| Author |
Message
|
| skiv |
 Posted: Fri Jun 23, 2006 9:34 pm Post subject: help needed for topic security |
 |
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
hi
I would like to ask if I`m using pub/sub, how can I at the websphere MQ v6 server side find out which topic the client is pub or sub to? and if I want to only authorize certain clients for certain topic how can I go about doing it?
Thanks alot for the help |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Sat Jun 24, 2006 8:08 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
You need to purchase and install Message Broker and then configure the User Name Server component.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| skiv |
| Posted: Sat Jun 24, 2006 9:34 am Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
sorry but are there any other methods besides buying another product? Like writing an api exit?
what i`m thinking is i just need to find out which topic the client is conencting to and just block him... are there any codes that do that?
thanks thanks |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Sat Jun 24, 2006 11:39 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Sure, there are a bunch of ways you can cobble together some sort of in-house solution that you will have to maintain and test and spend time and money developing.
I don't believe that anyone else has bothered - or if they have, I haven't heard of it.
You can also just buy Event Broker instead of Message Broker, it is less expensive.
Either Message or Event Broker will also substantially improve the performance of your pub/sub solution.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| skiv |
| Posted: Mon Jun 26, 2006 1:56 am Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
| if I`m not wrong, there is a default broker in the websphere MQ ver 6.0... can we use that to implement the security restricting who to access which topic? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Jun 26, 2006 1:56 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| skiv wrote: |
| if I`m not wrong, there is a default broker in the websphere MQ ver 6.0... can we use that to implement the security restricting who to access which topic? |
NO.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| skiv |
| Posted: Tue Jun 27, 2006 1:48 am Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
regarding the event broker and message broker that you have mentioned, what is the difference btw the 2?
do they allow us to authenticate against another 3rd party source for example another database or from a txt file... or they need to authenticate against a fix database set by the broker? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Jun 27, 2006 2:25 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
The difference between the two is capabilities. Message Broker will allow you to transform messages, and will allow you to make subscriptions based on the content of the message, instead of just the topic. But it's more expensive.
Event Broker has the same pub/sub engine - minus the content filtering - and will also let you route messages (but not transform).
In either case, the User Name Server (which is the same for both) will authenticate users against the security domain of the machine it is running on - which can be different than the machine the broker is running on.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| skiv |
| Posted: Tue Jun 27, 2006 4:32 pm Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
so if during my development phase, I still have not decided from what kind of source i want to authenticate against (maybe a txt file, or a database), is message broker or event broker still suitable?
which means i want a robust system where i can decide on the source to authenticate against in a later stage |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Jun 27, 2006 4:59 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
The User Name Server authenticates against the user registry of OS that it is running on. It doesn't authenticate against anything else.
Your other choice is to build your own solution.
Unless you are running everything in a J2EE app server environment.
Then you should be able to use J2EE security in some manner or another.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| skiv |
| Posted: Tue Jun 27, 2006 6:05 pm Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
so if i want to achieve what i mentioned (authenticate against another source), message broker and event broker will be of no use?
I will still need to write my own API exit in C? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Jun 27, 2006 7:04 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Not a must. Remember there is configuration in Windows/Linux/Unix where you can authenticate against an LDAP server.... So you would still be using OS authentication but the OS authentication would happen against the LDAP server.
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| skiv |
| Posted: Tue Jun 27, 2006 7:17 pm Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
yup I read before about them using LDAP..
what i gathered from what i read is that message broker and event broker nearest to what i want is using LDAP and that have to configure beforehand
if I decide to use a txt file for example at later stage it will not be possible
(this is because right now in the development stage what source to authenticate against is still not decided and confirm yet....)
am i right about this concept? |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Wed Jun 28, 2006 1:51 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
It would be a very poor design decision, in my opinion, to use a text file as a user registry.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| skiv |
| Posted: Wed Jun 28, 2006 2:05 am Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
| oh what I mean is that the source is unknown yet so can be anything... I just use txt file as an example.... |
|
| Back to top |
|
|
|
|
