on 01-15-2007 6:23 AM
Hi,
Can any one tell me about JMS Adapter Security. How do we secure the message while using the JMS Adapter as sender/receiver.
Thanks-
Gaddale.
Hi,
From the JMS adapter FAQ note : 856346,
<i>4. Security
4.1. Question: How do I use the security mechanisms of my JMS provider (such as encryption and client authentication)?
Answer: For the most part, you cannot use them at present. JMS does not specify an API for controlling and calling security functions, and therefore JMS cannot control them. In theory, it is possible for the JMS administered objects to be preconfigured with security attributes and created in an LDAP directory that the JMS adapter accesses using JNDI. For the most part, however, this solution is incomplete. It requires additional data (such as the client or server certificate) to be transferred frequently when the QueueConnectionFactory or the queue is created, using methods that are specific to the provider (because they are not specified by JMS, see above). In general, a normal JMS adapter does not recognize these methods.</i>
Regards
Bhavesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
This might help you
http://help.sap.com/saphelp_nw04/helpdata/en/8c/607fe4756b654ab9f420097c29f6e9/frameset.htm
Regards
Agasthuri Doss
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This section summarizes how you can secure adapters running in the Plain J2SE Adapter Engine.
The Plain J2SE Adapter Engine is only supported for compatibility reasons. It hosts only a subset of the adapter functionality and has fewer security features. You should only use the Plain J2SE Adapter Engine if it is a precondition in your environment. For more information, see the Plain J2SE Adapter Engine.
User Administration
The Plain J2SE Adapter Engine has a separate user and password management, which is not integrated into the overall SAP NetWeaver user administration. For more information, see Configuration.
The Plain J2SE Adapter Engine provides three user roles for interactive users:
● Adapter Engine administrator
With this role you administer the Plain J2SE Adapter Engine. It includes the user administration itself.
● Adapter configurator
With this role you configure the individual adapters.
● Adapter user
With this role you can view the adapter configurations.
Additionally, there is a role for messaging, which has to be assigned to users that send messages to the Plain J2SE Adapter Engine:
● HTTP server user
With respect to password management, you should always store passwords in the tokenized and obfuscated form as documented in Password Management.
Securing Communication
You should enable SSL for all HTTP-based communication to and from the Plain J2SE Adapter Engine:
● Communication to and from the Integration Server
● Communication to and from an external SOAP communication partner
If possible, you should also encrypt the communication to and from the JMS provider.
The J2SE Adapter Engine uses SSL only for communication line encryption, not for client and server authentications. Since this is a drawback with respect to security, you should use the J2EE Adapter Engine in insecure environments.
Securing Resources
All configuration data for the Plain J2SE Adapter Engine is maintained in flat property files.
The file for the engine administration data itself is located in the following directory:
<installation directory>/tech_adapter/BaseConfiguration
The file for the adapter configuration data is located in the following directory:
<installation directory>/tech_adapter/Configuration
The adapters of the Plain J2SE Adapter Engine are configured locally and not in the Integration Directory. Exchanged messages are also stored directly in the file system.
Therefore, ensure that only the operating system user, who has started and therefore owns the adapter engine process, can read the property files and has access to the directories used for message exchange.
Thanks
Prabhakar....
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
But at least, we can set the JMS Queue username and password in the adapter
configuration.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, you cannot implement any security in JMS adapters for now. there is no way to specify any security settings in communication channel either
--Archana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.