tags:

views:

21

answers:

1
Q: 

JMS / MQ confidentiality between clients

I'm designing a system where one server must send messages to lots of independent clients. The clients doesn't know about each other and should not be able to consume, peek or in any other way acquire knowledge about each others messages.

I therefore wonder if JMS / ActiveMq have the ability to control which clients get which messages?

I want all the clients to connect to the same JSM provider (the 'destination') and consume only messages meant for them. This would be a simple setup from the servers point of view.

An alternative would be to acquire webservice endpoints from all the clients and perform ws-calls every time the server have a message for a client. I think this alternative sound 'wrong' as I think ws calls are bloated. There is a great overhead for each ws call, and this server would have to make 1000's of call each day. In my opinion this would be suboptimal for the server...

A: 

Short answer: Use Message selector.

Detail answer: The question doesn't mention about how conversation is initiated. So here my answers for both scenarios.

a) If client initiates the conversation (i.e. Client sends a message to server and waiting for a reply).

This is a request/reply scenario. Messaging/JMS is a decoupled communication system. But request/reply is a common pattern in JMS. It can be implemented using correlation pattern.

  • A unique identifier(correlation id) is sent part of the request message.
  • Server receives the message and sets the correlation id in the reply message.
  • Client uses Message selector to receive the message with the correct correlation id.

b) If server initiates the conversation (i.e. Server sends messages to the clients without client request).

In this case, similar approach can be used.

  • A fixed client id is assigned to each client.
  • Server maintains all client ids and sets client id of the recipient as correlation id of the message.
  • Client uses Message selector to receive the message which has correlation id equals to its client id.

Update about confidentiality.

Following info extracted from this link useful for you to understand JMS security.

JMS does not specify a security contract or an API for controlling message confidentiality and integrity. Security is considered to be a JMS-provider-specific feature. It is controlled by a System Administrator rather than implemented programmatically or by the J2EE server runtime.

Two major features of JMS security are Authentication and Authorization. According to my knowledge, JMS security for client access is focusing on protecting the JMS destinations (not the individual messages). As long as a client has access to a destination, the security role assigned to the client is applicable for all the messages belongs to the destination.

Based on this,

Solution 1: If the client code is controlled by a trusted party.

Follow my solutions in my original answer. This will make sure the message is delivered to the right person. But will not protect anything if the client code is purposely modified to receive all messages.

Solution 2: Assign private destination and user account to each client and configure security such that user account of a client can access only its destination.

Note: Found a link about "Restrictions for message selectors to provide message level authorization". But I think it is a vendor specific custom feature.

Hope this will be helpful.

Sujee  2010-08-13 16:45:37
Thanks!But how about confidentiality? Would other clients not be able to "select" messages belonging to other clients?
 2010-08-14 05:00:47
@user376803 Pls read the update.
Sujee  2010-08-16 02:33:35

related questions

Cocoa, Stomp, ActiveMQ, iPhone, SSL, & AsyncSocket Help Needed
ActiveMQ throws OOME when creating a large number of topics.
Securing ActiveMQ externally by IP filtering
Is this a realistic expectation of a distributed mechanism?
ActiveMQ web console doesn't work with embedded broker
Java ActiveMQ client fails to receive messages
Using Stomp and Apache ActiveMQ as reliable syslog
Using ActiveMQ 5, is it possible to configure the broker with in memory and network connections?
ActiveMQ .net client locks up
ActiveMQ setup of tcp socket using mina
Simple Routing of TCP Endpoints in activemq whats wrong??
javax.jms does not exist - compiling activemq examples
How can I observe what's happening under the hood of ActiveMQ?
My C++ ActiveMQ client can send messages, but not receive messages
How do I specify a TCP transport is server mode (listening) or client mode in activemq?
What's a quick way to trace the entry and exit of functions in a Visual Studio 2005 c++ multithreaded program?
ActiveMQ over SSL to a .Net client
Any issues with ActiveMQ broker and clients running on different JDKs?
Problem consuming ActiveMQ messages from Flex client
How do I use transactions with Stomp and ActiveMQ (and Perl)?
Integration of JavaScript and JMS
Write a Servlet that Talks to JMS (ActiveMQ) and OnMessage Update the Site
Multicasting, Messaging, ActiveMQ vs. MSMQ?
Javascript Load Order
What to use for Messaging with C#