Sun GlassFish Message Queue 4.4 Administration Guide

HTTP/HTTPS Support Architecture

Message Queue’s support architecture is very similar for both HTTP and HTTPS support, as shown in Figure C–1:

Figure C–1 HTTP/HTTPS Support Architecture

Diagram showing how an HTTP proxy and HTTP tunnel servlet
enable messages to go through firewalls. Figure explained in text.

The main difference between HTTP and HTTPS connections is that in the HTTPS case (httpsjms connection service), the tunnel servlet has a secure connection to both the client application and the broker. The secure connection to the broker is established by means of the Secure Socket Layer (SSL) protocol. Message Queue’s SSL-enabled HTTPS tunnel servlet passes a self-signed certificate to any broker requesting a connection. The broker uses the certificate to establish an encrypted connection to the tunnel servlet. Once this connection is established, a secure connection between the client application and the tunnel servlet can be negotiated by the client application and the application server or Web server.