This post explains how to secure a JMS queue created on IBM WebSphere application server with LDAP authentication. This post assumes that WebSphere application server is already installed and will describe only on how to create a JMS queue with enabling LDAP authentication with using the WebSphere user interface.
1. Create a new SI Bus
Service Integration --> Buses --> [New]
Give a name for new bus (SampleBUS) and keep the “Bus Security” option checked {Next}
Keep the “Require clients use SSL protected transports” option checked {Next}
Service Integration --> Buses --> [New]
Give a name for new bus (SampleBUS) and keep the “Bus Security” option checked {Next}
Keep the “Require clients use SSL protected transports” option checked {Next}
2. “Create a new security domain” for the bus {Next}
By giving a name (ReachBUSDomain). To select the security mechanism to LDAP , select “Customize the user realm for this domain.”, then select “Standalone LDAP registry” from the combo box. {Next}
Then in the coming form fill up the information to configure the LDAP registry.
3. To add security to the JMS queue you created earlier.
Go to Service Integration --> Buses --> SampleBUS --> Security and configure the values as shown in the image below.
4. Add a permitted transport for the bus
Service Integration --> Buses > SampleBUS > Security for SampleBUS > Permitted transports > [New]
Select transport chain name as “InboundBasicMessage” {OK}
5. Create a bus member and a queue
Service Integration > Buses > ReachBUS > Bus Members > [Add]
Select “Server” with “adroitlogicNode1:server1” {Next}
Select “File Store” {Next}
Configure file store settings (default) {Next}
Tune performance parameters (default) {Next}
{Finish}
Go into the bus member “adroitlogicNode1:server1” Server and check the status of the message engine “adroitlogicNode1:server1-ReachBUS”
If it is unavailable, Save changes and go again into the bus member and check.
6 . Create a queue type destination in bus
Service Integration > Buses > ReachBUS > Destinations > [New]
Select destination type “Queue” {Next}
Give an identifier (ReachSTQ) & description for the queue {Next}
Assign queue to bus member “Node=adroitlogicNode1:Server=server1” {Next}
{Finish}
7 . Create a new queue connection factory
Resources > JMS > Queue connection factories
Keep scope selected as “Node=adroitlogicNode1:Server=server1”
[New]
Select “Default Messaging Provider” {OK}
Name: RCF.Test, JNDI Name: jms/RCF.Test, Provider endpoints: trojan2: 7276
Select bus name “ReachBUS”
{OK}
8. Create the queue
Resources > JMS > Queues
Keep scope selected as “Node=adroitlogicNode1:Server=server1”
[New]
Select “Default Messaging Provider” {OK}
Name: ReachSTQ, JNDI Name: ReachSTQ
Select bus name “ReachBUS”
Select queue name “ReachSTQ”
{OK}
9. Configure BUS authorization
Service Integration > Buses > ReachBUS > Security > Users and groups in the bus connector role > [New]
Select resource as “ReachBUS” > “Users” {Next}
Select users to grant access {Next}
{Finish}
10. Configure BUS destination (queue) authorization
Service Integration > Buses > ReachBUS > Security > Manage destination access roles > ReachSTQ [Add]
Select resource as “ReachSTQ” > “Users” {Next}
Select users to grant access. {Next}
Select the role types to be granted to the users. See Appendix to know more about Messaging Roles {Next}
11. Create and apply activation specification
Resources > JMS > Activation Specifications > [New]
Select “Default messaging provider” {Next}
Name:ReachActicationSpec, JNDI Name: ReachActicationSpec, Destination Type: Queue, Destination JNDI Name: ReachSTQ, Bus Name: ReachBUS {OK}
.startServer server1 -profileName AppSrv01
12. Save changes and restart the WebSphere Application Server
No comments:
Post a Comment