Configuring J2EE restrictions for JMS queues

The JMS queues that are used by integration processing support J2EE security, based on user ID and password-based authentication and authorization. You can prevent unauthorized access to the queue by assigning a user ID and password to the Java™ Naming and Directory Interface (JNDI) name, even if the JNDI name of the queue is known.

About this task

Multiple queues can use the same or different user identifications.

Procedure

  1. On the administrator console for the server, specify user ID and password values for the following properties, to enable J2EE restrictions:
    • java.naming.security.principal (user ID)
    • java.naming.security.credentials (password)
  2. In the External Systems application, select the Add/Modify Queues action and specify the same user ID and password that you provided in Step 1.
    This step provides access to the queue to the integration producer and consumer programs.
  3. To provide access to the continuous queue, under the <enterprise-beans> section in the ejb-jar.xml file, add the <security identify> elements shown in bold text:
    <enterprise-beans>
      <message-driven id="MessageDriven_JMSContQueueProcessor_1">
        <ejb-name>JMSContQueueProcessor-1</ejb-name>
        <ejb-class>psdi.iface.jms.JMSContQueueProcessor</ejb-class>
        <transaction-type>Container</transaction-type>
        <message-driven-destination>
          <destination-type>javax.jms.Queue</destination-type>
        </message-driven-destination>
        <env-entry>
          <env-entry-name>MESSAGEPROCESSOR</env-entry-name>
          <env-entry-type>java.lang.String </env-entry-type>
          <env-entry-value>
            psdi.iface.jms.QueueToMaximoProcessor
          </env-entry-value>
        </env-entry> 
          <security-identity> 
            <run-as> 
              <role-name>maximouser</role-name> 
            </run-as>
          </security-identity> 
        </message-driven>
  4. Under the <assembly-descriptor> section in the ejb-jar.xml file, add the <security-role> elements shown in bold text:
    <assembly-descriptor>
      <security-role>
        <role-name>maximouser</role-name>
      </security-role>
      <container-transaction>
        <method>
          <ejb-name>JMSContQueueProcessor-1</ejb-name>
          <method-name>*</method-name>
        </method>
        <trans-attribute>Required</trans-attribute>
      </container-transaction>
    </assembly-descriptor>