You need to set up destination based security and/or JNDI
based security.
About this task
For Oracle
WebLogic, IBM® WebSphere® and IBM WebSphere MQ, and JBoss, specify
the following name-value pairs in the parameter name and values explained
in Table 1:
- For Destination Based Security, set the following
parameters:
- sci.queuebasedsecurity.userid=<username configured
in the APPLICATION_SERVER and assigned to the queue or topic>
- sci.queuebasedsecurity.password=<password for
the above username as configured for the APPLICATION_SERVER
Note: Oracle WebLogic 12.1.2 only supports JNDI based JMS
security. If destination based security is enabled, it is altogether
bypassed. Therefore, you must configure JNDI based JMS security if
using Oracle WebLogic 12.1.2.
Note: JBoss does
not support destination based security for JMS service. Only JNDI
based security is supported.
- For JNDI Based security set the following parameters:
- java.naming.security.principal=<user ID configured
in the APPLICATION_SERVER and assigned to the JNDI>
- java.naming.security.credentials=<password for
the above user ID as configured for the APPLICATION_SERVER>
Note: For more information about the authentication mechanism,
setting up queues and topics, and Connection Factory, refer to individual
Application Server's documentation.
For IBM WebSphere and IBM WebSphere MQ,
set up the desired forms of authentication and encryption where appropriate.
Additionally, modify the Java™ commands
as described below to suit the desired goal.
Before
modifying, ensure that you have defined the following variables in
your environment:
- WAS_HOME refer to the installation directory of
the IBM WebSphere software
- MQ_HOME refers to the installation location of
the IBM WebSphere MQ software.
- PROFILE_NAME refers to the name of the profile
in which you created the server.
- To allow agents to be authenticated to IBM WebSphere JNDI, add the following definitions:
- -Djava.ext.dirs=<CLASSPATH>, where the CLASSPATH
should contain the following directories:
- $MQ_HOME\java\lib
- $WAS_HOME\AppServer\java\jre\lib\ext
- $WAS_HOME\AppServer\java\jre\lib
- $WAS_HOME\AppServer\lib
- $WAS_HOME\AppServer\lib\ext
- $WAS_HOME\AppServer\properties
- $WAS_HOME\AppServer\profiles\<PROFILE_NAME>\properties.
- com.ibm.CORBA.ConfigURL should
be set to the full path to the sas props file that you want to use
such as -Dcom.ibm.CORBA.ConfigURL=$WAS_HOME/AppServer/profiles/<PROFILE_NAME>/properties/sas.client.props.
The SAS props file is obtained from the IBM WebSphere installation.
You need to modify this text file to contain the username and password
to be used for authentication to the IBM WebSphere (corbaloc based)
JNDI.
Note: For more information about how to
set any of the above mentioned defines refer to IBM documentation. In specific, read the IBM WebSphere documentation to understand how
to enable and configure Global security.
- To enable SSL encryption on the transmission of
JMS messages to MQ, enable SSL on the channel to which your agents
and services are connected. Create the Connection Factory using the
equivalent SSLCIPHERSPEC. On the java command line specify the following
definitions:
- javax.net.ssl.trustStore
- javax.net.ssl.keyStorePassword
- javax.net.ssl.KeyStore
Note: Refer
to the IBM WebSphere MQ documentation to learn how
to turn on the SSL on the server channel to which the Sterling Selling and
Fulfillment Foundation agents
and services connect. For more information about how to use the SSLCIPHERSPEC
option while creating the Connection Factory, see the IBM documentation.
For
JBoss, before modifying, ensure that you have added following jars
to the CLASSPATH:
- JBOSS_HOME refer to the installation directory
of the JBoss software
- To allow agents to be authenticated to JBoss JNDI,
add the following definitions:
- -Djava.ext.dirs=<CLASSPATH>, where the CLASSPATH
should contain the following directories:
- <JBOSS_HOME>/client/jbossall-client.jar
- <JBOSS_HOME>/server/<server-home>/jboss-aop-jdk50.deployer/jboss-aop-jdk50.jar
- <JBOSS_HOME>/jboss-messaging-client.jar