Skip Navigation Links | |
Exit Print View | |
Oracle GlassFish Server Message Queue 4.5 Administration Guide |
Part I Introduction to Message Queue Administration
1. Administrative Tasks and Tools
3. Starting Brokers and Clients
6. Configuring and Managing Connection Services
8. Configuring Persistence Services
9. Configuring and Managing Security Services
10. Configuring and Managing Broker Clusters
11. Managing Administered Objects
12. Configuring and Managing Bridge Services
13. Monitoring Broker Operations
14. Analyzing and Tuning a Message Service
17. Broker Properties Reference
18. Physical Destination Property Reference
19. Administered Object Attribute Reference
20. JMS Resource Adapter Property Reference
21. Metrics Information Reference
22. JES Monitoring Framework Reference
A. Distribution-Specific Locations of Message Queue Data
B. Stability of Message Queue Interfaces
HTTP/HTTPS Support Architecture
Step 1 (HTTPS Only): Generating a Self-Signed Certificate for the Tunnel Servlet
Step 2 (HTTPS Only): Specifying the Key Store Location and Password
To Specify the Location and Password of the Certificate Key Store
Step 3 (HTTPS Only): Validating and Installing the Server's Self-Signed Certificate
To Validate and Install the Server's Self-Signed Certificate
Step 4 (HTTP and HTTPS): Deploying the Tunnel Servlet
To Deploy the HTTP or HTTPS Tunnel Servlet
Modifying the Application Server's Security Policy File
Step 5 (HTTP and HTTPS): Configuring the Connection Service
To Activate the httpjms or httpsjms Connection Service
Configuring the Connection Factory (HTTP and HTTPS)
Using a Single Servlet to Access Multiple Brokers (HTTP and HTTPS)
Client Failure to Connect Through the Tunnel Servlet
The instance configuration file is named config.properties and is located in IMQ_VARHOME/instances/instanceName/props.
Add the value httpjms or httpsjms to the imq.service.activelist property: for example,
imq.service.activelist=jms,admin,httpjmsor
imq.service.activelist=jms,admin,httpsjmsAt startup, the broker looks for an application server or Web server and an HTTP or HTTPS tunnel servlet running on its local host machine. If necessary, you can reconfigure the broker to access a remote tunnel servlet instead, by setting the servletHost and servletPort properties appropriately (see Table C-2): for example,
imq.httpjms.http.servletHost=helios imq.httpjms.http.servletPort=7675You can also improve performance by reconfiguring the connection service’s pullPeriod property. This specifies the interval, in seconds, at which each client issues HTTP/HTTPS requests to pull messages from the broker. With the default value of -1, the client will keep one such request pending at all times, ready to pull messages as fast as possible. With a large number of clients, this can cause a heavy drain on server resources, causing the server to become unresponsive. Setting the pullPeriod property to a positive value configures the client’s HTTP/HTTPS transport driver to wait that many seconds between pull requests, conserving server resources at the expense of increased response times to clients.
The connectionTimeout property specifies the interval, in seconds, that the client runtime waits for a response from the HTTP/HTTPS tunnel servlet before throwing an exception, as well as the time the broker waits after communicating with the tunnel servlet before freeing a connection. (A timeout is necessary in this case because the broker and the tunnel servlet have no way of knowing if a client that is accessing the tunnel servlet has terminated abnormally.)
To make HTTP/HTTPS connections to a broker, a client application needs an appropriately configured connection factory administered object. Before configuring the connection factory, clients wishing to use secure HTTPS connections must also have access to SSL libraries provided by the Java Secure Socket Extension (JSSE) and must obtain a trusted root certificate.
If the root certificate of the certification authority (CA) that signed your application server’s (or Web server’s) certificate is not in the trust store by default, or if you are using a proprietary application server or Web server certificate, you must install the root certificate in the trust store. (This step is not needed for ordinary, non-secure HTTP connections, or if the CA’s root certificate is already in the trust store by default.)