Configure with the Broker Profile
Follow the steps below to configure the JMS transport of the ESB profile with the Broker profile.
From the below configurations, do the ones in the axis2.xml file based on the profile you use as follows:
- To enable the JMS transport in the ESB profile, edit the
<EI_HOME>/conf/axis2/axis2.xml
file. - To enable the JMS transport in other profiles, edit the
<EI_HOME>/wso2/<PROFILE_HOME>/conf/axis2/axis2.xml
file.<PROFILE_HOME>
refers to the main directory of the profile inside the WSO2 EI distribution. For example, to enable the JMS transport in the Business Process profile, edit the<EI_HOME>/wso2/business-process/conf/axis2/axis2.xml
file
To enable the JMS transport of the ESB profile to communicate with the Broker profile, edit the
<EI_HOME>/conf/axis2/axis2.xml
file, find the commented<transport receiver>
block and uncomment it as shown below.<!--Uncomment this and configure as appropriate for JMS transport support with WSO2 EI Broker Profile --> <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener"> <parameter name="myTopicConnectionFactory" locked="false"> <parameter name="java.naming.factory.initial" locked="false">org.wso2.andes.jndi.PropertiesFileInitialContextFactory</parameter> <parameter name="java.naming.provider.url" locked="false">conf/jndi.properties</parameter> <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter> <parameter name="transport.jms.ConnectionFactoryType" locked="false">topic</parameter> </parameter> <parameter name="myQueueConnectionFactory" locked="false"> <parameter name="java.naming.factory.initial" locked="false">org.wso2.andes.jndi.PropertiesFileInitialContextFactory</parameter> <parameter name="java.naming.provider.url" locked="false">conf/jndi.properties</parameter> <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter> <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter> </parameter> <parameter name="default" locked="false"> <parameter name="java.naming.factory.initial" locked="false">org.wso2.andes.jndi.PropertiesFileInitialContextFactory</parameter> <parameter name="java.naming.provider.url" locked="false">conf/jndi.properties</parameter> <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter> <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter> </parameter> </transportReceiver>
Uncomment the following
<transport sender>
block for JMS in the same file:<!-- uncomment this and configure to use connection pools for sending messages> <transportSender name="jms" class="org.apache.axis2.transport.jms.JMSSender"/>
For more information on the JMS configuration parameters used in the code segments above, see JMS Connection Factory Parameters.
Open
<EI_HOME>/conf/jndi.properties
file
Use carbon as the virtual host.
- Define a queue named
JMSMS
. Comment out the topic, since it is not required in this scenario. However, in order to avoid getting the
javax.naming.NameNotFoundException:TopicConnectionFactory
exception during server startup, make a reference to the Broker profile from theTopicConnectionFactory
as well.
For example:# register some connection factories # connectionfactory.[jndiname] = [ConnectionURL] connectionfactory.QueueConnectionFactory = amqp://admin:admin@clientID/carbon?brokerlist='tcp://localhost:5675' connectionfactory.TopicConnectionFactory = amqp://admin:admin@clientID/carbon?brokerlist='tcp://localhost:5675' # register some queues in JNDI using the form # queue.[jndiName] = [physicalName] queue.JMSMS=JMSMS queue.StockQuotesQueue = StockQuotesQueue
For instructions on configuring the JMS transport in a cluster of the WSO2 EI Broker profile, see Running the Broker instances.
- Ensure that the Broker profile is started.
- Start the ESB profile.
Now, you have both the Broker and the ESB profile of WSO2 EI configured and running with the JMS transport enabled.
Managing security of the configuration
JMS is an integral part of enterprise integration solutions that are highly-reliable, loosely-coupled and asynchronous. As a result, implementing proper security to your JMS deployments is vital. The below sections discuss some of the best practices of an effective JMS security implementation when used in combination with WSO2 Enterprise Integrator.
Let's see how some of the key concepts of system security such as authentication, authorization and availability are implemented in different types of broker servers as follows.
You can apply the same information mentioned in this section when configuring JMS with Apache QPid.
Given below is an overview of how some common security concepts are implemented in EI-Broker runtime.
Security Concept | How it is Implemented in EI-Broker |
---|---|
Authentication | Andes Authenticator connected entities to authenticate. |
Authorization | Creation and use of role-based permissions. |
Availability | Clustering using Apache Zookeeper. |
Integrity | Message-level encryption using WS-Security. |
Let's see how each concept in the table above is implemented in EI-Broker.
After setting up EI-Broker runtime with the ESB runtime in WO2 EI, open <EI_HOME>/wso2/broker/conf/advanced/qpid-config.xml
file and add the following line as a child element of <tuning>.
<messageBatchSizeForBrowserSubscriptions>100000</messageBatchSizeForBrowserSubscriptions>
Authentication: Plain Text
EI-Broker requires all its incoming connections to be authenticated. The <EI_HOME>/conf/jndi.properties
file contains lines similar to the following. They contain the username and password credentials used to authenticate connections made to the EI-Broker runtime. This is plain text authentication.
connectionfactory.TopicConnectionFactory = amqp://admin:admin@clientID/carbon?brokerlist='tcp://localhost:5675' connectionfactory.QueueConnectionFactory = amqp://admin:admin@clientID/carbon?brokerlist='tcp://localhost:5675'
In the EI-Broker authentication example below, we send a request to the proxy service testJMSProxy, which adds a message to the example.MyQueue queue.
<definitions xmlns="http://ws.apache.org/ns/synapse"> <registry provider="org.wso2.carbon.mediation.registry.WSO2Registry"> <parameter name="cachableDuration">15000</parameter> </registry> <proxy name="testJMSProxy" transports="https http" startOnLoad="true" trace="disable"> <target> <inSequence> <property name="FORCE_SC_ACCEPTED" value="true" scope="axis2"/> <property name="target.endpoint" value="jmsEP" scope="default"/> <store messageStore="testMsgStore"/> </inSequence> </target> </proxy> <endpoint name="jmsEP"> <address uri="http://localhost:9000/services/SimpleStockQuoteService"/> </endpoint> <sequence name="fault"> <log level="full"> <property name="MESSAGE" value="Executing default 'fault' sequence"/> <property name="ERROR_CODE" expression="get-property('ERROR_CODE')"/> <property name="ERROR_MESSAGE" expression="get-property('ERROR_MESSAGE')"/> </log> <drop/> </sequence> <sequence name="main"> <in> <log level="full"/> <filter source="get-property('To')" regex="http://localhost:9000.*"> <send/> </filter> </in> <out> <send/> </out> <description>The main sequence for the message mediation</description> </sequence> <messageStore class="org.wso2.carbon.message.store.persistence.jms.JMSMessageStore" name="testMsgStore"> <parameter name="java.naming.factory.initial">org.wso2.andes.jndi.PropertiesFileInitialContextFactory</parameter> <parameter name="java.naming.provider.url">repository/conf/jndi.properties</parameter> <parameter name="store.jms.destination">MyQueue</parameter> </messageStore> </definitions>
If you change the authentication credentials of the jndi.properties file, the connection will not be authenticated. You will see an error similar to:
ERROR - AMQConnection Throwable Received but no listener set: org.wso2.andes.AMQDisconnectedException: Server closed connection and reconnection not permitted.
Authentication: Encrypted
In the previous authentication example, the user names and passwords are stored in plain text inside the WSO2 EI’s jndi.properties file. These credentials can be stored in an encrypted manner for added security.
Authorization
EI-Broker runtime allows user-based authorization as seen in the example on WSO2 MB Authentication. To set up users, follow the instructions in User Management section of the WSO2 Admin Guide.
EI-Broker provides role-based authorization for topics, where public/subscribe access can be assigned to user groups. For more information on setting up role-based authorization for topics, refer to section Managing Topics and Subscriptions section of the WSO2 MB documentation.
Integrity
Integrity is part of message-level security, and can be implemented using a standard like WS-Security. For information on how message-level security works in JMS, see Managing Security of the configuration.