We need:
- a secured topic
- an EMS user
- authorization enabled EMS
- access control list (acl)
Start EMS server
- simply execute tibemsd.exe in the bin folder of your TIBCO EMS installation (windows). The default EMS_HOME for
win32 installation is c:\tibco\ems\5.1 for TIBCO EMS 5.1.x.
1. %EMS_HOME%\bin\tibemsd.exe -config
fullpath_to_your_tibemsd.conf_file
Launch EMS admin console.
In the same directory of tibemsd.exe, execute the tibemsadmin.exe
1. %EMS_HOME%\bin\tibemsadmin.exe
Connect to EMS server
- In the TIBCO EMS Administration console, enter the command “connect”. Assuming you have not changed the admin password, login as admin with no password.
Creating a topic and securing itWe will create a EMS topic called FGW.FILEREADY to which the FileGateway will publish its file completion events. Just to add a little security to it, we will secure this topic by allowing only authorized consumers to subscribe, effectively blocking the anonymous consumers.
Enter the following commands into the admin console.
1. create topic FGW.FILEREADY secure
1. show topics
Note the ‘+’ sign under the column ‘S’, it indicates the topic is secured.
1. set server authorization=enabled
Authorization can also be turned on via the tibemsd.conf file.
1. authorization = enabled
Server restart is required if this method is used.
Creating an EMS userTo access to secured topics, the JMS consumer needs to provide credentials when subscribing. For that reason we will create a user called “fgwuser” with the password “fgwuser”.
Enter the following commands into the admin console.
1. create user fgwuser “FileGateway User” password=fgwuser
Use the following command to list the created user.
1. show user fgwuser
Configure the access control list (acl)The consumer of FGW.FILEREADY topic needs at least the ‘subscribe’ privilege in order to subscribe to the topic. If the consumer intends to become a durable subscriber, it also needs to be given the ‘durable’ privilege. Note that in our scenario, the consumer is not allowed to publish to this topic, hence the absence of ‘publish’ privilege.
Enter the following command into the admin console.
1. grant topic FGW.FILEREADY fgwuser subscribe, durable
1. showacl topic FGW.FILEREADY
OR
1. showacl user fgwuser
Summary
By now we have configured/created the following:
- A secured EMS topic called FGW.FILEREADY
- An EMS user called fgwuser
- Access control on fgwuser
- EMS server authorization = enabled
For training on TIBCO BusinessWorks mail us at [email protected]