Skip to main content

How to encrypt jms communication between Java EE Application Client and Glassfish 4.0

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
4 replies [Last post]
salaryman
Offline
Joined: 2014-01-28

The code below will run on top of a Java EE Application Client Container that connects to a remote Glassfish 4.0 server .

I am able to pass messages between client and server but I'm concerned about the confidentiality of data as it passes through public internet connection.

For EJBs, one way to achieve confidentiality is thru RMI/IIOP Over SSL http://docs.oracle.com/cd/E18930_01/html/821-2418/beakv.html#gckgn .

Any ideas encrypting data exhange on a JMS connection?

public class Message {
    @Resource(lookup = "java:comp/DefaultJMSConnectionFactory")
    private static QueueConnectionFactory connectionFactory;

    public void send() {
        Connection connection = null;
        Session session = null;
        try {
            connection = connectionFactory.createConnection();
            connection.start();

            session = connection.createSession();

            Queue queue = session.createQueue("queue");

            MessageProducer producer = session.createProducer(queue);

            String msg = "message-to-send";

            producer.send(session.createObjectMessage(msg));

        } catch (JMSException ex) {
            // log error
        } finally {
            // close connections
        }
    }
}

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
salaryman
Offline
Joined: 2014-01-28

Or maybe the data exchange is encrypted already?

nigeldeakin
Offline
Joined: 2007-10-12

JMS communications using GlassFish Message Queue is unencrypted by default. You would need to configure the MQ broker, and your connection factory, to use SSL for JMS communication.

The best place to start is the GlassFish Message Queue admin guide, which has a chapter on message encryption
http://docs.oracle.com/cd/E18930_01/html/821-2438/aeogb.html#scrolltoc

This document is written assuming you are running a standalone MQ broker rather than running one embedded in GlassFish. (I can't immediately find documentation for configuring SSL for an embedded broker.) BUt it may point you in the right direction.

As you suspected, configuring SSL for EJB access is unrelated to the use of SSL for JMS messages.

salaryman
Offline
Joined: 2014-01-28

Thanks nigeldeakin for your reply.

I was able to configure ssljms.

nigeldeakin
Offline
Joined: 2007-10-12

By default the MQ broker is embedded within the GF server (running within the same JVM). To enable SSL you need to (1) configure the MQ broker to run the jmsssl service and (2) configure your JMS connection factories to use the jmsssl protocol to connect to the broker.

So it's simply

[JMS application] ---- (JMS API via ssl) ----- [MQ Broker]

So any data that flows using the JMS API is encrypted.

I see your diagram shows the GF server. I'm not sure what you are thinking of here. In JMS messages flow only between the MQ broker and the JMS application (where "JMS application" might be a standalone client, or a EJB or servlet).

If you're still confused, ask a follow-up.