When a server’s authorization parameter is enabled, other servers that actively connect to it must authenticate themselves by name and password, or by X.509 certificate.Figure 40 Routing: Authorization
● However, because B disables authorization, A need not identify itself to B, and B need not configure a user named A.When routing a secure topic or queue, servers consult the ACL specification before forwarding each message. The servers must grant one another appropriate permissions to send, receive, publish or subscribe.For example, in Figure 40, you don’t need an ACL for messages to flow from A (where a producer is sending to) to B (where a consumer is consuming from) because B has authorization turned off and messages are being sent to and consumed from queues. However, if messages were to flow from B to A (producer connects to B and consumer connects to A), then server A's ACL should grant user B send permission on the queue Q2.If we were to use topics in this example, then for messages to flow from A to B, you would need A to grant B the subscribe and durable permission on the topic (global on both servers). And for messages to flow from B to A, you would have to grant topic B publish permission on the topic.
Copyright © TIBCO Software Inc. All Rights Reserved.