When themsgsvc.security.enableproperty is set to true in the JMS server's property file, security is enabled. A secure JMS server enforces authentication and validates a user's rights against the access control list (ACL) of a destination.The example in this section shows how to create users and set the ACL of a queue:
The security API's uses the well-know Principal and Acl interfaces from the Java 2 security model. Once the ACL has been created, it can be set as part of the destination properties. Once the ACL has been created and set, the program shows the rights of the different users.package security; import java.util.Enumeration; import java.util.Properties; import java.security.Principal; import java.security.acl.Acl; import java.security.acl.AclEntry; import com.sssw.jms.api.*; import com.sssw.jms.api.admin.*; import javax.jms.*; import javax.naming.*; // Make sure to run jBroker MQ with the msgsvc.security.enable property // set to true. public class SecureQueue { // The administrator user name and password will be the same as // the database admin user for the jBroker MQ tables. static String admin = "scott"; static String passw = "tiger"; public static void main(String[] args) throws Exception { | // get the initial context for lookup's | InitialContext ctx = new InitialContext(); | | // lookup the queue connection factory | QueueConnectionFactory fac = | (QueueConnectionFactory) ctx.lookup("queue/connectionFactory"); | | // typecast the queue connection to a JMQ queue connection | JMQQueueConnection queueConn = | (JMQQueueConnection) fac.createQueueConnection(admin, passw); | | // get the security admin object from the JMQ queue connection | JMQSecurityAdmin secAdmin = queueConn.getSecurityAdmin(); | | // create two users | secAdmin.createUser("fred", "fred123"); | secAdmin.createUser("joe", "joe123"); | | // get the admin principal using the built-in admin group alias | Principal su = secAdmin.getPrincipal(JMQSecurityAdmin.GROUP_ADMIN); | | // create a new access control list | Acl myAcl = secAdmin.newAcl(); | | // add 'fred' to this acl with consume permission only | AclEntry entry = secAdmin.newAclEntry(); | Principal fred = secAdmin.getPrincipal("fred"); | myAcl.addOwner(su, fred); | entry.setPrincipal(fred); | entry.addPermission(secAdmin.getConsumePermission()); | myAcl.addEntry(fred, entry); | | // add 'joe' to this acl with produce permission only | entry = secAdmin.newAclEntry(); | Principal joe = secAdmin.getPrincipal("joe"); | myAcl.addOwner(su, joe); | entry.setPrincipal(joe); | entry.addPermission(secAdmin.getProducePermission()); | myAcl.addEntry(joe, entry); | | // now make this new acl known to the system with the alias 'myACL' | secAdmin.createAcl("myACL", myAcl); | | // get the destination admin object from the JMQ connection | JMQDestinationAdmin destAdmin = queueConn.getDestinationAdmin(); | | // and create a secure destination using this acl | Properties props = new Properties(); | props.setProperty(JMQDestinationAdmin.ACL_NAME, "myACL"); | int type = JMQDestination.QUEUE; | Queue queue = | (Queue) destAdmin.createDestination("secQueue", type, props); | | // print out the destination properties | String name = queue.getQueueName(); | props = destAdmin.getDestinationProperties(name, type); | Enumeration e = props.propertyNames(); | System.out.println("properties:"); | while (e.hasMoreElements()) { | | String pn = (String) e.nextElement(); | | System.out.println(pn + " = " + props.getProperty(pn)); | } | | // let joe produce a message | int ackMode = Session.AUTO_ACKNOWLEDGE; | QueueConnection joeConn = fac.createQueueConnection("joe", "joe123"); | QueueSession joeSession = joeConn.createQueueSession(false, ackMode); | QueueSender sender = joeSession.createSender(queue); | sender.send(joeSession.createTextMessage("secure message")); | joeConn.close(); | | // let fred consume a message | QueueConnection fredConn = | fac.createQueueConnection("fred", "fred123"); | fredConn.start(); | QueueSession fredSession = fredConn.createQueueSession(false, ackMode); | QueueReceiver receiver = fredSession.createReceiver(queue); | TextMessage message = (TextMessage) receiver.receive(); | fredConn.close(); | | System.out.println("fred got: " + message.getText()); | | delete(); // clean-up users and queue } // utility function to delete the secure queue and the users public static void delete() throws Exception { | // get the initial context for lookup's | InitialContext ctx = new InitialContext(); | | // lookup the queue connection factory | QueueConnectionFactory fac = | (QueueConnectionFactory) ctx.lookup("queue/connectionFactory"); | | // typecast the queue connection to a JMQ queue connection | JMQQueueConnection queueConn = | (JMQQueueConnection) fac.createQueueConnection(admin, passw); | | // get the destination admin object from the JMQ connection | JMQDestinationAdmin destAdmin = queueConn.getDestinationAdmin(); | | // delete the 'secQueue' queue | try { | | int type = JMQDestination.QUEUE; | | destAdmin.deleteDestination("secQueue", type); | } catch (JMSException ex) { | | System.out.println(ex.getMessage()); | } | | // get the security admin object from the JMQ queue connection | JMQSecurityAdmin secAdmin = queueConn.getSecurityAdmin(); | | // delete user fred | try { | | secAdmin.deleteUser("fred"); | } catch (JMSException ex) { | | System.out.println(ex.getMessage()); | } | | // delete user joe | try { | | secAdmin.deleteUser("joe"); | } catch (JMSException ex) { | | System.out.println(ex.getMessage()); | } } }
| Copyright © 2000-2003, Novell, Inc. All rights reserved. |