Security in JMS

Planning on using jms as means of communication between two jboss servers one facing internet and one internal.
Downloaded JMS for jboss and was able to successfully run the queue example on jboss 4.0.1 sp1.
Have few questions on securing jms on jboss:
1) The SSL example has the following note:
"A service configuration bug that exists in all JBoss versions prior to 4.0.4.RC1 prevents this example from working correctly"
Does this mean for versions prior to 4.0.4 JBoss Messaging thru Secure Socket Connection is not possible?
2) If i am correct, apart from SSL i believe i can setup a user/role based access to queues/messaging-resources that will limit the connections to only clients with proper credentials?
3) Any other suggestions on securing a JMS system
Also what are the alternatives to this solution.
TIA,
Raj

Hi,
The queuing series to be is based on the circumstances. If the client is already using MQ, then we need to go for MQ. Similarly for others too.
For deploying the drivers, go thro this How To guide:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/3867a582-0401-0010-6cbf-9644e49f1a10
About security levels, i think normal Message Level and Network level securities can be handled with JMS adapters.
Regards,
P.Venkat

Similar Messages

MDB Credential Mapper for connecting to secured foreign JMS - Need WLST

Hello All
Weblogic 10.3.0
I am in a situation where i have the MDB trying to read messages from secure foreign jms . The ejb-jar and weblogic-jar.xml has the right values like
ejb-jar.xml
==========
<assembly-descriptor>
<security-role>
<role-name>admin</role-name>
</security-role>
</assembly-descriptor>
weblogic-ejb-jar.xml
==============
<run-as-principal-name>CFAMJMS</run-as-principal-name>
<security-role-assignment>
<role-name>admin</role-name>
<principal-name>CFAMJMS</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>
If i am correct , to connect to the Secured Foreign JMS Connection - There are couple of steps involved
1) To create a new security wlsuser under myrealm - called CFAMJMS
2) Each MDB deployed as part of the ear file - I need to perform the credential Mapping - Means
EJB Component Credential Mappings - create a WLS user of the name CFAMJMS and supply the Remote JMS User Name and Password .
Today , i perform the setp 2 ) using the Weblogic Admin Console . Need to automate the same using wlst script . Please help

Hi,
Similar question was answered in this thread...
JMS integration with Tibco EMS via SSL
Could you please check if your TIBCO EMS is ssl enabled .Login on TIBCO EMS using putty and then type show config and check for the following parameter ssl_server_identity ,ssl_server_key . Go to the path mentioned in these two properties and see if the certificate with .pem is present there.
As you are getting following error in the log
Caused by: javax.jms.JMSSecurityException: Can not initialize SSL client: no trusted certificates are set
In TIBCO we need trusted store .pem certificate to make it ssl enabled.
Cheers,
Vlad
It is considered good etiquette to reward answerers with points (as "helpful" - 5 pts - or "correct" - 10pts)
https://forums.oracle.com/forums/ann.jspa?annID=893

Creating a secured DISTRIBUTED JMS topic.

I need create a secured DISTRIBUTED JMS topic. That is, client should have the correct security credentials in order to access the topic.
Please help.

I need create a secured DISTRIBUTED JMS topic. That is, client should have the correct security credentials in order to access the topic.
Please help.

903 Security and JMS help

Hello,
We have a requirement to get a JMS/MDB solution working on our servers. Basically, we have one server running a JMS topic that several other servers with MDBs listen on. This much we were able to get working with help of some OTN people. Thanks!
Two problems still remain. One, We won't go to 904 until 904 is in production. Plus, the upgrade testing and such may delay the upgrade to 904 past its release date. We only need a memory based non persistent solution, thus using AQ would be overkill. So we are simply using the 903 memory based JMS implementation.
Secondly, and more importantly, the only way we seem to be able to get a Topic Connection factory is by using the admin/password id that you establish when you first install OC4J.
Any pointers on how I can change this so I am not deploying the server's admin id and password? I am not very well versed in the security aspects of this server. Alot of people seem to be. What resources should I look at?
Thank you for your help
Matt

thank you for the information.
So does that mean there is no way to set the extended form rights and the signature rights? Or is there something I can do to change the rights on the pdf?
thanks again
Nick

Webservice + secured jms (Web Service over the JMS trans).

Apologize since this post is in the webservice forum as well but since it is related to jms as well i put it here as well.
I have a web service that is using JMS (@WLJmsTransport Web Service over the JMS transport)
and everything seems to be ok BUt i do not know how to use this if the JMS is secured .
By Adding security on JMS queue what other things i need to do in order for the webservice to access the queue ?
(where i specify the credentials ?)
@WebService(serviceName = "ASyncService", targetNamespace = "http://axyz.org/notification/v1", endpointInterface = "
axyz.notification.ASyncPort")
@WLJmsTransport(contextPath = "notify", serviceUri = "async_event", portName = "ASyncServicePort", queue = "events", connectionFactory = "cnfct_receiver")
Thank you !

The annotation you gave is for accessing the webservice but in this case it seems the webservice has to access a secured jms
However having your response lead me to @RunAs which solved my problem.
Very hard to find this information.
Thank you very much for your answer !
Nice blog as well !
Edited by: user630775 on Jan 28, 2010 2:02 AM

JMS MODULE SECURITY IN WEBLOGIC

Hi,
I have one JMS Module that having two queues. I have to create the one user who will read and write the data.
That user do not have the access to the console so that this user will not create and delete resources in the server as well start and stop the server.
Could you please help me how to put the security for that user?
I have already tried below mentioned steps, but this is only for securing queues with indidual user.
http://weblogic-wonders.com/weblogic/2011/02/01/securing-weblogic-jms-resources/
Advance Thanks,
Anil.

Hi Arun,
A NullPointerException is almost always an indication of a bug (99% of the time), and rarely an indicator of user error.
If the NPE is thrown by WebLogic code (and not app code), I recommend filing a customer support case (or if you happen to be on old version or service-pack, updating to the latest).
As for your configuration change, it will very likely take effect upon a cluster restart regardless of the NPE - (the NPE, based on your description, is likely a localized problem with the console). You can check your JMS module XML to see if the console change was reflected in the configuration file...
Tom

BI-Publisher Bursting : JMS

Hello Experts!!!
We are trying to implement Bursting in BI-P 11g. The prerequisite for same is that Enterprise schedular and JMS show status as Passed(Path : Administrator->Manage BIP->Schedular Configurations ->Schedular Diagnostics). However, we are getting status as Critical and failed.
Enterprise schedular
Start Error; JMSAdminWrapper failed to start JMSWrapper, weblogic.jms.common.JMSSecurityException: Access denied to resource: type=, application=BipJmsResource, destinationType=queue, resource=BIP.Burst.Job.Q, action=receive
JMS
Access denied to resource: type=, application=BipJmsResource, destinationType=queue, resource=BIP.Burst.Job.Q, action=browse
Can someone help on how to get this resolved. Also can someone tell me how JMS services can be restarted?
Thanks in advance,
NP

Hi,
You can refer to URL http://weblogic-wonders.com/weblogic/2011/02/01/securing-weblogic-jms-resources/
for Securing WebLogic JMS Resources.
Once you complete the steps, restart the Server.
Probably this will solve your problem.

How to use web start call JMS -- new

Hello folks :
This works okay when I run the clients from a command line,
but when I deploy with Java Web Start 1.2, I get a message saying "Ignoring com/sun/jms/util/jms.properties due to exception "java.lang.NullPointerException", I've put jms_client.properties into jar file and set the property "jms.properties" to value "jms_client.properties" in the jnlp file and set the classloader.
Anyone have any ideas?
Thank you ~~
Jovi
Ignoring com/sun/jms/util/jms.properties due to exception
java.lang.NullPointerException
java.lang.NullPointerException
at java.util.Hashtable.put(Hashtable.java:389)
at com.sun.jms.JMSInitialContext.<init>(JMSInitialContext.java:70)
at
com.sun.jms.client.InitialClientContext.<init>(InitialClientContext.java:55)
at
com.sun.jms.client.InitialClientContext.getInstance(InitialClientContext.jav
a:75)
at
com.sun.jms.ConnectionFactoryImpl.createConnection(ConnectionFactoryImpl.jav
a:261)
at
com.sun.jms.QueueConnectionFactoryImpl.createQueueConnection(QueueConnection
FactoryImpl.java:77)
at
com.sun.enterprise.jms.ConnectionFactoryWrapperStandalone.createQueueConnect
ion(ConnectionFactoryWrapperStandalone.java:50)
at QueueReceiverTest.<init>(QueueReceiverTest.java:52)
at QueueReceiverTest.main(QueueReceiverTest.java:180)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Thread.java:536)

Hello dietz :
Thank you for your reply so much!!
I use Sun RI 1.3 & java web start 1.2, I can't find the deployment.properties file in my server & client pc. I add deployment.javaws.secure.properties="jms.properties" in defult.properties, but it didn't work.
Then I try to write in my jnlp file is as below :
<property name="deployment.javaws.secure.properties" value="jms.properties"/>
<property name="jms.properties" value="jms_client.properties"/>
<j2se version="1.4+"/>
<jar href="j2ee.jar"/>
<jar href="Queue.jar" main="true"/>
</resources>
<application-desc main-class="QueueReceiverTest" />
</jnlp>
And I add some code
System.getProperty("deployment.javaws.secure.properties");
System.getProperty("jms.properties");
context = new InitialContext();
But error message still shows the same.
Can you give me a help again ?
Thank you a lot !!
Jovi

Dequeue jms messages using JMS adapter

Hi,
I have created jms server, modules, queue from console-messaging-jms modules.
I am trying to create a soa composite to consume message from this queue.
In JMS adapter wizard - step 7 - i have selected the destination queue. In this step, what should be the jndi name?
do i need to update weblogic-ra.xml file?
Can someone please point me to the steps/doc to create jms adapter to consume message from Oracle Weblogic JMS? (basically configure deployment descriptor)
Thanks
Ganesh

By passing username/password in the outbound connection pool, i was able to connect to the secured weblogic jms..
This was my config for eis/wls/Queue connection pool..
     AcknowledgeMode     java.lang.String     AUTO_ACKNOWLEDGE
     ConnectionFactoryLocation     java.lang.String     weblogic.jms.XAConnectionFactory
     FactoryProperties     java.lang.String
     IsTopic     java.lang.Boolean     false
     IsTransacted     java.lang.Boolean     false
     Password     java.lang.String     weblogic123
     Username     java.lang.String     weblogic
After making the change ( remember to hit enter after modifying password and username fields, else change wont persist) , i saved it with a new deployment plan and updated the deployment with the new plan. Then redeployed the composite containing the jms adapter and I am able to see a consumer created for the queue.

JMS based message service and Service account in OSB

Hi forum,
I have query regarding JMS base messaging service and Service account.
My OSB service:
I have created one OSB service which of type JMS
configuration :
General :Messaging
Messaging: Request type :XML response type :none
Transport:JMS
JMS Transport: Destination Type queue., JMS Service account :.........(browse)
My requirement is to provide security to JMS proxy.
I have seen one option available in JMS transport is JMS Service Account.
I dont have a idea about using service accounts in JMS.
can any one pls give idea about JMS service account in JmS.How to provide security to jms proxy...
If u have any documents pls share me
Thanks & regards,
Krishna.

In your weblogic console go to your JMS Modules > ***JMSModule >****Queue >Roles >Policies. Add a user to the queue.This user should be there in the security realm of the weblogic console.
Create a service account with the same user name password and use it in your OSB to read or write to the queue.

Class Not Found: com.bea.wlevs.adapters.jms.api.OutboundMessageConverter in Outbound JMS Converter

OEP 12.1.3
Following the instructions in 4 Adapters (12c Release 1 (12.1.3)) I have created a custom message converter bean for my Outbound JMS Adapter (I had to add the JAR file com.bea.wlevs.adapters.jms_12.1.3.0_0.jar from OEP_HOME\oep\modules to my project to make the code compile). However, upon deployment, I ran into a class not found exception:
<Sep 15, 2014 7:17:19 PM CEST> <Error> <org.springframework.osgi.extender.internal.activator.ContextLoaderListener> <BEA-000000> <Application context refresh failed (OsgiBundleXmlApplicationContext(bundle=CreditCardTheftDetection.AirportCreditCardTransactionProcessing, config=osgibundle:/META-INF/spring/*.xml))
java.lang.NoClassDefFoundError: saibot.airport.security.prevention.jms.SuspectedCreditCardEventConverter not found from bundle [CreditCardTheftDetection.AirportCreditCardTransactionProcessing (CreditCardTheftDetection.AirportCreditCardTransactionProcessing)]
    at org.springframework.osgi.util.BundleDelegatingClassLoader.findClass(BundleDelegatingClassLoader.java:112)
    at org.springframework.osgi.util.BundleDelegatingClassLoader.loadClass(BundleDelegatingClassLoader.java:156)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:270)
Caused By: java.lang.NoClassDefFoundError: com/bea/wlevs/adapters/jms/api/OutboundMessageConverter
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
    at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.defineClass(DefaultClassLoader.java:188)
Caused By: java.lang.ClassNotFoundException: com.bea.wlevs.adapters.jms.api.OutboundMessageConverter
    at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:506)
    at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:422)
    at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:410)
    at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107)
I have tried adding the JAR file (com.bea.wlevs.adapters.jms_12.1.3.0_0.jar) to my deployment JAR. That did not make any difference.
Does anyone know why this class OutboundMessageConverter is not found - and more importantly: what I can do to make it available in the run time?
thanks.
Lucas

To make a package available to your application at runtime for OEP, you will need to add it to the application's MANIFEST.MF file to the Import Package section (since the OEP server is OSGi-based). There's no need to supply a version number, you can just enter the package name (e.g.)
com.bea.wlevs.adapters.jms.api,

Crazy JMS pattern

Hi,
I'm trying to implement this:
- JMS queue BS, named QUEUE, is request/response, it has a URI endpoint and a response URI endpoint
I have 3 proxy services working around this JMS queue, but for now I'm only working with two of them:
- PS 1: receives the http message and writes into the queue with transport outbound JMSMessageID = $body/messageid
- PS 3: an external entity now wants to communicate the response, and this PS routes into QUEUE response endpoint with transport outbound JMSCorrelationID = previous JMSMessageID
Is this possible to do?
I'm having an hard time implementing this, cause PS 1 just freezes and never correlates to the response.
I'm testing this using soapUI... making sure $body/messageid is common at all times.
Is there some tool to check messages (and headers) in JMS queues?
Can someone help me with this plz?

atheek1 I guess you are right.
However I still didn't manage to implement the desired correlation pattern.
I'm surely doing it wrong... but kinda running out of options.
I made two new JMS BS: requestQueue_BS and responseQueue_BS
Both are queues and text message type and requestQueue is JMSCorrelationID response pattern with response URI = responseQueue_BS
PS1 is any XML service that simply routes message to requestQueue using, inside routing, an transport header transformation of JMSCorrelationID to $body/id/text() on outbound request direction.
PS3 is any XML service that simply routes message to responseQueue using, inside routing, an transport header transformation of JMSCorrelationID to $body/id/text() on outbound request direction.
message body example is: <id>4324</id>
This doesn't work... what am I doing wrong?
PS1 just waits for the response... it doesn't matter how many times I trigger PS3 with the same JMSCorrelationID, PS1 just waits until it times out... :(
******* CONFIG FILES ************
requestQueue
<?xml version="1.0" encoding="UTF-8"?>
<xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:env="http://www.bea.com/wli/config/env" xmlns:jms="http://www.bea.com/wli/sb/transports/jms">
<ser:coreEntry isProxy="false" isEnabled="true">
<ser:binding type="abstract XML"/>
<ser:monitoring isEnabled="false">
<ser:aggregationInterval>10</ser:aggregationInterval>
</ser:monitoring>
<ser:sla-alerting isEnabled="true">
<ser:alertLevel>normal</ser:alertLevel>
</ser:sla-alerting>
</ser:coreEntry>
<ser:endpointConfig>
<tran:provider-id>jms</tran:provider-id>
<tran:inbound>false</tran:inbound>
<tran:URI>
<env:value>jms://localhost:7001/weblogic.jms.XAConnectionFactory/requestQueueRequest</env:value>
</tran:URI>
<tran:outbound-properties>
<tran:load-balancing-algorithm>round-robin</tran:load-balancing-algorithm>
<tran:retry-count>0</tran:retry-count>
<tran:retry-interval>30</tran:retry-interval>
<tran:retry-application-errors>true</tran:retry-application-errors>
</tran:outbound-properties>
<tran:provider-specific>
<jms:is-queue>true</jms:is-queue>
<jms:is-secure>false</jms:is-secure>
<jms:outbound-properties>
<jms:message-type>Text</jms:message-type>
<jms:expiration>0</jms:expiration>
<jms:enable-message-persistence>true</jms:enable-message-persistence>
<jms:response-required>true</jms:response-required>
<jms:response-URI>jms://localhost:7001/weblogic.jms.XAConnectionFactory/responseQueueRequest</jms:response-URI>
<jms:response-timeout>0</jms:response-timeout>
<jms:response-pattern>JMSCorrelationID</jms:response-pattern>
<jms:response-target-map>
<jms:target-pair>
<jms:target>AdminServer</jms:target>
<jms:destination/>
</jms:target-pair>
</jms:response-target-map>
<jms:pass-caller-subject>false</jms:pass-caller-subject>
</jms:outbound-properties>
<jms:request-encoding>UTF-8</jms:request-encoding>
</tran:provider-specific>
</ser:endpointConfig>
</xml-fragment>
and responseQueue
<?xml version="1.0" encoding="UTF-8"?>
<xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:env="http://www.bea.com/wli/config/env" xmlns:jms="http://www.bea.com/wli/sb/transports/jms">
<ser:coreEntry isProxy="false" isEnabled="true">
<ser:binding type="abstract XML"/>
<ser:monitoring isEnabled="false">
<ser:aggregationInterval>10</ser:aggregationInterval>
</ser:monitoring>
<ser:sla-alerting isEnabled="true">
<ser:alertLevel>normal</ser:alertLevel>
</ser:sla-alerting>
</ser:coreEntry>
<ser:endpointConfig>
<tran:provider-id>jms</tran:provider-id>
<tran:inbound>false</tran:inbound>
<tran:URI>
<env:value>jms://localhost:7001/weblogic.jms.XAConnectionFactory/responseQueueRequest</env:value>
</tran:URI>
<tran:outbound-properties>
<tran:load-balancing-algorithm>round-robin</tran:load-balancing-algorithm>
<tran:retry-count>0</tran:retry-count>
<tran:retry-interval>30</tran:retry-interval>
<tran:retry-application-errors>true</tran:retry-application-errors>
</tran:outbound-properties>
<tran:provider-specific>
<jms:is-queue>true</jms:is-queue>
<jms:is-secure>false</jms:is-secure>
<jms:outbound-properties>
<jms:message-type>Text</jms:message-type>
<jms:expiration>0</jms:expiration>
<jms:enable-message-persistence>true</jms:enable-message-persistence>
<jms:response-required>false</jms:response-required>
<jms:pass-caller-subject>false</jms:pass-caller-subject>
</jms:outbound-properties>
<jms:request-encoding>UTF-8</jms:request-encoding>
</tran:provider-specific>
</ser:endpointConfig>
</xml-fragment>
PS1
<?xml version="1.0" encoding="UTF-8"?>
<xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:con="http://www.bea.com/wli/sb/stages/config">
<ser:coreEntry isProxy="true" isEnabled="true">
<ser:binding type="abstract XML"/>
<ser:monitoring isEnabled="false">
<ser:aggregationInterval>10</ser:aggregationInterval>
<ser:pipelineMonitoringLevel>Pipeline</ser:pipelineMonitoringLevel>
</ser:monitoring>
<ser:reporting>true</ser:reporting>
<ser:logging isEnabled="true">
<ser:logLevel>debug</ser:logLevel>
</ser:logging>
<ser:sla-alerting isEnabled="true">
<ser:alertLevel>normal</ser:alertLevel>
</ser:sla-alerting>
<ser:pipeline-alerting isEnabled="true">
<ser:alertLevel>normal</ser:alertLevel>
</ser:pipeline-alerting>
</ser:coreEntry>
<ser:endpointConfig>
<tran:provider-id>http</tran:provider-id>
<tran:inbound>true</tran:inbound>
<tran:URI>
<env:value>/ItevProj/proxy/test/3/ps1</env:value>
</tran:URI>
<tran:inbound-properties/>
<tran:all-headers>false</tran:all-headers>
<tran:provider-specific>
<http:inbound-properties/>
</tran:provider-specific>
</ser:endpointConfig>
<ser:router>
<con:flow xmlns:con="http://www.bea.com/wli/sb/pipeline/config">
<con:route-node name="RouteNode1">
<con:context/>
<con:actions>
<con1:route xmlns:con1="http://www.bea.com/wli/sb/stages/routing/config">
<con2:id xmlns:con2="http://www.bea.com/wli/sb/stages/config">_ActionId-9035043200913057533-78de896f.1287cc7514b.-7faf</con2:id>
<con1:service ref="ItevProj/business/common/jms/test/3/requestQueue" xsi:type="ref:BusinessServiceRef" xmlns:ref="http://www.bea.com/wli/sb/reference" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
<con1:outboundTransform>
<con2:transport-headers xmlns:con2="http://www.bea.com/wli/sb/stages/transform/config">
<con3:id xmlns:con3="http://www.bea.com/wli/sb/stages/config">_ActionId-9035043200913057533-78de896f.1287cc7514b.-7da1</con3:id>
<con2:header-set>outbound-request</con2:header-set>
<con2:header name="JMSCorrelationID" value="expression">
<con3:xqueryText xmlns:con3="http://www.bea.com/wli/sb/stages/config">$body/id/text()</con3:xqueryText>
</con2:header>
</con2:transport-headers>
</con1:outboundTransform>
<con1:responseTransform/>
</con1:route>
</con:actions>
</con:route-node>
</con:flow>
</ser:router>
</xml-fragment>
PS3
<?xml version="1.0" encoding="UTF-8"?>
<xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:con="http://www.bea.com/wli/sb/pipeline/config" xmlns:con1="http://www.bea.com/wli/sb/stages/routing/config" xmlns:con2="http://www.bea.com/wli/sb/stages/config">
<ser:coreEntry isProxy="true" isEnabled="true">
<ser:binding type="abstract XML" xmlns:con3="http://www.bea.com/wli/sb/services/bindings/config"/>
<ser:monitoring isEnabled="false">
<ser:aggregationInterval>10</ser:aggregationInterval>
<ser:pipelineMonitoringLevel>Pipeline</ser:pipelineMonitoringLevel>
</ser:monitoring>
<ser:reporting>true</ser:reporting>
<ser:logging isEnabled="true">
<ser:logLevel>debug</ser:logLevel>
</ser:logging>
<ser:sla-alerting isEnabled="true">
<ser:alertLevel>normal</ser:alertLevel>
</ser:sla-alerting>
<ser:pipeline-alerting isEnabled="true">
<ser:alertLevel>normal</ser:alertLevel>
</ser:pipeline-alerting>
</ser:coreEntry>
<ser:endpointConfig>
<tran:provider-id>http</tran:provider-id>
<tran:inbound>true</tran:inbound>
<tran:URI>
<env:value>/ItevProj/proxy/test/3/ps3</env:value>
</tran:URI>
<tran:inbound-properties/>
<tran:all-headers>false</tran:all-headers>
<tran:provider-specific>
<http:inbound-properties/>
</tran:provider-specific>
</ser:endpointConfig>
<ser:router>
<con:flow>
<con:route-node name="RouteNode1">
<con:context>
<con2:varNsDecl namespace="http://webservice.chargingstation.itev.criticalsoftware.com" prefix="web"/>
</con:context>
<con:actions>
<con1:route>
<con2:id>_ActionId-9035043200913057533-78de896f.1287cc7514b.-7eb7</con2:id>
<con1:service ref="ItevProj/business/common/jms/test/3/responseQueue" xsi:type="ref:BusinessServiceRef" xmlns:ref="http://www.bea.com/wli/sb/reference"/>
<con1:outboundTransform>
<con3:transport-headers xmlns:con3="http://www.bea.com/wli/sb/stages/transform/config">
<con2:id>_ActionId-9035043200913057533-78de896f.1287cc7514b.-7d69</con2:id>
<con3:header-set>outbound-request</con3:header-set>
<con3:header name="JMSCorrelationID" value="expression">
<con2:xqueryText>$body/id/text()</con2:xqueryText>
</con3:header>
</con3:transport-headers>
</con1:outboundTransform>
<con1:responseTransform/>
</con1:route>
</con:actions>
</con:route-node>
</con:flow>
</ser:router>
</xml-fragment>

User audit trail in a SOA scenario

Hi All,
In a SOA scenario when using a composite application calling many webservices who on their turn call asynchronous jms calls to backend applications. How can you audit the user trail? So can you tell of all the backend transactions touched by this SOA scenario who was responsible of changing the data.
To illustrate the issue:
The typical SOA scenario, we have a web application running in a portal, the logged on portal user is accessing this web application. The web application is calling web services using the logged on user credentials. The webservices call an asynchronous message in a message oriented middleware solution using a service user. This asynchronous message triggers a bapi in R/3 using this service user. In the logging of the bapi call in R/3 the bapi is called by the service user and not the portal user id.
Can somebody point me to articles regarding this topic or best practices?
regards,
Richard

Thanks Abhishek,
The first link was helpfull but actually underlines the problem that I have. The second link has no relevance to the problem.
But if we zoom in on de first link: http://help.sap.com/saphelp_erp2004/helpdata/en/cb/b0ceb823984a62bf017a42179af99a/frameset.htm
This is about the security on JMS service.
So the question remains how do you deal with an audit trail if the user calling webservices is different than the service user calling the bapi.
regards,
Richard

OSB Dynamic Routing and Transaction Rollback

Hi,
I have implemented dynamic routing to different jms business services.
That's the flow:
1. I have a proxy service which is invoked via a message delivered to a jms queue(XA connection factory), this queue is configured with
Error Destination, expiration policy redirect, redelivery limit 5 and redelivery delay override 100
2. I use a dynamic routing action
<ctx:route isProxy="false">
<ctx:service>
$businessServiceXXX
</ctx:service>
</ctx:route>
where $businessServiceXXX is a variable to hold my target jms business service, its value depends on some incoming inbound headers.
3. if the endpoint is not correct(business service endpoint is dynamic) I catch the error in a Error handler, I raise an Error but :
THE MESSAGE IS NOT REDIRECTED TO THE ERROR QUEUE.
I know I could solve the issue with another approach like an external table to capture(fix) the endpoints, but it won't be so flexible in terms of deployment capability.
Any Ideas ?
Thanks,
T.

Hi Tony,
Tested this in ALSB 2.5 . Transaction rollbacks fine when error in dynamic routing. I am attaching the test JMS proxy we have used for this.
We had XA enabled CF for JMS proxy service and target JMS BS. The dynamic route was configured in route node with no route error handler or service error handler. The test case was to pause the target JMS queue for production. We could see messages rolling back to the source queue and getting redelivered.
Attaching the Sbconfig for this proxy. Proxy Name: Dynamic Routing
<?xml version="1.0" encoding="UTF-8"?>
<xml-fragment name="DynamicRouting">
<ser:coreEntry isEnabled="true" isProxy="true" name="DynamicRouting" isAutoPublish="false" xmlns:ser="http://www.bea.com/wli/sb/services">
<ser:description/>
<ser:binding type="abstract XML"/>
</ser:coreEntry>
<ser:endpointConfig xmlns:ser="http://www.bea.com/wli/sb/services">
<tran:provider-id xmlns:tran="http://www.bea.com/wli/sb/transports">jms</tran:provider-id>
<tran:inbound xmlns:tran="http://www.bea.com/wli/sb/transports">true</tran:inbound>
<tran:URI xmlns:tran="http://www.bea.com/wli/sb/transports">
<env:value xmlns:env="http://www.bea.com/wli/config/env">jms://localhost:7001/XACF/InputQueue</env:value>
</tran:URI>
<tran:inbound-properties xmlns:tran="http://www.bea.com/wli/sb/transports"/>
<tran:all-headers xmlns:tran="http://www.bea.com/wli/sb/transports">false</tran:all-headers>
<tran:provider-specific xsi:type="jms:JmsEndPointConfiguration" xmlns:jms="http://www.bea.com/wli/sb/transports/jms" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<jms:is-queue>true</jms:is-queue>
<jms:is-secure>false</jms:is-secure>
<jms:inbound-properties>
<jms:response-required>false</jms:response-required>
</jms:inbound-properties>
<jms:request-encoding>UTF-8</jms:request-encoding>
</tran:provider-specific>
</ser:endpointConfig>
<ser:router xmlns:ser="http://www.bea.com/wli/sb/services">
<con:pipeline name="PipelinePairNode1_request" type="request" xmlns:con="http://www.bea.com/wli/sb/pipeline/config">
<con:stage name="Configuration">
<con:comment/>
<con:context/>
<con:actions>
<con1:assign varName="input" xmlns:con1="http://www.bea.com/wli/sb/stages/transform/config">
<con1:expr>
<con:xqueryText xmlns:con="http://www.bea.com/wli/sb/stages/config"><![CDATA[<root>
<type value="jms">
          <service>DynamicRouting/BusinessService/JMS</service>
     </type>
     <type value="http">
     <service>DynamicRouting/BusinessService/HTTP</service>
     <operation>Test</operation>
     </type>
</root>]]></con:xqueryText>
</con1:expr>
</con1:assign>
</con:actions>
</con:stage>
</con:pipeline>
<con:pipeline name="PipelinePairNode1_response" type="response" xmlns:con="http://www.bea.com/wli/sb/pipeline/config"/>
<con:flow xmlns:con="http://www.bea.com/wli/sb/pipeline/config">
<con:pipeline-node name="PipelinePairNode1">
<con:request>PipelinePairNode1_request</con:request>
<con:response>PipelinePairNode1_response</con:response>
</con:pipeline-node>
<con:route-node name="DynamicRoute">
<con:comment/>
<con:context/>
<con:actions>
<con1:dynamic-route xmlns:con1="http://www.bea.com/wli/sb/stages/routing/config">
<con1:service>
<con:xqueryText xmlns:con="http://www.bea.com/wli/sb/stages/config"><ctx:route>
     <ctx:service isProxy="false">{data($input/*:type[@value=$body/*:body/*:type/text()]/*:service)}</ctx:service>
          if($input/*:type[@value=$body/*:body/*:type/text()]/*:operation) then
               <ctx:operation>{data($input/*:type[@value=$body/*:body/*:type/text()]/*:operation)}</ctx:operation>
else()
</ctx:route></con:xqueryText>
</con1:service>
<con1:outboundTransform>
<con2:routing-options xmlns:con2="http://www.bea.com/wli/sb/stages/transform/config">
<con2:uriExpr>
<con:xqueryText xmlns:con="http://www.bea.com/wli/sb/stages/config">$body/*:body/*:url/text()</con:xqueryText>
</con2:uriExpr>
</con2:routing-options>
</con1:outboundTransform>
<con1:responseTransform/>
</con1:dynamic-route>
</con:actions>
</con:route-node>
</con:flow>
</ser:router>
</xml-fragment>
Regards,
Atheek
Edited by: atheek1 on 27-Apr-2010 19:48

Serious usage?

i received an email today which stated:
"Regarding JMS, we strongly recommend that you use a commercial JMS implementation such as ******** instead of the reference implementation that comes with J2EE SDK. The reference implementation is proof of concept and is not intended for any serious usage."
..... uhm..... any comment?
i'm new to JMS, so suggestions would be most welcome.
thanx.
-d-

I would agree with this statement.
Though open source implementations come for free but there are multiple issues associated with them :
1. No support. if there is a bug you are gone.
2. Less documentation
3. Performance issues.
4. Less feature set e.g. most of the open source products don't provide rich support for security as JMS specs doesn't cover it
I would recommend you to go with some commercial product e.g. FioranoMQ, Tibco, IBM etc.
if you are planning to use it in a live application.
In case you want to use for educational purposes you can very well use the open source products.

Security in JMS

Similar Messages

Maybe you are looking for