Thursday, October 7, 2010

Configuring TIBCO EMS for FileGateway to broadcast completion event

In our next article, we will add a new feature to the FileGateway. This article describes the steps to setup the EMS for that purpose.

We need:
  • a secured topic
  • an EMS user
  • authorization enabled EMS
  • access control list (acl)

Before you start

Start EMS server.
- simply execute tibemsd.exe in the bin folder of your TIBCO EMS installation (windows). The default EMS_HOME for win32 installation is c:\tibco\ems\5.1 for TIBCO EMS 5.1.x.

%EMS_HOME%\bin\tibemsd.exe -config fullpath_to_your_tibemsd.conf_file

Launch EMS admin console.
In the same directory of tibemsd.exe, execute the tibemsadmin.exe

%EMS_HOME%\bin\tibemsadmin.exe

Connect to EMS server

- In the TIBCO EMS Administration console, enter the command "connect". Assuming you have not changed the admin password, login as admin with no password.

Creating a topic and securing it

We will create a EMS topic called FGW.FILEREADY to which the FileGateway will publish its file completion events. Just to add a little security to it, we will secure this topic by allowing only authorized consumers to subscribe, effectively blocking the anonymous consumers.

Enter the following commands into the admin console.

create topic FGW.FILEREADY secure
To see the newly created topic in the console, enter the following command.

show topics
Note the '+' sign under the column 'S', it indicates the topic is secured.

Enable EMS authorization

The 'secure' property of a EMS topic or queue will only come to effect if the server authorization is enabled. To enable authorization on EMS server, enter the following command at the admin console.

set server authorization=enabled
Authorization can also be turned on via the tibemsd.conf file.
authorization = enabled
Server restart is required if this method is used.

Creating an EMS user

To access to secured topics, the JMS consumer needs to provide credentials when subscribing. For that reason we will create a user called "fgwuser" with the password "fgwuser".

Enter the following commands into the admin console.

create user fgwuser "FileGateway User" password=fgwuser
Use the following command to list the created user.

show user fgwuser

Configure the access control list (acl)

The consumer of FGW.FILEREADY topic needs at least the 'subscribe' privilege in order to subscribe to the topic. If the consumer intends to become a durable subscriber, it also needs to be given the 'durable' privilege. Note that in our scenario, the consumer is not allowed to publish to this topic, hence the absence of 'publish' privilege.

Enter the following command into the admin console.

grant topic FGW.FILEREADY fgwuser subscribe, durable
To inspect the privileges assigned to fgwuser, use the following commands

showacl topic FGW.FILEREADY

OR

showacl user fgwuser

Summary

By now we have configured/created the following:
  • A secured EMS topic called FGW.FILEREADY
  • An EMS user called fgwuser
  • Access control on fgwuser
  • EMS server authorization = enabled

We will update the FileGateway to publish file completion events to this topic in our next article.

Cheers, happy publishing...
at
Labels: ,

3 comments:

Subscribe to: Post Comments (Atom)