客户端之间的 JMS / MQ 机密性

发布于 2024-09-13 15:51:03 字数 383 浏览 11 评论 0原文

我正在设计一个系统,其中一台服务器必须向许多独立的客户端发送消息。客户端彼此不了解,并且不应该能够消费、窥视或以任何其他方式获取有关彼此消息的知识。

因此我想知道 JMS / ActiveMq 是否能够控制哪些客户端获取哪些消息?

我希望所有客户端连接到同一个 JSM 提供程序(“目的地”)并且仅使用消息适合他们。从服务器的角度来看,这将是一个简单的设置。

另一种方法是从所有客户端获取 Web 服务端点,并在每次服务器有客户端消息时执行 ws 调用。我认为这种替代方案听起来“错误”,因为我认为 ws 调用过于臃肿。每个 ws 调用都会产生很大的开销,并且该服务器每天必须进行 1000 个调用。在我看来,这对于服务器来说不是最理想的......

I'm designing a system where one server must send messages to lots of independent clients. The clients doesn't know about each other and should not be able to consume, peek or in any other way acquire knowledge about each others messages.

I therefore wonder if JMS / ActiveMq have the ability to control which clients get which messages?

I want all the clients to connect to the same JSM provider (the 'destination') and consume only messages meant for them. This would be a simple setup from the servers point of view.

An alternative would be to acquire webservice endpoints from all the clients and perform ws-calls every time the server have a message for a client. I think this alternative sound 'wrong' as I think ws calls are bloated. There is a great overhead for each ws call, and this server would have to make 1000's of call each day. In my opinion this would be suboptimal for the server...

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

绝情姑娘 2024-09-20 15:51:03

简短回答:使用 消息选择器

详细回答:
该问题没有提及对话是如何发起的。这是我对这两种情况的回答。

a) 如果客户端发起会话(即客户端向服务器发送消息并等待回复)。

这是一个请求/回复场景。消息/JMS 是一个解耦的通信系统。但是 request/reply 是一个JMS 中的常见模式。它可以使用关联模式来实现。

  • 唯一标识符(相关 ID)作为请求消息的一部分发送。
  • 服务器接收消息并在回复消息中设置相关ID。
  • 客户端使用消息选择器来接收具有正确相关 ID 的消息。

b) 如果服务器发起会话(即服务器在没有客户端请求的情况下向客户端发送消息)。

在这种情况下,可以使用类似的方法。

  • 每个客户端都会分配一个固定的客户端 ID。
  • 服务器维护所有客户端ID,并将接收者的客户端ID设置为消息的相关ID。
  • 客户端使用消息选择器来接收相关 ID 等于其客户端 ID 的消息。

有关保密性的更新。

以下信息摘自此链接有助于您了解JMS 安全性

JMS 未指定安全性
用于控制的合约或 API
消息的机密性和完整性。
安全被认为是
JMS 提供商特定的功能。这是
由系统管理员控制
而不是实施
以编程方式或通过 J2EE 服务器
运行时。

JMS 安全性的两个主要功能是身份验证和授权。据我所知,客户端访问的 JMS 安全性重点在于保护 JMS 目的地(而不是单个消息)。只要客户端有权访问目的地,分配给客户端的安全角色就适用于属于该目的地的所有消息。

基于此,

解决方案1:如果客户端代码由受信任方控制。

请按照我原来的答案中的解决方案进行操作。
这将确保消息被传递给正确的人。但如果故意修改客户端代码以接收所有消息,则不会保护任何内容。

解决方案 2:为每个客户端分配私有目标和用户帐户,并配置安全性,以便客户端的用户帐户只能访问其目标。

注意:找到一个关于"消息选择器提供消息的限制的链接级别授权”。但我认为这是供应商特定的自定义功能。

希望这会有所帮助。

Short answer: Use Message selector.

Detail answer:
The question doesn't mention about how conversation is initiated. So here my answers for both scenarios.

a) If client initiates the conversation (i.e. Client sends a message to server and waiting for a reply).

This is a request/reply scenario. Messaging/JMS is a decoupled communication system. But request/reply is a common pattern in JMS. It can be implemented using correlation pattern.

  • A unique identifier(correlation id) is sent part of the request message.
  • Server receives the message and sets the correlation id in the reply message.
  • Client uses Message selector to receive the message with the correct correlation id.

b) If server initiates the conversation (i.e. Server sends messages to the clients without client request).

In this case, similar approach can be used.

  • A fixed client id is assigned to each client.
  • Server maintains all client ids and sets client id of the recipient as correlation id of the message.
  • Client uses Message selector to receive the message which has correlation id equals to its client id.

Update about confidentiality.

Following info extracted from this link useful for you to understand JMS security.

JMS does not specify a security
contract or an API for controlling
message confidentiality and integrity.
Security is considered to be a
JMS-provider-specific feature. It is
controlled by a System Administrator
rather than implemented
programmatically or by the J2EE server
runtime.

Two major features of JMS security are Authentication and Authorization. According to my knowledge, JMS security for client access is focusing on protecting the JMS destinations (not the individual messages). As long as a client has access to a destination, the security role assigned to the client is applicable for all the messages belongs to the destination.

Based on this,

Solution 1: If the client code is controlled by a trusted party.

Follow my solutions in my original answer.
This will make sure the message is delivered to the right person. But will not protect anything if the client code is purposely modified to receive all messages.

Solution 2: Assign private destination and user account to each client and configure security such that user account of a client can access only its destination.

Note: Found a link about "Restrictions for message selectors to provide message level authorization". But I think it is a vendor specific custom feature.

Hope this will be helpful.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文