cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JMS Adapter Security

Go to solution
Former Member

on ‎01-15-2007 6:23 AM

0 Kudos

Hi,

Can any one tell me about JMS Adapter Security. How do we secure the message while using the JMS Adapter as sender/receiver.

Thanks-

Gaddale.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

bhavesh_kantilal
Active Contributor
‎01-15-2007 7:48 AM
0 Kudos

Hi,

From the JMS adapter FAQ note : 856346,

<i>4. Security

4.1. Question: How do I use the security mechanisms of my JMS provider (such as encryption and client authentication)?

Answer: For the most part, you cannot use them at present. JMS does not specify an API for controlling and calling security functions, and therefore JMS cannot control them. In theory, it is possible for the JMS administered objects to be preconfigured with security attributes and created in an LDAP directory that the JMS adapter accesses using JNDI. For the most part, however, this solution is incomplete. It requires additional data (such as the client or server certificate) to be transferred frequently when the QueueConnectionFactory or the queue is created, using methods that are specific to the provider (because they are not specified by JMS, see above). In general, a normal JMS adapter does not recognize these methods.</i>

Regards

Bhavesh

Show replies
Show replies

Answers (4)

Answers (4)

agasthuri_doss
Active Contributor
‎01-15-2007 4:14 PM
0 Kudos

Hi,

This might help you

http://help.sap.com/saphelp_nw04/helpdata/en/8c/607fe4756b654ab9f420097c29f6e9/frameset.htm

Regards

Agasthuri Doss

Show replies
Show replies
Former Member
‎01-15-2007 10:11 AM
0 Kudos

This section summarizes how you can secure adapters running in the Plain J2SE Adapter Engine.

The Plain J2SE Adapter Engine is only supported for compatibility reasons. It hosts only a subset of the adapter functionality and has fewer security features. You should only use the Plain J2SE Adapter Engine if it is a precondition in your environment. For more information, see the Plain J2SE Adapter Engine.

User Administration

The Plain J2SE Adapter Engine has a separate user and password management, which is not integrated into the overall SAP NetWeaver user administration. For more information, see Configuration.

The Plain J2SE Adapter Engine provides three user roles for interactive users:

&#9679; Adapter Engine administrator

With this role you administer the Plain J2SE Adapter Engine. It includes the user administration itself.

&#9679; Adapter configurator

With this role you configure the individual adapters.

&#9679; Adapter user

With this role you can view the adapter configurations.

Additionally, there is a role for messaging, which has to be assigned to users that send messages to the Plain J2SE Adapter Engine:

&#9679; HTTP server user

With respect to password management, you should always store passwords in the tokenized and obfuscated form as documented in Password Management.

Securing Communication

You should enable SSL for all HTTP-based communication to and from the Plain J2SE Adapter Engine:

&#9679; Communication to and from the Integration Server

&#9679; Communication to and from an external SOAP communication partner

If possible, you should also encrypt the communication to and from the JMS provider.

The J2SE Adapter Engine uses SSL only for communication line encryption, not for client and server authentications. Since this is a drawback with respect to security, you should use the J2EE Adapter Engine in insecure environments.

Securing Resources

All configuration data for the Plain J2SE Adapter Engine is maintained in flat property files.

The file for the engine administration data itself is located in the following directory:

<installation directory>/tech_adapter/BaseConfiguration

The file for the adapter configuration data is located in the following directory:

<installation directory>/tech_adapter/Configuration

The adapters of the Plain J2SE Adapter Engine are configured locally and not in the Integration Directory. Exchanged messages are also stored directly in the file system.

Therefore, ensure that only the operating system user, who has started and therefore owns the adapter engine process, can read the property files and has access to the directories used for message exchange.

Thanks

Prabhakar....

Show replies
Show replies
Former Member
‎01-15-2007 8:30 AM
0 Kudos

But at least, we can set the JMS Queue username and password in the adapter

configuration.

Show replies
Show replies
Former Member
‎01-15-2007 8:17 AM
0 Kudos

No, you cannot implement any security in JMS adapters for now. there is no way to specify any security settings in communication channel either

--Archana

Show replies
Show replies
Ask a Question