April 3, 2014
Securing Tibco EMS
Posted in JMS tagged authorization, Tibco, TIBCO EMS admin at 7:16 AM by bsnaresh
One can follow these steps to secure a queue in Tibco EMS 5.0:
- Get into the TIBCO EMS admin cli:
- tibemsadmin -server “tcp://HOSTNAME:7222”
- To enable security, authorization has to be enabled. This can be done as follows:
- set server authorization=enabled
- Restart the Tibco EMS server.
- Create a connection factory using the following command
- create factory <Connection Factory Name> generic
- To make the ConnectionFactory accessible from remote hosts, add the following property:
- addprop factory <Connection Factory Name> url=tcp://HOSTNAME:7222
- Create queue using the following command:
- create queue <QUEUE NAME>
- Create a group of users who would be able to access the above queue:
- create group <groupname>
- Create a user who can be added to the above group:
- create user <username>
- Set a password to the above user:
- set password <username> <new password>
- Add this user to the created group
- add member <group name> <user to be added>
- Grant permissions on the queue to the created group
- grant queue <queuename> group=<groupname> all
- Enable authorization on this queue
- addprop queue <queuename> secure
If working on Tibco EMS 8.0, thr url property needs to be set while creating the factory itself:
- create factory <Connection Factory Name> generic url=tcp://HOSTNAME:7222