1. Summary

This article describes how to secure an insecure, VisiBroker application through configuration only. No code changes are required.

 

2. Environment

VisiBroker 8.5. All supported platforms.

 

3. Question/Problem Description

On occasion, users may be required to secure an existing, insecure VisiBroker application. This article describes how to do this without changing existing code.
A VisiBroker Java example is provided showing the configuration changes required.

 

4. Resolution

For an explanation of the properties used in this example, please see our VisiBRoker Security Guide along with our VisiBRoker Developer's Guides for both C and Java.

4.1. Insecure Client & Server

For our example, we start with the same minimal configuration for both our insecure server and insecure client applications.

# Disable the osagent: vbroker.agent.enableLocator=false # Enable Logging vbroker.log.enable=true vbroker.log.logLevel=debug

The above configuration allows the client and server to communicate insecurely. For this example, we will not use the VisiBroker Smart Agent.

4.2. Secure Client & Server

The following sample configuration enables the same server and client to make only secure connections (provided suitable certificates are used). In this case, the applications will require trusted peer certificates, otherwise the connection will be refused.
Please note, some properties are specific to the client, some to the server and some are applicable to both. The client-specific properties are ignored by the server and vice versa. Properties for both client and server are provided here, for simplicity.

 

# Disable the osagent: vbroker.agent.enableLocator=false # Enable Logging vbroker.log.enable=true vbroker.log.logLevel=debug ############################################ # Security Settings for Client Application # ############################################ vbroker.orb.alwaysSecure=true vbroker.security.alwaysSecure=true ############################################ # Security Settings for Server Application # ############################################ vbroker.se.iiop_tp.scm.iiop_tp.listener.port=1234 ########################################################### # Security Settings for Both Client & Server Applications # ########################################################### vbroker.security.disable=false vbroker.security.peerAuthenticationMode=REQUIRE_AND_TRUST vbroker.security.TrustpointsRepository=Directory:./Trustpoints vbroker.security.wallet.type=Directory:./Identities vbroker.security.wallet.identity=frans vbroker.security.wallet.password=frans vbroker.security.secureTransport=true

 

5. Support Incidents

00376429

 

6. Attachment

Attached, please find a sample VisiBroker Java application consisting of:

• Readme describing how to build and run the applications
• Client code
• Server code
• Sample certificates and key
• VisiBRoker Properties files for:
  • Insecure client
  • Secure client
  • Insecure server
  • Secure server
• Batch file to build application on Windows
• Batch file to run application on Windows
• Certificates taken from the VisiBroker bank_ssl example