OSB, JMS and Rogue Clients
By MarkSmith on Jul 14, 2008
Security is normally the last thing ESB administrators think of. When people think of security, they normally think of someone trying to hack into their network to gain sensitive information or trying to intentionally cause disruption to their services. Although this may be the case sometimes, it’s not the only reason an administrator may want to secure their message queues.
The biggest threat may be clients within your own enterprise that send or receive from the wrong queue. No that could never happen…… not on purpose, but due to misconfiguration, poor testing or poor communication.
Have you ever heard someone say “Where are those extra consumers coming from??? This queue should have 5 consumers, instead it has 10”. Or have you ever heard of clients sending the wrong message to the wrong queue? Have you seen text messages end up on message queues designed to process well formed XML?
There are probably many ways to guard against this, but one way to do it is to secure your message queues. By doing this, the ESB Administrator can ensure the correct clients are producing and consuming from the correct queues. As it’s not uncommon for an ESB to use hundreds of queues, it is impractical to secure them manually via the console. The process needs to be automated, repeatable and able to be version controlled. If an ESB Administrator wants to secure their message queues in WebLogic Server (WLS) and AquaLogic Service Bus (ALSB), then this can be automated using WebLogic Server Scripting Tool (WLST).