Authentication and Permissions

The EMS server supports authentication of incoming connections through user and password validation, JAAS authentication modules, and OAuth 2.0.

The EMS server also supports access control (authorization) through enforcement of permissions on users and groups. EMS supports two basic levels of permissions: administrator and user.

Administrator permissions control the ability of a user to log in as an administrator to create, delete, or view the status of users, destinations, connections, factories, and so on. Administrators with the correct permissions can control user access to the EMS server by creating users, assigning passwords, and setting permissions.

User permissions apply to the activities a user can perform on each destination (topic and queue). Using permissions, you can control which users have permission to send, receive, or browse messages for queues. You can also control who can publish or subscribe to topics, or who can create durable subscriptions to topics. Permissions are stored in the access control list for the server.

Note: Authentication has some similar characteristics to Transport Layer Security (TLS). TLS allows for servers to require user authentication by way of the user’s digital certificate. TLS does not, however, specify any access control at the destination level. TLS and the authentication and access control features described in this chapter can be used together or separately to ensure secure access to your system. See TLS Protocol for more information about TLS.

Subtopics

Did you find this helpful?

Yes No