Configure security for EJB 2.1 message-driven beans

 

+

Search Tips   |   Advanced Search

 

 

Overview

Use this task to configure resource security and security permissions for EJB V2.1 message-driven beans.

The association between connection factories, destinations, and MDBs is provided by listener ports, which allows a deployed MDB bean associated with the port to retrieve messages from the associated destination.

You create listener ports by specifying their administrative name, the connection factory JNDI name, and the destination name (other optional properties are also configurable). Listener ports provide simplified administration of the associations between connection factories, destinations and MDBs, and are managed by a listener manager. The listener manager is provided by the message listener service to control and monitor the JMS listeners that are monitoring JMS destinations on behalf of deployed MDBs.

Messages handled by MDBs have no client credentials associated with them. The messages are anonymous.

To call secure enterprise beans from a MDB bean, the MDB bean needs to be configured with a RunAs Identity deployment descriptor. Security depends on the role specified by the RunAs Identity for the MDB bean as an EJB component.

Connections used by MDBs can benefit from the added security of using J2C container-managed authentication. To enable the use of J2C container authentication aliases and mapping, define an authentication alias on the J2C activation specification that the MDB bean is configured with. If defined, the MDB bean uses the authentication alias for its JMSConnection security credentials instead of any application-managed alias.

To set the authentication alias, you can use the administrative console to complete the following steps. This task description assumes that you have already created an activation specification.

 

Procedure


Configure a JMS activation specification for MDBs used by the default messaging provider