4 Replies Latest reply on Sep 15, 2010 11:19 AM by peterj

    What do you use for JMS security in JBoss?

    dspiess

      Hi,

       

      How do you secure your messages in JBoss?  Is there something built in, or do you have to implement your own method?

       

      We're looking to make the messages secure in that we know the message came from a trusted source and wasn't tampered.

       

      Thoughts?

       

      Thanks,

      DJ Spiess

        • 1. Re: What do you use for JMS security in JBoss?
          peterj

          One way is to define a login module in server/xxx/conf/login-config.xml, and then reference that login module in server/xxx/deploy/messaging-jboss-beans.xml using the SecurityDomain property of the SecurityStore bean. Then for each of you destinations include as SecurityConfig attribute that identifies the roles that have read, write and create roles. The docs/examples/jms/example-destinations.xml file shows examples of setting the SecurityConfig roles.

           

          Surprisingly, the docs are silent on this; at least, I could not find a specific section on securing destinations. Of course, if you are familiar with general access control on JBoss AS, then the access control for emssaging is very simple since it follows the same patterns.

           

          I do have another resource that describes securing destinations in detail, but it is not free. I would be happy to provide the URL if you like.

          • 2. Re: What do you use for JMS security in JBoss?
            andersoz

            Would you please provide that URL?   Also, if the server is configured to use an LDAP login module, is there any way to use those credentials on the client that is sending/receiving from those jms destinations?  I would imagine that it would be simpler to create a separate login module just for the messaging security that uses roles from a properties file.

            • 3. Re: What do you use for JMS security in JBoss?
              eric_bustad

              How might this be done when you are using JMS through JBoss ESB?   Would this be specified in jbm-queue-service.xml?

              • 4. Re: What do you use for JMS security in JBoss?
                peterj

                Chapter 8 of JBoss in Action ()http://www.manning.com/jamae) describes the steps needed to secure messaing. The example in that chapter sets up a database for login purposes, but you can use you LDAP login module. No matter what type of login module you use (LDAP, database, properties file), the messaging configuration is the same.