Search This Blog

Sunday, 3 May 2015

13.c WebLogic Security: JMS Queue deliver to Authenticated users

Securing WebLogic JMS Resources

By default, destinations are not protected. This means that any valid user for a WebLogic server instance can send, receive, and browse messages on a destination. Security policies allows only users defined by the policy condition to have access control of the destination.

There are two ways of securing the JMS resources.
1.At the JMSModule level (Group level), where a single security policy is specified for a set of JMS resources.
2.At the individual JMS resource level, which provides much more grained controlled over the operations that you want to secure.

Here I am illustrating the usage of single User allowed to access a Queue send and receive messages.
Steps to configure security for JMS distributed queue.

1. Setting the security policy.
JMS Queue Configuration
 1.1. Login into the Admin server console –> Navigate to the Distribute Queue that needs to be secured.
1.2. Click on the security tab –> Policies sub tab. We can see a small drop down list, which lists the set of the operations that can be protected.
Selecting Predicate List

1.3. Click Add Conditions to add the policy conditions as Shown
Setting up the Policy condition

1.4. From the predicate list, specify the policy conditions. We would select the 'User' from the drop down list for demo purpose.

1.5. Click on User Hari check box and save it.
JMS Queue adding user 'Hari'
Now all set to test our secure JMS messaging.

In the JMS Destination lookup code, we need to pass the username and password who has the access permissions on the resource.
env.put(Context.SECURITY_PRINCIPAL, “Username”);
env.put(Context.SECURITY_CREDENTIALS, “password”);

To send a JMS message to the queue with the user credentials, execute the below QueueSend.java program.
package jms.test;
import java.io.BufferedReader; 
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Hashtable;
import javax.jms.*;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
public class QueueSend
{
public final static String JNDI_FACTORY="weblogic.jndi.WLInitialContextFactory";
public final static String JMS_FACTORY="CF";
public final static String QUEUE="Queue";
private QueueConnectionFactory qconFactory;
private QueueConnection qcon;
private QueueSession qsession;
private QueueSender qsender;
private Queue queue;
private TextMessage msg;
public void init(Context ctx, String queueName)     throws NamingException, JMSException
{
qconFactory = (QueueConnectionFactory) ctx.lookup(JMS_FACTORY);
qcon = qconFactory.createQueueConnection();
qsession = qcon.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
queue = (Queue) ctx.lookup(queueName); 
qsender = qsession.createSender(queue);
msg = qsession.createTextMessage();
qcon.start();   
} 
public void send(String message) throws JMSException {
msg.setText(message);
qsender.send(msg);
} 
public void close() throws JMSException {
qsender.close();
qsession.close();
qcon.close();
}
public static void main(String[] args) throws Exception {
if (args.length != 1) {
System.out.println("Usage: java examples.jms.queue.QueueSend WebLogicURL");
return;
}
InitialContext ic = getInitialContext(args[0]);
QueueSend qs = new QueueSend();
qs.init(ic, QUEUE);
readAndSend(qs);
qs.close();
}
private static void readAndSend(QueueSend qs)     throws IOException, JMSException 
{     
BufferedReader msgStream = new BufferedReader(new InputStreamReader(System.in));
 String line=null;
boolean quitNow = false;
do {
System.out.print("Enter message (\"quit\" to quit): \n");
line = msgStream.readLine();
if (line != null && line.trim().length() != 0) {
qs.send(line);
System.out.println("JMS Message Sent: "+line+"\n");
quitNow = line.equalsIgnoreCase("quit");
}
}
 while (! quitNow); 
}
private static InitialContext getInitialContext(String url)     throws NamingException
{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, JNDI_FACTORY);
env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_PRINCIPAL, "Hari");
env.put(Context.SECURITY_CREDENTIALS, "welcome1");
return new InitialContext(env);
}
}

JMS Queue Send program execution

package jms.test;

import java.util.Hashtable;
import javax.jms.*;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
public class QueueReceive implements MessageListener
{
public final static String JNDI_FACTORY="weblogic.jndi.WLInitialContextFactory";
public final static String JMS_FACTORY="CF";
public final static String QUEUE="Queue";
private QueueConnectionFactory qconFactory;
private QueueConnection qcon;
private QueueSession qsession;
private QueueReceiver qreceiver;
private Queue queue;
private boolean quit = false;
public void onMessage(Message msg)
{
try {
String msgText;
if (msg instanceof TextMessage) {
msgText = ((TextMessage)msg).getText();
}
 else
 {
msgText = msg.toString();
}
System.out.println("Message Received: "+ msgText );
if (msgText.equalsIgnoreCase("quit")) {
synchronized(this) {
quit = true;
this.notifyAll(); // Notify main thread to quit
}
}
} catch (JMSException jmse) {
System.err.println("An exception occurred: "+jmse.getMessage());
}
}
public void init(Context ctx, String queueName)
throws NamingException, JMSException
{
qconFactory = (QueueConnectionFactory) ctx.lookup(JMS_FACTORY);
qcon = qconFactory.createQueueConnection();
qsession = qcon.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
queue = (Queue) ctx.lookup(queueName);
qreceiver = qsession.createReceiver(queue);
qreceiver.setMessageListener(this);
qcon.start();
}
public void close()throws JMSException
{
qreceiver.close();
qsession.close();
qcon.close();
}
public static void main(String[] args) throws Exception {
if (args.length != 1) {
System.out.println("Usage: java examples.jms.queue.QueueReceive WebLogicURL");
return;
}
InitialContext ic = getInitialContext(args[0]);
QueueReceive qr = new QueueReceive();
qr.init(ic, QUEUE);
System.out.println("JMS Ready To Receive Messages (To quit, send a \"quit\" message).");
 synchronized(qr) {
 while (! qr.quit) {
 try {
 qr.wait();
 } catch (InterruptedException ie) {}
 }
 }
 qr.close();
}
private static InitialContext getInitialContext(String url)
throws NamingException
{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, JNDI_FACTORY);
env.put(Context.PROVIDER_URL, url);
env.put(Context.SECURITY_PRINCIPAL, "Hari");
env.put(Context.SECURITY_CREDENTIALS, "welcome1");
return new InitialContext(env);
}
}


Note Here: In the program if you are unable to compile change the HashTable line...

        Hashtable<String,String> env= new Hashtable<String,String>();
 
Now execute the QueueRecive.java program as below to check to verigy Hari user is recived messages or not
JMS Queu Receive Program execution output

WebLogic Books

  • Oracle WebLogic Server 12c: Administration Handbook
  • WebLogic Diagnostic Framework
  • Advanced WebLogic Server Automation
  • Oracle SOA Suite 11g Administrator's Handbook

Popular Posts