Already a member?
Sign in
Welcome! Wikis are websites that everyone can build together. It's easy!
OSBJMSSecurityExample
Oracle Service Bus JMS Security Example
Previously known as AquaLogic Service BusOverview
It’s a good policy to secure JMS Message Queues going through an ESB. By doing this, the ESB Administrator can ensure the correct clients are producing and consuming from the correct queues. As it’s not uncommon for an ESB to use hundreds of queues, it is impractical to secure them manually via the console. The process needs to be automated, repeatable and able to be version controlled. If an ESB Administrator wants to secure their message queues in WebLogic Server (WLS) and AquaLogic Service Bus (ALSB), then this example explains how this can be done in an automated and repeatable way using WebLogic Server Scripting Tool (WLST).
This example does the following:
- Creates a dedicated User in the default security realm.
- Creates a dedicated Group in the default security realm.
- Assigned the User to the Group.
- Applies a security policy to a JMS Message Queue where the user of the queue must be a member of the Group created in step 2.
- Creates a Static Service Account in ALSB that matches the User created in step 1.
- Assigns the Service Account to a JMS Proxy Service.
This sample has been tested on ALSB 2.6.1 for Windows.
The download contains four separate jython scripts, each with its own property file. By having a separate property file, each script can easily be de-coupled from the example.
The four scripts are:
- CreateWLSSecurityIdentity.py – Creates the User and Group in WLS
- ApplyWLSSecurityPolicy.py – Applies the security policy to a message queue in WLS
- CreateStaticServiceAccount.py – Creates a static service account in ALSB
- AssignJMSServiceAccount.py – Assigns the service account to a Proxy Service in ALSB
The download also includes a build.xml file, a security template used by ApplyWLSSecurityPolicy.py and a Windows cmd file to run the example.
Prerequisites
Before running this example, you must have the following:- A running ALSB domain (Either single server or cluster)
- A JMS Message Queue
- An ALSB Proxy Service that subscribes to the queue
Script Properties
The respective property files must be updated to reflect your local environment. The table below contains all the properties used in the example and the python script that they apply to.| CreateWLSSecurityIdentity | ApplyWLSSecurityPolicy | CreateStaticServiceAccount | AssignJMSServiceAccount | |
| adminUsername | Yes | Yes | Yes | Yes |
| adminPassword | Yes | Yes | Yes | Yes |
| hostname | Yes | Yes | Yes | Yes |
| port | Yes | Yes | Yes | Yes |
| domainName | Yes | Yes | ||
| groupName | Yes | Yes | ||
| groupDescription | Yes | |||
| userName | Yes | Yes | ||
| userDescription | Yes | |||
| defaultPassword | Yes | Yes | ||
| policyTemplateFile | Yes | |||
| queueName | Yes | |||
| jmsModuleName | Yes | |||
| alsbProjectName | Yes | Yes | ||
| saName | Yes | Yes | ||
| saDesc | Yes | |||
| saFolderName | Yes | Yes | ||
| proxyFolderName | Yes | |||
| proxyName | Yes |
The run.cmd file contains some paths to your install that must be updated to reflect your local environment.
Download and Links
Download the complete security example: https://msmith.projects.dev2dev.bea.com/alm-process/2-WLST/documents/esb_security_example.zipFor those who don't know about WLST, have a look at the following site: https://wlst.projects.dev2dev.bea.com
For those that want to download ALSB, go to this page:http://commerce.bea.com/showproduct.jsp?family=ALSB&major=3.0&minor=0
Latest page update: made by mark.ms.smith
, Jul 21 2008, 1:24 AM EDT
(about this update
About This Update
Edited by mark.ms.smith
9 words added
1 word deleted
view changes
- complete history)
Edited by mark.ms.smith
9 words added
1 word deleted
view changes
- complete history)
More Info: links to this page