The JMS connection factories are obtained using JNDI.
A JMS connection can be created from the connection factory either with a user name and password, or with no parameters.
Note that in both cases no logon is performed, only JMS permission checks are done for the respective user.
Configuration |
Description |
service.jms.<jms-instance-name>.authorization |
Contains the security settings for the JMS provider. The JMS provider defines two security roles: ● administrators – references the preconfigured security role administrators of the policy configuration SAP-J2EE-Engine. · clients – references the preconfigured security role guests of the policy configuration SAP-J2EE-Engine. By default, the two roles administrators and clients are granted permission for all actions. |
service.jms.<jms-instance-name>.authorization defines the following resources:
Resource |
Actions |
Description |
queue |
consumer produce browse |
There is an instance of this resource for each non-temporary queue. |
topic |
consumer produce browse |
There is an instance of this resource for each non-temporary topic. |
temporaryQueue |
consumer produce browse |
There is an instance of this resource for each temporary queue. |
temporaryTopic |
consumer produce browse |
There is an instance of this resource for each temporary topic. |
administration |
create_temporary_topic create_temporary_queue create_topic create_queue create_subscription remove_topic remove_queue remove_subscription |
The resource for administrative tasks. |
These policy configurations are configured by the Security Provider service. For more information, see Managing Policy Configurations.
Communication Protocols and Ports
The JMS provider differentiates between internal and external communication.
● JMS internal communication is communication that takes place within the J2EE Engine cluster. Therefore, for internal communication, both JMS and the application operate in the same runtime and therefore no extra security is necessary.
...
● External communication takes place using an SAP-proprietary binary format. The port used is obtained from the dispatcher. The default port is 5<instance id>10, however, you can change this port in the server port definitions. The protocol used for JMS can only be transferred using this port. When communicating over network boundaries, this port must be opened on the firewall. For more information, see J2EE Engine Ports.
No encryption is available on the JMS communication.
Data Storage
Configuration data and user data (messages) are stored in the database and underlie the database protection mechanisms.