O'Reilly logo

Java Message Service by Richard Monson-Haefel, David A Chappell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security

In this section, we are only going to concern ourselves with those aspects of security that are commonly supported by JMS providers. You need to think about three aspects of security: authentication, authorization, and secure communication. How these aspects of security are implemented is vendor-specific, and each vendor uses its own combination of available technologies to authenticate, authorize, and secure communication between JMS clients.

We will also discuss firewalls and HTTP tunneling as a solution to restrictions placed on JMS applications by organizations.

Authentication

Simply put, authentication verifies the identity of the user to the messaging system; it may also verify the identity of the server to the JMS client. The most common kind of authentication is a login screen that requires a username and a password. This is supported explicitly in the JMS API when a Connection is created, as well as in the JNDI API when an InitialContext is created. JMS providers that use username/password authentication may support either of these solutions:

Properties env = new Properties( );

env.put(Context.SECURITY_PRINCIPAL, "
                  username
               ");  
env.put(Context.SECURITY_CREDENTIALS, "
                  password
               ");
TopicFactory topicFactory = jndiContext.lookup("...");
...
TopicConnection con = 
  topicFactory.createTopicConnection("
                  username
               ", "
                  password
               ");

JMS providers may also use more sophisticated mechanisms for authentication, such as secret or public key authentication. Secret key authentication, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required