The FioranoMQ security subsystem provides user identification and authentication using standard JMS APIs. The integrity and privacy of data (discussed in the next section) is protected using MD5 (Message Digest 5) checksums and 40-bit and 128-bit encryption. FioranoMQ supports destination-based security which allows altering access permissions for Topics and Queues stored on the FioranoMQ Server.
To implement the username/password model specified by the JMS API, set up users following the instruction below:
- Set up users through FioranoMQ Administration API/GUI tools. Usernames are stored in the FioranoMQ offline database, together with their passwords and descriptions.
- When a client application tries to connect to the FioranoMQ server using the API TopicConnectionFactory.createTopicConnection (String username, String passwd), the FioranoMQ runtime library (embedded within the client) sends a connection request to the server, with the username and password. The server searches for the username in its repository. If the username is found, the server compares the supplied password with the existing password in the repository. If the password matches, the connection request is accepted, otherwise it is rejected and the client throws an exception.
If the username sent cannot be found in the repository, the server rejects the connection. A valid connection is allowed if the anonymous user is present in the users list. (An anonymous user is shipped with the product.) Additionally, any user can create a connection using the following:
All these connections are equivalent to:
TopicConnectionFactory.createTopicConnection ("anonymous","anonymous") call.
If this option is not required, then the anonymous user should be deleted through the 'Admin' API. These calls do not allow creation of connections. This is true for createQueueConnection() and createConnection() calls as well.