JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle GlassFish Server Message Queue 4.5 Administration Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I Introduction to Message Queue Administration

1.  Administrative Tasks and Tools

2.  Quick-Start Tutorial

Part II Administrative Tasks

3.  Starting Brokers and Clients

4.  Configuring a Broker

5.  Managing a Broker

6.  Configuring and Managing Connection Services

7.  Managing Message Delivery

8.  Configuring Persistence Services

9.  Configuring and Managing Security Services

10.  Configuring and Managing Broker Clusters

11.  Managing Administered Objects

12.  Configuring and Managing Bridge Services

13.  Monitoring Broker Operations

14.  Analyzing and Tuning a Message Service

15.  Troubleshooting

Part III Reference

16.  Command Line Reference

17.  Broker Properties Reference

Connection Properties

Routing and Delivery Properties

Persistence Properties

File-Based Persistence Properties

File-Based Persistence Properties for Transaction Logging

JDBC-Based Persistence Properties

Security Properties

Monitoring Properties

Cluster Configuration Properties

Bridge Properties

JMX Properties

Alphabetical List of Broker Properties

18.  Physical Destination Property Reference

19.  Administered Object Attribute Reference

20.  JMS Resource Adapter Property Reference

21.  Metrics Information Reference

22.  JES Monitoring Framework Reference

Part IV Appendixes

A.  Distribution-Specific Locations of Message Queue Data

B.  Stability of Message Queue Interfaces

C.  HTTP/HTTPS Support

D.  JMX Support

E.  Frequently Used Command Utility Commands

Index

Security Properties

Table 17-9 lists broker properties related to security services: authentication, authorization, and encryption. Table 17-10 lists broker properties related specifically to file-based authentication, Table 17-11 lists broker properties related specifically to LDAP-based authentication, and Table 17-12 lists broker properties related specifically to JAAS-based authentication.

Table 17-9 Broker Security Properties

Property
Type
Default Value
Description
imq.authentication.basic.user_repository
String
file
Type of user authentication:

  • file: File-based

  • ldap: Lightweight Directory Access Protocol

  • jaas: Java Authentication and Authorization Service
imq.authentication.type
String
digest
Password encoding method:

  • digest: MD5 (for file-based authentication)

  • basic: Base-64 (for LDAP or JAAS authentication)
imq.serviceName.authentication.type
String
None
Password encoding method for connection service serviceName:

  • digest: MD5 (for file-based authentication)

  • basic: Base-64 (for LDAP or JAAS authentication)

If specified, overrides imq.authentication.type for the designated connection service.

imq.authentication.client.response.timeout
Integer
180
Interval, in seconds, to wait for client response to authentication requests
imq.accesscontrol.enabled
Boolean
true
Use access control?

If true, the system will check the access control file to verify that an authenticated user is authorized to use a connection service or to perform specific operations with respect to specific destinations.

imq.accesscontrol.type
String
file
Specifies the access control type
imq.serviceName.accesscontrol.enabled
Boolean
None
Use access control for connection service?

If specified, overrides imq.accesscontrol.enabled for the designated connection service.

If true, the system will check the access control file to verify that an authenticated user is authorized to use the designated connection service or to perform specific operations with respect to specific destinations.

imq.accesscontrol.file.dirpath
String
IMQ_VARHOME/instances/instanceName/etc
Path to the access control directory
imq.accesscontrol.file.filename
String
accesscontrol.properties
Name of access control file

The file name specifies a path relative to imq.accesscontrol.file.dirpath.

imq.serviceName.accesscontrol.file.filename
String
None
Name of access control file for connection service

If specified, overrides imq.accesscontrol.file.filename for the designated connection service.

The file name specifies a path relative to imq.accesscontrol.file.dirpath.

imq.accesscontrol.file.url
String
Not set
The location, as a URL, of the access control file.

If the URL uses LDAP protocol (ldap://), the access control file must be returned as a single string that uses dollar sign ($) as the separator between the lines of the access control file.
imq.serviceName.accesscontrol.file.url
String
None
The location, as a URL, of the access control file for the connection service.

If specified, overrides imq.accesscontrol.file.url for the designated connection service.

If the URL uses LDAP protocol (ldap://), the access control file must be returned as a single string that uses dollar sign ($) as the separator between the lines of the access control file.
imq.keystore.file.dirpath
String
IMW_HOME/etc
Path to directory containing key store file
imq.keystore.file.name
String
keystore
Name of key store file
imq.keystore.password1
String
None
Password for key store file
imq.passfile.enabled
Boolean
false
Obtain passwords from password file?
imq.passfile.dirpath
String
IMQ_HOME/etc
Path to directory containing password file
imq.passfile.name
String
passfile
Name of password file
imq.imqcmd.password1
String
None
Password for administrative user

The Command utility (imqcmd) uses this password to authenticate the user before executing a command.

imq.audit.enabled
Boolean
false
Is audit logging to broker log file enabled?
imq.audit.bsm.disabled
Boolean
true
Is audit logging to the Solaris BSM audit log disabled?

1To be used only in password files

Table 17-10 lists broker properties related to user authentication when using a flat-file user repository.

Table 17-10 Broker Security Properties for Flat-File Authentication

Property
Type
Default Value
Description
imq.user_repository.file.dirpath
String
IMQ_VARHOME/instances/instanceName/etc/
Path to the directory containing the flat-file user repository
imq.user_repository.file.filename
String
passwd
Name of the flat-file user repository file in the directory specified by imq.user_repository.file.dirpath

Table 17-11 lists broker properties related to LDAP-based user authentication.

Table 17-11 Broker Security Properties for LDAP Authentication

Property
Type
Default Value
Description
imq.user_repository.ldap.server
String
None
Host name and port number for LDAP server

The value is of the form

  • hostName:port

where hostName is the fully qualified DNS name of the host running the LDAP server and port is the port number used by the server.

To specify a list of failover servers, use the following syntax:

  • host1:port1

  • ldap://host2: port2

  • ldap://host3 :port3
Entries in the list are separated by spaces. Note that each failover server address is prefixed with ldap://. Use this format even if you use SSL and have set the property imq.user_repository.ldap.ssl.enabled to true. You need not specify ldaps in the address.
imq.user_repository.ldap.principal
String
None
Distinguished name for binding to LDAP user repository

Not needed if the LDAP server allows anonymous searches.

imq.user_repository.ldap.password1
String
None
Password for binding to LDAP user repository

Not needed if the LDAP server allows anonymous searches.

imq.user_repository.ldap.propertyName
imq.user_repository.ldap.base
String
None
Directory base for LDAP user entries
imq.user_repository.ldap.uidattr
String
None
Provider-specific attribute identifier for LDAP user name
imq.user_repository.ldap.usrformat
String
None
When set to a value of dn, specifies that DN username format is used for authentication (for example: uid=mquser,ou=People,dc=red,dc=sun,dc=com).

Also, the broker extracts the value of the imq.user.repository.lpdap.uidatr attribute from the DN username, and uses this value as the user name in access control operations.

If not set, then normal username format is used.
imq.user_repository.ldap.usrfilter2
String
None
JNDI filter for LDAP user searches
imq.user_repository.ldap.grpsearch
Boolean
false
Enable LDAP group searches?

Note - Message Queue does not support nested groups.
imq.user_repository.ldap.grpbase
String
None
Directory base for LDAP group entries
imq.user_repository.ldap.gidattr
String
None
Provider-specific attribute identifier for LDAP group name
imq.user_repository.ldap.memattr
String
None
Provider-specific attribute identifier for user names in LDAP group
imq.user_repository.ldap.grpfilter2
String
None
JNDI filter for LDAP group searches
imq.user_repository.ldap.timeout
Integer
280
Time limit for LDAP searches, in seconds
imq.user_repository.ldap.ssl.enabled
Boolean
false
Use SSL when communicating with LDAP server?
imq.user_repository.ldap.ssl.socketfactory
String
com.sun.messaging.jmq.jmsserver.auth.ldap.TrustSSLSocketFactory
The fully qualified class name of the socket factory to use to make SSL connections to the LDAP server.

When this property is not set and imq.user_repository.ldap.ssl.enabled is set to true, the default socket factory designated by the LDAP naming service is used.

1Should be used only in password files

2Optional

Table 17-12 lists broker properties related to JAAS-based user authentication.

Table 17-12 Broker Security Properties for JAAS Authentication

Property
Type
Default Value
Description
imq.user_repository.jaas.name
String
None
Set to the name of the desired entry (in the JAAS configuration file) that references the login modules you want to use as the authentication service. This is the name you noted in Step 3.
imq.user_repository.jaas.userPrincipalClass
String
None
This property, used by Message Queue access control, specifies the java.security.Principal implementation class in the login module(s) that the broker uses to extract the Principal name to represent the user entity in the Message Queue access control file. If, it is not specified, the user name passed from the Message Queue client when a connection was requested is used instead.
imq.user_repository.jaas.groupPrincipalClass
String
None
This property, used by Message Queue access control, specifies the java.security.Principal implementation class in the login module(s) that the broker uses to extract the Principal name to represent the group entity in the Message Queue access control file. If, it is not specified, the user name passed from the Message Queue client when a connection was requested is used instead.
Copyright © 2010, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next