemessageisencryptedorsingedfirst.
Inthiscase,theresponsemessageissignedandthenencrypted.
developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page26of33Figure26.
Completingencryptionandsignatureentries4.
ExpandMessagePartPolicyandselectKeyInformation.
ProvidevaluesasshowninFigure27.
Figure27.
Addingthekeyinformation5.
ClickFinishbuttontosavethebinding.
6.
Runthefollowingcommandtoseedetailsofthepolicysetbinding.
mqsireportpropertiesMB7BROKER-cPolicySetBindings-oPSB1_Provider-rPolicySetBindingsPSB1_ProviderassociatedPolicySet='PS1'config=''ws-security='ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page27of33'AssociatetheWS-SecuritysettingswiththemessageflowFollowthesamestepsdescribedintheprevioussectiontoassociatethepolicysetPS1andthepolicysetbindingPSB1_Providerwiththemessageflow,asshowninFigure28:developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page28of33Figure28.
AssociatingWS-SecuritysettingswiththemessageflowAfteranychangestopolicysetsorpolicysetbindingsaresaveddirectlytotheassociatedbroker,thebrokerortheexecutiongroupwherethemessageflowisdeployedmustberestartedforthenewconfigurationtotakeeffect.
Runteststoevaluatemessagesigningandencryption1.
OpenthetestutilityNetTool.
ClickAddNewHeadertoaddtheheaderSOAPAction.
2.
ProvidetheWebserviceURLhttp://localhost:7800/EmployeeService.
LoadthefileEmployeeInfoRequest.
xml.
Thereisnowsse:SecurityundertheheaderinthetestSOAPmessage,becausenoauthenticationisrequired.
3.
ClickSendtoinvoketheWebservicemessageflow.
Youshouldseethisresponse:ibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page29of33Figure29.
SuccessfulresponseThesignedandencryptedresponsemessageisshownbelow:2010-06-01T17:29:22.
15ZMIICETCCAXqgAwIBAgIES88h0DANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJVUzENMAsGA1UECBMEQ2hhcjEMMAoGA1UEChMDSUJNMQ0wCwYDVQQLEwRJU1NXMRIwEAYDVQQDEwlXTUJTZXJ2ZXIwHhcNMTAwNDIxMTYwMzI4WhcNMjAwNDE4MTYwMzI4WjBNMQswCQYDVQQGEwJVUzENMAsGA1UECBMEQ2hhcjEMMAoGA1UEChMDSUJNMQ0wCwYDVQQLEwRJU1NXMRIwEAYDVQQDEwlXTUJTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKdjFeBi+zPL4Hp2LzoZy2DFcx/FXobChjZBMylmkwuVYR6JvJC71GRd4ViSyLM8zdirBm2Ef+KtV/RWqDEZFhEycHnFOhlZFIgoHR+3Sp4jrT72DWRCUzVqpmv0pjbHldXmvqwfXYO9AHDg0pXcgyXoGhmk/kce507Yi/fqrpB1AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAnSdZ/R1YSc7KqgHOAi30kuV/ISPeCpfZwWBy7EAGnO7Iv8k3H0KllMmyMRJT39HNh62e0/Pl2+t0YA38XWSo2Y3437xIgukFIJIYIEHKCnNZBThg6H1nKbg269UmZOu4QRFO9c3NLa+HwmmRm6iu3mGJU/QFEI0ZlpR6D0PkchA=V6GdFyibFnet6w3QTJgmjG+x1rY=developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page30of33FikfNEXeKPY1tUP0mldv2z3fuTvOTEAvsSdnaJhckFQSdyz9aJOIveOpDaqoZd0EaxHRTbPPlTSBMbuxvSKdlVrPboxIP8riupzfEVoENOyv2y73lq9lYm7zAl3guTW6u267Jm5tCVaoe2Ts12j5AtkqYoWB8y7TNPZJixkGEiU=8pcJa2f7GHjp/SDopXeXlnYz1YU9XtogGNBFeBftL7goQOolvM85ZR+ruJbt2FqiYWIsyextSkNDGkl/DN8r7WNlEEht6pXswMfL7NmRhTl6DoHERjX4bi27+NZBNdYswfEYfOkB9dvI8EOCYzQzRSvd1cRZgup+BoZVojYN3n5WHsGCitYNIGj6hJZdeaQuVr4hrsi+7kxV/amuuLtTysYPlLOfV9A4xI90yUF5kRdaC9mZsCuPEePQGSmTqKoMCgNDjen4UmO/sSFYgsW5Wqq/XDWbxPkzYrApqi6wve2p3meF2x+2QReFxtIxjrsWjLumX5vUrL2RT5bQm+lF9q1cs4wJrGgff0R5lXr07xMic9OV3FTJLSpnjZPDbT+A4Whz5HNGldLveu1bdtCzq+vvM56aE4skZDvO66GpUsMedsuV+M+Qcf8Pu1M6izDorP7iic6DvgbpwtiSnnpaGKUd59G71QldRJfZrdAL5fhiN1SMZIVYJraUg9cUFyRMy7tBRrizzg/7fcI5sNxcpx/+NGUJpx1m9SNoadbkFlnOvKzxgzkK6uLz2oafkd3Pg72GERJi9FHOCJ6aig9hZKhLRQ4rHTvOHG/r1UGVv1wd7rG+3D6D3cw6aKC6chTT+iRdAVsTrqGCtJ10S97yP6rqfdnadeU1QGbJfry+sjEXgyfIzUHWeezegdxgNLmoj8g8t60Z1nRTzZvOaThPZA39E3Sr6nwH9tzbQz9lUvh9uRsUNr8NiTTNQJ4R0rIMH0PN/pzeYkQgkstq3VDhUomy/2hMCxARqbfytMoxAqJzc/FZSugE8q9f1G+jJC4E4oga8PtON3gtuAVIut9yfJ7JBNSn9BfIW7VGCEMU7n/Z6Ml0dofNWbiEzfOXBF4e255bsEzkPEKemLtSke2hAfXy1BPKgxuLG8EZFRKVNEg6Eo1usDlN6opHfdLMtXIeNqERgpxf0jLWkW4O8+UwN/XoR7/nepK78BxR/qwhlGV35DlrW82+R1au5F9laYHHDqNhuBoJHhirri5jTDDgO3HswwTpyk3KYQMPhYcNlR5PZJMUZbcGbRVONYbitBcDgHoohsQm5bBpE+KxRxKOD5ANjZ7cZt0UbMj1Y44vwUaWLxr6VRSq+vUlaYIKBL1igOjRCcF98dVKqTgBaD0Ewn8ar8BAXW9alhN0IEQTpvXkiLrjjksMFXvqGoh0fFo1eg+3r+foIvbO7O7ULV+PhfLK8WCYepy2BvEWf1x8QMlWwRSuXQuEx6ZwcYw/GvSbWAhQgqSaaIoq7x5ujrkPlOjP2oYEzLEhhP0+1CRVBUou4VoL/uZdWLwMRP3H2gtoubK/yexFiw078cNvqs6ZmPPTpMaU0XwrxaZoEwA+M9Q71KqENC6YDP52RvOyYpHs3Zskqc93bpUs0vSTmN9xHYjMqkDJi9ZnTfrnV3bS76gZqisbFq/6X3k412trpwVtAekP5/SS7lJyyQ5rKg9nufoglT2djx5WWoMViLklMFOM9OYL+UeCvag6wUy8GS5W3+cJCB88fq4dGnrEQCv2BeURQPGxiuJEwJrTpLkJUxW5ljhK9+Tgem8qqnW1kHIHZ8U6LPEAdwurLF8t5UH+RJ7G+hsmMZm4D52UCt0OvYpdwq/44YElFn4VrMBO3OxXCgxJGP7hCakYguV0bFP/hENoKWrMD2ZSKvKYPVpsMrlL2S8QQ67epjO9jOcKYn5NlAlANy7PHuc77KQCnoOGWsY8iSQT9cT58IaAph8KlxwAv9wfBTYSfjHdkcE/fmbh1uNiWUSN4C9ucsHb+q8SjpJiEtDlG42AjAJtmINfGn+Im4K2jq3MrUSTW3KrMQuy7w4VE9zCBGHOVz+udS83o1AxQ3VgU2ZUBPIpcO9Qj4hlvFDsdMeCRlL+mdWDw0vFtmmA5wMa8uAuurlnH2S1kqrH497VXLqyU2rEUKUHT+NeZtO+o0TBBqgZN6yIzXCT7jlDX0W9u+3PV2F08bcf4nQmMuDlChnUfKTZ+4EMl9ueEouRei1a+AySPziQHC3sgmle9Zg++7zD9eDlolByiR0IZVLje81psyaF8t0S+sXNSZVF7mfwe0LYSJW3p3FBmHMtkukvO0ddCbY29obVfQA91LOG/fDt6ue3ZcqmvclzB7z9JOGikNPVYCokNunFf0TsMoikiCDu1XtHyqG18TWcuMZyvyJk2d6/4Y66eTZf47FSBy0Fz5NVRVo/wl1CFX4uZD46UXQ1CHkwGCV8jTaI0ie+RTM6bBPTXqi4i5hYZ3UHOZcY9U2AhZUyQsVO5VhaKqiVcNVZgcWbeFNSg0InYT8THuT5pJpC5MniLyY0gjggY36Q9peKI67KSMM6gb/OdcpQ6Jts3aUDawUab59jNMmxBW7ggISPHzWAiVsvIQOl5PQYYYPWuu6mb12ZCdMmTn91Wmn3ElvsHlWbKuZNVcHie0RYoXjjAQ+1QqOV6jw+mYyEFjNYGHu5lIrjlqahx5DS6AQbepdjmABXuMmNjYY/ljk6dkgy05JmR0hvHgg3gUjK0YmYlKYPchgJ4z/mt1C4G0HxjfTpOPRhIUkkYr1j5Ce/wg05qSIOFItEagyNdK2tMXpQVohFDxKiyV7vsX9P6vGHtFVLgJJTqHUrO0Ss3+f4IYOa1NiACGxRZsscBBV2fEh94blAbuDRJ9mPoXxo35VSzpCPowsdtZMiwTYetw/q5w2CXc8LuFafDWjZoAdjv7veQpsRDZ/ztrkWH04dYgvzf1rKgRnOHt4GN53OHLj+fQmI/lxNKmC4/R/cul2P2Fyuxr456El44Ioo3PkL6h2YGi1LtreOnVHNiJmHrerGzLhWWpq3YeAhZ0LJyQMr6I7Gs5YXlOHysm4+CXN6rueHRgyurglxEZFVVg/TlcIp4+pgHv3EKXr9KqFmV5fKaLiXbWilP8IMsuAtuteCTZWUN/KLf0RYn1QHHz2yAy+MQcIXxglSHz+NkV2IPpFg3tiG53sTgbcR7Y2l9eiUS4hZ4hFYnqXGlbBKc85siwLsNztetHBqUQif36bSNB/TN6+qGszO2K4Wibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page31of33owaONrOnpEpw/B8NTPMPWERN0gqrDPnsTL/g4Ymr9ODQ+r91MPIhkYvUGsdDfmPQbyNS1WG9wSTFg6BYYyHrgdCQAJM9fHGgDMcHjFEK/nIQDIfC1A34VSnEAc5M36VvL9ZcoI2HKNACb2S0d72ZSIvzKX6M9KvEv6v4LXXjdCS00Puq6WqW3XgZ16PRlAPgFj8DTnwZk1TykT77CTNR8elf1brqDCNsyN+BBA8m+7SiMEIjvNDfz49tW14un8i2k/PbQGU2FE2ooo+k4DGTXqhQNksgES3p+y5Y6WbhL1IddgCLoqllfhrHn9QlbmhBEC6e6AdK7VgfNPOQotxMGPiLsHcPWLiLF7j6TgTGsFWpo+6W/n11Ja8MoIXBQwJf5CcKLDtmYuO/98c0wT+5mPmMXgHwWXRHOKpaeP4FJdIJhE8yV281QCOtUwD0tZr4vFsBpn1a8Ebtnrye0kYclw==ConclusionWebSphereMessageBrokersupportsWS-Securityforidentityauthentication,messagesigningandencryption.
Inthisarticle,amessageflowastheWebserviceproviderisbuiltbasedonaWSDLfile.
TheWS-Securityisimplementedonthemessageflowusingthesecurityprofile,andthepolicysetandbinding.
developerWorksibm.
com/developerWorks/ImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page32of33DownloadableresourcesDescriptionNameSizeProjectinterchangefileWS_Security_PI.
zip17KBibm.
com/developerWorks/developerWorksImplementingWebServicesSecurityinWebSphereMessageBrokerV7Page33of33RelatedtopicsWebSphereMessageBrokerproductpageWebSphereMessageBrokerV7informationcenterWhat'snewinWebSphereMessageBrokerV7WebSphereMessageBrokerdocumentationlibraryWebSphereMessageBrokersupportpageAddressbooksampleWebServicesSecurity:SOAPMessageSecurity1.
0andWebServicesSecurity:SOAPMessageSecurity1.
1MostpopularWebSpheretrialdownloadsWebSphere-relatedbooksfromIBMPressdeveloperWorksonTwitterCopyrightIBMCorporation2010(www.
ibm.
com/legal/copytrade.
shtml)Trademarks(www.
ibm.
com/developerworks/ibm/trademarks/)
IntoVPS是成立于2004年的Hosterion SRL旗下于2009年推出的无管理型VPS主机品牌,商家提供基于OpenStack构建的VPS产品,支持小时计费是他的一大特色,VPS可选数据中心包括美国弗里蒙特、达拉斯、英国伦敦、荷兰和罗马尼亚等6个地区机房。商家VPS主机基于KVM架构,最低每小时0.0075美元起($5/月)。下面列出几款VPS主机配置信息。CPU:1core内存:2GB...
数脉科技(shuhost)8月促销:香港独立服务器,自营BGP、CN2+BGP、阿里云线路,新客立减400港币/月,老用户按照优惠码减免!香港服务器带宽可选10Mbps、30Mbps、50Mbps、100Mbps带宽,支持中文本Windows、Linux等系统。数脉香港特价阿里云10MbpsCN2,e3-1230v2,16G内存,1T HDD 或 240G SSD,10Mbps带宽,IPv41个,...
香港云服务器最便宜价格是多少钱一个月/一年?无论香港云服务器推出什么类型的配置和活动,价格都会一直吸引我们,那么就来说说香港最便宜的云服务器类型和香港最低的云服务器价格吧。香港云服务器最便宜最低价的价格是多少?香港云服务器只是服务器中最受欢迎的产品。香港云服务器有多种配置类型,如1核1G、2核2G、2核4G、8到16核32G等。这些配置可以满足大多数用户的需求,无论是电商站、视频还是游戏、小说等。...
internalservererror为你推荐
科大讯飞智学网教师阅卷操作指南thinksns网站成功 安装ThinkSNS后主页有问题uctoolsDiscuz! X3管理员可以查询某个用户登录IP的历史记录吗?asp.net网页制作如何用DREAMWEAVER ASP.NET 做网页filezilla_server如何用FileZilla Server新增FTP帐号piaonimai这位主播叫什么tumblr上不去百度为什么经常打不开35互联在中国哪家服务商提供的企业邮箱好呢?35邮箱邮箱地址怎么写帖子标题百度贴吧如何改帖子的标题
vps交流 看国外视频直播vps 域名备案号查询 openv hostmaster 美国主机推荐 什么是刀片服务器 赞助 1g内存 东莞数据中心 空间技术网 七夕快乐英语 路由跟踪 ebay注册 cx域名 godaddy中文 防盗链 免费php空间申请 29美元 kosspp 更多