O'Reilly - Java Message Service

More documents

Recommendations

Info

7.2.5 The Bottom Line Java Message Service IP multicast has significant network throughput benefits in a one-to-many broadcast of information. A single multicast message to multiple recipients will always cause less network traffic than sending the message to each recipient via a TCP connection. A messaging vendor picks and chooses how much reliability to build on top of UDP based on the quality of service required for the message as defined by JMS. However, the choice is not that simple when it is applied to a deployment environment in a messaging product. The performance advantages of IP multicasting are only viable for a certain deployment environment. These advantages can diminish depending on the types of messages in your application, the networking hardware at your site, the deployment environment (intranet, extranet, internet), and the complexity of administration. Make sure to benchmark your application carefully before making a final decision, using the guidelines we discussed earlier in this chapter. You may be surprised at what you see. When a JMS provider is put under heavy stress with lots of clients, there are so many other factors involved that the speed at which network packets go across the wire is not usually a significant factor. You may see that one vendor's implementation of messaging over IP multicast will perform vastly differently from another's - even with the use of nonguaranteed messaging. You may even find that one vendor's TCP-based implementation performs better than another vendor's multicast implementation. 7.3 Security In this section, we are only going to concern ourselves with those aspects of security that are commonly supported by JMS providers. You need to think about three aspects of security: authentication, authorization, and secure communication. How these aspects of security are implemented is vendor-specific, and each vendor uses its own combination of available technologies to authenticate, authorize, and secure communication between JMS clients. We will also discuss firewalls and HTTP tunneling as a solution to restrictions placed on JMS applications by organizations. 7.3.1 Authentication Simply put, authentication verifies the identity of the user to the messaging system; it may also verify the identity of the server to the JMS client. The most common kind of authentication is a login screen that requires a username and a password. This is supported explicitly in the JMS API when a Connection is created, as well as in the JNDI API when an InitialContext is created. JMS providers that use username/password authentication may support either of these solutions: Properties env = new Properties( ); env.put(Context.SECURITY_PRINCIPAL, "username"); env.put(Context.SECURITY_CREDENTIALS, "password"); TopicFactory topicFactory = jndiContext.lookup("..."); ... TopicConnection con = topicFactory.createTopicConnection("username", "password"); 116
Java Message Service JMS providers may also use more sophisticated mechanisms for authentication, such as secret or public key authentication. Secret key authentication, most commonly used in Kerberos, requires the participation of a Kerberos server. [5] Public key authentication, most commonly used in SSL, is based on a chain of certifying authorities. Each of these systems has its supporters and detractors, but the end result is the same: the connecting client is given permission to access the system. [5] Although a system may use Kerberos to authenticate a user, the system will probably use SSL for secure communications. 7.3.2 Authorization Authentication is only the first step in the security process, but it's the basis for what follows. Once you have verified the identify of the user, you can make intelligent decisions about what that user is allowed to do. That's where authorization comes in. Authorization (a.k.a. access control) applies security policies that regulate what a user can and cannot do within a system. Authorization policies are usually set up as access control lists by the system administrators. Authorized users are given an identity in the system and assigned to user groups, which may themselves be a part of a larger group. Groups and individual users (identities) are assigned permissions dictating which topics, queues, or connection factories they are allowed to access. Permissions may be configured to grant all members of a group access except for some specified members, or deny all members of a group except some specified members. Some JMS providers may choose to check access control lists on every message delivered, while others simply control the destinations or connection factory that a JMS client can obtain from the JNDI namespace. Generally, authorization policies work better in a centralized messaging system, since it can be centrally managed. Most JMS providers provide hierarchical topic trees that allow consumers to subscribe to different levels of topics using wildcard substitution. For example, topics could be divided into "ACME.SALES.SOUTHWEST.ANVILS" and "ACME.SALES.NORTHEAST.ANVILS". A subscriber can subscribe to "ACME.SALES.*" and see all the messages published for all the sales of ACME, though that may not be the desire of the system administrator. A companion security feature allows permissions to be set at each level in the topic tree, thus making access control much easier to manage by providing more finely grained access control. 7.3.3 Secure Communication Communication channels between a client and a server are frequently the focus of security concerns. A channel of communication can be secured by physical isolation (like a dedicated network connection) or by encrypting the communication between the client and the server. Physically securing communication is expensive, limiting, and pretty much impossible on the Internet, so we will focus on encryption. When communication is secured by encryption, the messages passed are encoded so that they cannot be read or manipulated while in transit. This normally involves the exchange of cryptographic keys between the client and the server. The keys allow the receiver of the message to decode and read the message. 117
Page 2 and 3:
Java Message Service Richard Monson
Page 4 and 5:
Chapter 7. Deployment Consideration
Page 6 and 7:
Java Message Service Although this
Page 8 and 9:
Java Message Service Examples devel
Page 10 and 11:
Java Message Service Chapter 1. Und
Page 12 and 13:
Java Message Service Before we disc
Page 14 and 15:
Java Message Service to naming and
Page 16 and 17:
1.3.1 Enterprise Application Integr
Page 18 and 19:
Java Message Service Figure 1.5. Dy
Page 20 and 21:
Java Message Service With J2EE, JSP
Page 22 and 23:
Java Message Service recognition of
Page 24 and 25:
TopicConnectionFactory conFactory =
Page 26 and 27:
Java Message Service Before examini
Page 28 and 29:
Understanding JNDI Java Message Ser
Page 30 and 31:
Java Message Service The TopicConne
Page 32 and 33:
protected void writeMessage(String
Page 34 and 35:
Java Message Service When the Topic
Page 36 and 37:
Java Message Service publishing a m
Page 38 and 39:
Java Message Service Messages come
Page 40 and 41:
3.1.1.3 JMSMessageID Java Message S
Page 42 and 43:
3.2 Properties Java Message Service
Page 44 and 45:
Java Message Service The following
Page 46 and 47:
Notification of certain bids on inv
Page 48 and 49:
Java Message Service When a consume
Page 50 and 51:
UTF-8 Java Message Service UTF-8 en
Page 52 and 53:
Java Message Service Table 3.1 show
Page 54 and 55:
Java Message Service Essentially, M
Page 56 and 57:
3.4.9 Interoperability and Portabil
Page 58 and 59:
4.1.1 Running the B2B Application J
Page 60 and 61:
jne.printStackTrace( ); System.exit
Page 62 and 63:
try { Properties env = new Properti
Page 64 and 65:
Java Message Service Once the Retai
Page 66 and 67:
Java Message Service We can demonst
Page 68 and 69:
Java Message Service publish( ) met
Page 70 and 71: Java Message Service The receive( )
Page 72 and 73: 4.7 Unsubscribing Java Message Serv
Page 74 and 75: Java Message Service multiple consu
Page 76 and 77: import javax.jms.TopicConnectionFac
Page 78 and 79: } } try { System.out.println("\nRet
Page 80 and 81: TopicConnectionFactory tFactory = n
Page 82 and 83: public QWholesaler(String broker, S
Page 84 and 85: Java Message Service have already p
Page 86 and 87: } if (message != null){ int orderQt
Page 88 and 89: Java Message Service Chapter 6. Gua
Page 90 and 91: 6.2.1 AUTO_ACKNOWLEDGE Java Message
Page 92 and 93: Java Message Service via publish-an
Page 94 and 95: Java Message Service message. If th
Page 96 and 97: Java Message Service QWholesaler an
Page 98 and 99: Java Message Service avoids process
Page 100 and 101: Figure 6.8. Transactional messages
Page 102 and 103: Java Message Service uses a JMS tra
Page 104 and 105: } return; session.commit(); } else
Page 106 and 107: Else, commit (that's what just happ
Page 108 and 109: XAResource jmsXA = session.getXARes
Page 110 and 111: ... } { try { Thread.sleep(10000);
Page 112 and 113: Chapter 7. Deployment Consideration
Page 114 and 115: Java Message Service A vendor may h
Page 116 and 117: Java Message Service that your memo
Page 118 and 119: Java Message Service only really vi
Page 122 and 123: Java Message Service There are two
Page 124 and 125: Java Message Service Figure 7.2. Us
Page 126 and 127: Chapter 8. J2EE, EJB, and JMS 8.1 J
Page 128 and 129: Java Message Service JNDI ENC. In a
Page 130 and 131: 8.3 The JMS Resource in J2EE Java M
Page 132 and 133: Java Message Service Although sessi
Page 134 and 135: Figure 8.3. Lifecycle of a message-
Page 136 and 137: Java Message Service With the messa
Page 138 and 139: Java Message Service It's also supp
Page 140 and 141: Java Message Service The FioranoMQ
Page 142 and 143: Java Message Service The iBus//Mobi
Page 144 and 145: 9.6.2 Next Version Java Message Ser
Page 146 and 147: A.1.2 Connection Java Message Servi
Page 148 and 149: A.1.8 JMSException Java Message Ser
Page 150 and 151: } public void setInt(String name, i
Page 152 and 153: } public Message receiveNoWait( ) t
Page 154 and 155: } public void writeInt(int value) t
Page 156 and 157: A.2.6 QueueSender Java Message Serv
Page 158 and 159: } throws JMSException; public Conne
Page 160 and 161: Appendix B. Message Headers Java Me
Page 162 and 163: Java Message Service are delivered
Page 164 and 165: Java Message Service JMSTimestamp P
Page 166 and 167: UTC Java Message Service UTC (Unive
Page 168 and 169: Java Message Service JMSReplyTo Pur
Page 170 and 171:
Java Message Service JMSType Purpos
Page 172 and 173:
} public void setByteProperty(Strin
Page 174 and 175:
Java Message Service Each of the ac
Page 176 and 177:
JMSXAppID Java Message Service This
Page 178 and 179:
Appendix D. Message Selectors Java
Page 180 and 181:
The BETWEEN operator can be used to
Page 182 and 183:
D.5 Declaring a Message Selector Ja
Page 184:
Colophon Java Message Service Our l
show all

O'Reilly - Java Message Service

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?