Java Messaging Services Security 
Communication Protocols and Ports
Java Messaging Services (JMS) differentiates between internal and external communication.
JMS internal communication is communication that takes place directly on the SAP J2EE Engine. No information is passed to the user’s Web browser. Therefore, for internal communication both JMS and the application operate in the same runtime and therefore no extra security is necessary.
External communiation takes place using an SAP-proprietary binary format. The port used is obtained from the dispatcher. The default port is 5<sid>10, however, you can change this port in the server port definitions. The protocol used for JMS can only be transferred using this port. When communicating over network boundaries, this port must be opened on the firewall.
Data Storage
Configuration data and user data in form from messages are stored in the database and underlie the database protection mechanisms.
Authentication and Authorizations
You can also create objects for JMS using the JNDI (Java Naming and Directory Interface) service in the Visual Administrator. Such objects can contain user information such as passwords and if a user gains access to JNDI, then he or she can access the JMS configuration and other objects that have been created. Therefore, in addition to protecting access (read, write, create) to the JMS service, we also recommend restricting access to the JNDI service using security roles.
The SAP J2EE Engine forces authentication for JNDI access.
There is also a demo JMS service that you can use for test and demonstration purposes (not productive). In demo mode, you can only perform tests. The standard administrator user has authorizations for using this demo service.
See also:
