Sun Java System Message Queue 3.7 UR1 Administration Guide

HTTP/HTTPS Support Architecture

Message Queue messaging can run on top of HTTP/HTTPS connections. Because HTTP/HTTPS connections are normally allowed through firewalls, this allows client applications to be separated from a broker by a firewall.

Figure C–1 shows the main components involved in providing HTTP/HTTPS support.

Figure C–1 HTTP/HTTPS Support Architecture

Diagram showing how an HTTP proxy and HTTP tunnel servlet
enable messages to go through firewalls. Figure explained in text.

As you can see from Figure C–1, the architecture for HTTP and HTTPS support is very similar. The main difference is that, in the case of HTTPS (httpsjms connection service), the tunnel servlet has a secure connection to both the client application and broker.

The secure connection to the broker is provided through an SSL-enabled tunnel servlet—Message Queue’s HTTPS tunnel servlet—which passes a self-signed certificate to any broker requesting a connection. The certificate is used by the broker to set up an encrypted connection to the HTTPS tunnel servlet. Once this connection is established, a secure connection between a client application and the tunnel servlet can be negotiated by the client application and the Web server/application server.