In this section, we are only going to concern ourselves with those aspects of security that are commonly supported by JMS providers. You need to think about three aspects of security: authentication, authorization, and secure communication. How these aspects of security are implemented is vendor-specific, and each vendor uses its own combination of available technologies to authenticate, authorize, and secure communication between JMS clients.
We will also discuss firewalls and HTTP tunneling as a solution to restrictions placed on JMS applications by organizations.
Simply put, authentication verifies the
identity of the user to the messaging system; it may also verify the
identity of the server to the JMS client. The most common kind of
authentication is a login screen that requires a username and a
password. This is supported explicitly in the JMS API when a
Connection is created, as well as in the JNDI API
InitialContext is created. JMS providers
that use username/password authentication may support either of these
Properties env = new Properties( ); env.put(Context.SECURITY_PRINCIPAL, "
"); env.put(Context.SECURITY_CREDENTIALS, "
"); TopicFactory topicFactory = jndiContext.lookup("..."); ... TopicConnection con = topicFactory.createTopicConnection("
JMS providers may also use more sophisticated mechanisms for authentication, such as secret or public key authentication. Secret key authentication, ...