The JMS queues that are used by integration processing support J2EE security, based on user ID and password-based authentication and authorization. You can prevent unauthorized access to the queue by assigning a user ID and password to the Java™ Naming and Directory Interface (JNDI) name, even if the JNDI name of the queue is known.
About this task
Multiple queues can use the same or different user identifications.
Procedure
- On the administrator console for the server, specify user
ID and password values for the following properties, to enable J2EE
restrictions:
- java.naming.security.principal (user ID)
- java.naming.security.credentials (password)
- In the External Systems application, select the Add/Modify
Queues action and specify the same user ID and password
that you provided in Step 1.
This step provides access
to the queue to the integration producer and consumer programs.
- To provide access to the continuous queue, under the <enterprise-beans>
section in the ejb-jar.xml file, add the <security
identify> elements shown in bold text:
<enterprise-beans>
<message-driven id="MessageDriven_JMSContQueueProcessor_1">
<ejb-name>JMSContQueueProcessor-1</ejb-name>
<ejb-class>psdi.iface.jms.JMSContQueueProcessor</ejb-class>
<transaction-type>Container</transaction-type>
<message-driven-destination>
<destination-type>javax.jms.Queue</destination-type>
</message-driven-destination>
<env-entry>
<env-entry-name>MESSAGEPROCESSOR</env-entry-name>
<env-entry-type>java.lang.String </env-entry-type>
<env-entry-value>
psdi.iface.jms.QueueToMaximoProcessor
</env-entry-value>
</env-entry>
<security-identity>
<run-as>
<role-name>maximouser</role-name>
</run-as>
</security-identity>
</message-driven>
- Under the <assembly-descriptor> section in the ejb-jar.xml file,
add the <security-role> elements shown in bold text:
<assembly-descriptor>
<security-role>
<role-name>maximouser</role-name>
</security-role>
<container-transaction>
<method>
<ejb-name>JMSContQueueProcessor-1</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>