Extensible Authentication:
The extensible authentication feature uses the Java virtual machine (JVM) and the Java Authentication and Authorization Service (JAAS) to allow you to run your own Java-based authentication module in the EMS server.
Your authentication module, or LoginModule, runs in the JVM within the EMS server, and is accessed by tibemsd using the JAAS interface. This is a flexible way to extend the security of your EMS application.
Writing an Authentication Module :
The LoginModule is a custom module that runs inside the EMS server within a JVM. The LoginModule is written using JAAS, a set of APIs provided by Sun Microsystems, and used to create plugable Java applications. JAAS provides the interface between your code and the EMS server. JAAS is a standard part of JRE, and is installed with EMS.
Set up JAAS
jaas_config_file = "C:\tibco\ems\7.0\bin\security\jaas-config.txt"
# Path to jar file containing customer JAAS implementation
jaas_classpath = "C:\tibco\ems\7.0\samples\security\SecurityPlugins.jar"
# Customer code must return a result within this many milliseconds
jaas_login_timeout = 500
Extensible Permissions :
The extensible permissions feature uses the Java virtual machine (JVM) and the Java Access Control Interface (JACI) to allow you to run your own Java-based permissions module in the EMS server.
Your Permissions Module runs in the JVM within the EMS server, and connects to tibemsd using the JACI interface.
Set up JACI
Class that implements the com.tibco.tibems.tibemsd.security.Authorizer interface(this class should be available in Jar file).
jaci_class = com.tibco.example.FlatFilePermissionModule
# Path to jar file containing customer JACI implementation
jaci_classpath = "C:\tibco\ems\7.0\samples\security\SecurityPlugins.jar"
# Customer code must return a result within this many milliseconds
jaci_timeout = 500
# If you need to pass configuration parameters to customer JACI code, system
# properties are a good way to do it:
jre_option = -Dexample.permission.file=C:\tibco\ems\7.0\bin\security\permission.txt
jre_option = -Dexample.permission.debug=true
1. Verify the setting of TIBEMS_ROOT environment variable inside the setup.bat or setup.sh script file.
2. Make sure your computer has Java 1.6 or greater installed.
3. Make sure JavaMail API is on your classpath.
(See example ConfFileUserAuthLoginModule for more information.)
4. Open console window and change directory to the samples/security
subdirectory of your TIBCO Enterprise Message Service installation.
5. run "setup" script.
6. execute:
javac com/tibco/example/*.java
jar cf SecurityPlugins.jar com/tibco/example/*.class
the generated jar file is used in jaci_class path and jass_class path
jaas configuration file:
EMSUserAuthentication {
com.tibco.example.FlatFileUserAuthLoginModule required
debug=true
filename="C:/tibco/ems/7.0/bin/security/userpass.txt";
};
Permissions File:
Colin > TOPIC_SUBSCRIBE 30
Russ > TOPIC_PUBLISH 10
Bob samp.* TOPIC_SUBSCRIBE,TOPIC_PUBLISH,TOPIC_DURABLE,TOPIC_USE_DURABLE
user1 > QUEUE_SEND
user3 > QUEUE_SEND
user2 > QUEUE_RECEIVE
user4 sam.* QUEUE_SEND
user2 sam.* QUEUE_SEND
Users File:
Colin:guitar!
Russ:photos00
Balbhim:9tennis9
Bob:runner01
user1:user1
user2:user2
user3:user3
user4:user4
tibemsd.conf file is attached below...
Have fun!!!
The extensible authentication feature uses the Java virtual machine (JVM) and the Java Authentication and Authorization Service (JAAS) to allow you to run your own Java-based authentication module in the EMS server.
Your authentication module, or LoginModule, runs in the JVM within the EMS server, and is accessed by tibemsd using the JAAS interface. This is a flexible way to extend the security of your EMS application.
Writing an Authentication Module :
The LoginModule is a custom module that runs inside the EMS server within a JVM. The LoginModule is written using JAAS, a set of APIs provided by Sun Microsystems, and used to create plugable Java applications. JAAS provides the interface between your code and the EMS server. JAAS is a standard part of JRE, and is installed with EMS.
Set up JAAS
jaas_config_file = "C:\tibco\ems\7.0\bin\security\jaas-config.txt"
# Path to jar file containing customer JAAS implementation
jaas_classpath = "C:\tibco\ems\7.0\samples\security\SecurityPlugins.jar"
# Customer code must return a result within this many milliseconds
jaas_login_timeout = 500
Extensible Permissions :
The extensible permissions feature uses the Java virtual machine (JVM) and the Java Access Control Interface (JACI) to allow you to run your own Java-based permissions module in the EMS server.
Your Permissions Module runs in the JVM within the EMS server, and connects to tibemsd using the JACI interface.
Set up JACI
Class that implements the com.tibco.tibems.tibemsd.security.Authorizer interface(this class should be available in Jar file).
jaci_class = com.tibco.example.FlatFilePermissionModule
# Path to jar file containing customer JACI implementation
jaci_classpath = "C:\tibco\ems\7.0\samples\security\SecurityPlugins.jar"
# Customer code must return a result within this many milliseconds
jaci_timeout = 500
# If you need to pass configuration parameters to customer JACI code, system
# properties are a good way to do it:
jre_option = -Dexample.permission.file=C:\tibco\ems\7.0\bin\security\permission.txt
jre_option = -Dexample.permission.debug=true
To compile and run sample security modules, do the following steps:
1. Verify the setting of TIBEMS_ROOT environment variable inside the setup.bat or setup.sh script file.
2. Make sure your computer has Java 1.6 or greater installed.
3. Make sure JavaMail API is on your classpath.
(See example ConfFileUserAuthLoginModule for more information.)
4. Open console window and change directory to the samples/security
subdirectory of your TIBCO Enterprise Message Service installation.
5. run "setup" script.
6. execute:
javac com/tibco/example/*.java
jar cf SecurityPlugins.jar com/tibco/example/*.class
the generated jar file is used in jaci_class path and jass_class path
jaas configuration file:
EMSUserAuthentication {
com.tibco.example.FlatFileUserAuthLoginModule required
debug=true
filename="C:/tibco/ems/7.0/bin/security/userpass.txt";
};
Permissions File:
Colin > TOPIC_SUBSCRIBE 30
Russ > TOPIC_PUBLISH 10
Bob samp.* TOPIC_SUBSCRIBE,TOPIC_PUBLISH,TOPIC_DURABLE,TOPIC_USE_DURABLE
user1 > QUEUE_SEND
user3 > QUEUE_SEND
user2 > QUEUE_RECEIVE
user4 sam.* QUEUE_SEND
user2 sam.* QUEUE_SEND
Users File:
Colin:guitar!
Russ:photos00
Balbhim:9tennis9
Bob:runner01
user1:user1
user2:user2
user3:user3
user4:user4
tibemsd.conf file is attached below...
Have fun!!!
