JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle GlassFish Server Message Queue 4.5 Administration Guide
search filter icon
search icon

Document Information


Part I Introduction to Message Queue Administration

1.  Administrative Tasks and Tools

2.  Quick-Start Tutorial

Part II Administrative Tasks

3.  Starting Brokers and Clients

4.  Configuring a Broker

5.  Managing a Broker

6.  Configuring and Managing Connection Services

7.  Managing Message Delivery

8.  Configuring Persistence Services

9.  Configuring and Managing Security Services

Introduction to Security Services




User Authentication

Using a Flat-File User Repository

User Groups and Status

Using the User Manager Utility

Using an LDAP User Repository

To Set Up an Administrative User

Using JAAS-Based Authentication

Elements of JAAS

JAAS and Message Queue

Setting up JAAS-Compliant Authentication

User Authorization

Access Control File Syntax

Application of Authorization Rules

Authorization Rules for Connection Services

Authorization Rules for Physical Destinations

Authorization Rules for Auto--Created Physical Destinations

Message Encryption

Using Self-Signed Certificates

Setting Up an SSL-Based Connection Service Using Self-Signed Certificates

Configuring and Running an SSL-Based Client Using Self-Signed Certificates

Using Signed Certificates

Obtaining and Installing a Signed Certificate

Configuring the Client to Require Signed Certificates

Password Files

Security Concerns

Password File Contents

Connecting Through a Firewall

To Enable Broker Connections Through a Firewall

Audit Logging with the Solaris BSM Audit Log

10.  Configuring and Managing Broker Clusters

11.  Managing Administered Objects

12.  Configuring and Managing Bridge Services

13.  Monitoring Broker Operations

14.  Analyzing and Tuning a Message Service

15.  Troubleshooting

Part III Reference

16.  Command Line Reference

17.  Broker Properties Reference

18.  Physical Destination Property Reference

19.  Administered Object Attribute Reference

20.  JMS Resource Adapter Property Reference

21.  Metrics Information Reference

22.  JES Monitoring Framework Reference

Part IV Appendixes

A.  Distribution-Specific Locations of Message Queue Data

B.  Stability of Message Queue Interfaces

C.  HTTP/HTTPS Support

D.  JMX Support

E.  Frequently Used Command Utility Commands


Connecting Through a Firewall

When a client application is separated from the broker by a firewall, special measures are needed in order to establish a connection. One approach is to use the httpjms or httpsjms connection service, which can “tunnel” through the firewall; see Appendix C, HTTP/HTTPS Support for details. HTTP connections are slower than other connection services, however; a faster alternative is to bypass the Message Queue Port Mapper and explicitly assign a static port address to the desired connection service, and then open that specific port in the firewall. This approach can be used to connect through a firewall using the jms or ssljms connection service (or, in unusual cases, admin or ssladmin).

Table 9-8 Broker Configuration Properties for Static Port Addresses

Connection Service
Configuration Property

To Enable Broker Connections Through a Firewall

  1. Assign a static port address to the connection service you wish to use.

    To bypass the Port Mapper and assign a static port number directly to a connection service, set the broker configuration property imq.serviceName.protocolType.port, where serviceName is the name of the connection service and protocolType is its protocol type (see Table 9-8). As with all broker configuration properties, you can specify this property either in the broker's instance configuration file or from the command line when starting the broker. For example, to assign port number 10234 to the jms connection service, either include the line


    in the configuration file or start the broker with the command

    imqbrokerd -name brokerName -Dimq.jms.tcp.port=10234

    where brokerName is the name of the broker to be started.

  2. Configure the firewall to allow connections to the port number you assigned to the connection service.

    You must also allow connections through the firewall to Message Queue's Port Mapper port (normally 7676, unless you have reassigned it to some other port). In the example above, for instance, you would need to open the firewall for ports 10234 and 7676.