msgsvc.security.enableプロパティが、JMSサーバプロパティファイルでtrueに設定されている場合、セキュリティが有効になります。セキュリティ保護されたJMSサーバでは、認証が使用され、ユーザの権限が宛先のアクセス制御リスト(ACL)に対して検証されます。このセクションの例では、ユーザの作成方法、およびキューのACLの設定方法について説明します。
セキュリティAPIは、Java 2セキュリティモデルから一般的なPrincipalおよびAclインタフェースを使用します。ACLが作成されると、宛先プロパティの一部として設定できます。ACLが作成および設定されると、プログラムは、別のユーザの権限を示します。package security; import java.util.Enumeration; import java.util.Properties; import java.security.Principal; import java.security.acl.Acl; import java.security.acl.AclEntry; import com.sssw.jms.api.*; import com.sssw.jms.api.admin.*; import javax.jms.*; import javax.naming.*; // Make sure to run jBroker MQ with the msgsvc.security.enable property // set to true. public class SecureQueue { // The administrator user name and password will be the same as // the database admin user for the jBroker MQ tables. static String admin = "scott"; static String passw = "tiger"; public static void main(String[] args) throws Exception { | // get the initial context for lookup's | InitialContext ctx = new InitialContext(); | | // lookup the queue connection factory | QueueConnectionFactory fac = | (QueueConnectionFactory) ctx.lookup("queue/connectionFactory"); | | // typecast the queue connection to a JMQ queue connection | JMQQueueConnection queueConn = | (JMQQueueConnection) fac.createQueueConnection(admin, passw); | | // get the security admin object from the JMQ queue connection | JMQSecurityAdmin secAdmin = queueConn.getSecurityAdmin(); | | // create two users | secAdmin.createUser("fred", "fred123"); | secAdmin.createUser("joe", "joe123"); | | // get the admin principal using the built-in admin group alias | Principal su = secAdmin.getPrincipal(JMQSecurityAdmin.GROUP_ADMIN); | | // create a new access control list | Acl myAcl = secAdmin.newAcl(); | | // add 'fred' to this acl with consume permission only | AclEntry entry = secAdmin.newAclEntry(); | Principal fred = secAdmin.getPrincipal("fred"); | myAcl.addOwner(su, fred); | entry.setPrincipal(fred); | entry.addPermission(secAdmin.getConsumePermission()); | myAcl.addEntry(fred, entry); | | // add 'joe' to this acl with produce permission only | entry = secAdmin.newAclEntry(); | Principal joe = secAdmin.getPrincipal("joe"); | myAcl.addOwner(su, joe); | entry.setPrincipal(joe); | entry.addPermission(secAdmin.getProducePermission()); | myAcl.addEntry(joe, entry); | | // now make this new acl known to the system with the alias 'myACL' | secAdmin.createAcl("myACL", myAcl); | | // get the destination admin object from the JMQ connection | JMQDestinationAdmin destAdmin = queueConn.getDestinationAdmin(); | | // and create a secure destination using this acl | Properties props = new Properties(); | props.setProperty(JMQDestinationAdmin.ACL_NAME, "myACL"); | int type = JMQDestination.QUEUE; | Queue queue = | (Queue) destAdmin.createDestination("secQueue", type, props); | | // print out the destination properties | String name = queue.getQueueName(); | props = destAdmin.getDestinationProperties(name, type); | Enumeration e = props.propertyNames(); | System.out.println("properties:"); | while (e.hasMoreElements()) { | | String pn = (String) e.nextElement(); | | System.out.println(pn + " = " + props.getProperty(pn)); | } | | // let joe produce a message | int ackMode = Session.AUTO_ACKNOWLEDGE; | QueueConnection joeConn = fac.createQueueConnection("joe", "joe123"); | QueueSession joeSession = joeConn.createQueueSession(false, ackMode); | QueueSender sender = joeSession.createSender(queue); | sender.send(joeSession.createTextMessage("secure message")); | joeConn.close(); | | // let fred consume a message | QueueConnection fredConn = | fac.createQueueConnection("fred", "fred123"); | fredConn.start(); | QueueSession fredSession = fredConn.createQueueSession(false, ackMode); | QueueReceiver receiver = fredSession.createReceiver(queue); | TextMessage message = (TextMessage) receiver.receive(); | fredConn.close(); | | System.out.println("fred got: " + message.getText()); | | delete(); // clean-up users and queue } // utility function to delete the secure queue and the users public static void delete() throws Exception { | // get the initial context for lookup's | InitialContext ctx = new InitialContext(); | | // lookup the queue connection factory | QueueConnectionFactory fac = | (QueueConnectionFactory) ctx.lookup("queue/connectionFactory"); | | // typecast the queue connection to a JMQ queue connection | JMQQueueConnection queueConn = | (JMQQueueConnection) fac.createQueueConnection(admin, passw); | | // get the destination admin object from the JMQ connection | JMQDestinationAdmin destAdmin = queueConn.getDestinationAdmin(); | | // delete the 'secQueue' queue | try { | | int type = JMQDestination.QUEUE; | | destAdmin.deleteDestination("secQueue", type); | } catch (JMSException ex) { | | System.out.println(ex.getMessage()); | } | | // get the security admin object from the JMQ queue connection | JMQSecurityAdmin secAdmin = queueConn.getSecurityAdmin(); | | // delete user fred | try { | | secAdmin.deleteUser("fred"); | } catch (JMSException ex) { | | System.out.println(ex.getMessage()); | } | | // delete user joe | try { | | secAdmin.deleteUser("joe"); | } catch (JMSException ex) { | | System.out.println(ex.getMessage()); | } } }
| Copyright © 2000-2003, Novell, Inc.All rights reserved. |