Skip Navigation Links | |
Exit Print View | |
Oracle GlassFish Server Message Queue 4.5 Administration Guide |
Part I Introduction to Message Queue Administration
1. Administrative Tasks and Tools
3. Starting Brokers and Clients
6. Configuring and Managing Connection Services
8. Configuring Persistence Services
9. Configuring and Managing Security Services
Introduction to Security Services
Using a Flat-File User Repository
Using the User Manager Utility
To Set Up an Administrative User
Using JAAS-Based Authentication
Setting up JAAS-Compliant Authentication
Application of Authorization Rules
Authorization Rules for Connection Services
Authorization Rules for Physical Destinations
Authorization Rules for Auto--Created Physical Destinations
Using Self-Signed Certificates
Setting Up an SSL-Based Connection Service Using Self-Signed Certificates
Configuring and Running an SSL-Based Client Using Self-Signed Certificates
Obtaining and Installing a Signed Certificate
Configuring the Client to Require Signed Certificates
Audit Logging with the Solaris BSM Audit Log
10. Configuring and Managing Broker Clusters
11. Managing Administered Objects
12. Configuring and Managing Bridge Services
13. Monitoring Broker Operations
14. Analyzing and Tuning a Message Service
17. Broker Properties Reference
18. Physical Destination Property Reference
19. Administered Object Attribute Reference
20. JMS Resource Adapter Property Reference
21. Metrics Information Reference
22. JES Monitoring Framework Reference
A. Distribution-Specific Locations of Message Queue Data
B. Stability of Message Queue Interfaces
When a client application is separated from the broker by a firewall, special measures are needed in order to establish a connection. One approach is to use the httpjms or httpsjms connection service, which can “tunnel” through the firewall; see Appendix C, HTTP/HTTPS Support for details. HTTP connections are slower than other connection services, however; a faster alternative is to bypass the Message Queue Port Mapper and explicitly assign a static port address to the desired connection service, and then open that specific port in the firewall. This approach can be used to connect through a firewall using the jms or ssljms connection service (or, in unusual cases, admin or ssladmin).
Table 9-8 Broker Configuration Properties for Static Port Addresses
|
To bypass the Port Mapper and assign a static port number directly to a connection service, set the broker configuration property imq.serviceName.protocolType.port, where serviceName is the name of the connection service and protocolType is its protocol type (see Table 9-8). As with all broker configuration properties, you can specify this property either in the broker's instance configuration file or from the command line when starting the broker. For example, to assign port number 10234 to the jms connection service, either include the line
imq.jms.tcp.port=10234in the configuration file or start the broker with the command
imqbrokerd -name brokerName -Dimq.jms.tcp.port=10234where brokerName is the name of the broker to be started.
You must also allow connections through the firewall to Message Queue's Port Mapper port (normally 7676, unless you have reassigned it to some other port). In the example above, for instance, you would need to open the firewall for ports 10234 and 7676.