For non-Java EE Connector Architecture (JCA) messaging providers, the association between connection factories, destinations, and message-driven beans is provided by listener ports. In this case, you can configure resource security and security permissions for message-driven beans by setting the container-managed alias. The MDB listener's security information is established when the MDB listener's JMS Connection is created.
A listener port allows a deployed message-driven bean associated with the port to retrieve messages from the associated destination. For more information about listener ports, see Message-driven beans - listener port components.
In most respects, the security for an MDB is identical to that for any other enterprise bean. For instance, access to JDBC resources and JCA resources (for example CICS®, IMS) is handled in the same way as for an entity or session bean. Access to other JMS resources is also handled in the same way as for other enterprise beans. However, securing the MDB listener, which can be thought of as part of the application server infrastructure, is unique to MDBs. To secure the MDB listener, you configure authentication and authorization for the server to connect to a JMS provider and a Destination so that a message can be selected and so that the MDB can pass this message to its onMessage() method.
Your MDB onMessage() application code might not make additional JMS calls. However, if the MDB application code accesses additional JMS resources, this access is handled identically to JMS calls made by an entity or session EJB.
To set the container-managed alias, (if you elect that option), use the administrative console to complete the following steps:
Invoking other EJBs
Messages arriving at a listener port have no client credentials associated with them. The messages are anonymous. To call secure enterprise beans from a message-driven bean, the message-driven bean must be configured with a RunAs Identity deployment descriptor. Security depends on the role specified by the RunAs Identity for the message-driven bean as an EJB component.
For more information about EJB security, see Securing enterprise bean applications. For more information about configuring security for your application, see Securing applications during assembly and deployment.
In this information ... | IBM Redbooks, demos, education, and more(Index) |