Wednesday, May 18, 2011

Weblogic 11g - securing JMS artifacts

Scenario -

I need to secure a JMS Queue.
Only the members of the JMSUSERGROUP (e.g.JMSUSER) -
should be able to access it.







Create JMS Server/JMS Module/Connection Factory/ Queue



Add Security Role/Policy -





Test with JMS Client
---------------------------------------------------------

public class JMSClient {
public static void main(String [] args) throws JMSException,
NamingException {
final Context ic = getInitialContext();
System.out.println("*** CONTEXT =");
final QueueConnectionFactory qcf = (QueueConnectionFactory)ic.lookup("jms/MyCF2");
// Lookup should specify the queue name that is mentioned as "mappedName" in MessageDriven Bean.


final Queue destQueue = (Queue)ic.lookup("jms/MyQueue3");

final QueueConnection connection = qcf.createQueueConnection("JMSUSER", "welcome1");
try {
final QueueSession session = connection.createQueueSession(false, 0);

final QueueSender sender = session.createSender(destQueue);
final TextMessage msg = session.createTextMessage("Hello from Galway - fans of FCN");
sender.send(msg);


} catch (Exception ex) {
ex.printStackTrace();
} finally {
connection.close();
ic.close();
}
}

---------------------------------------------------------

Test with JMSUSER -->




Test with weblogic -->

3 comments:

  1. Thanks for post. The current post guides how to secure JMS queues from java program, but how can I restrict not from viewing it from console ?

    For example. a user in the security realm is added to group monitor and he cannot view JMS Queues in the Module through weblogic console. I want to give the user access to just view through console. Please advise. Thank you.

    ReplyDelete
  2. Thanks for post. The current post guides how to secure JMS queues from java program, but how can I restrict not from viewing it from console ?

    For example. a user in the security realm is added to group monitor and he cannot view JMS Queues in the Module through weblogic console. I want to give the user access to just view through console. Please advise. Thank you.

    ReplyDelete
  3. Also interested to know how to give a user in the "monitor" group the ability to view messages (getMessages) within a specific JMS queue through WLS console.

    ReplyDelete