JMS / MQ confidentiality between clients

Question

I'm designing a system where one server must send messages to lots of independent clients. The clients doesn't know about each other and should not be able to consume, peek or in any other way acquire knowledge about each others messages.

I therefore wonder if JMS / ActiveMq have the ability to control which clients get which messages?

I want all the clients to connect to the same JSM provider (the 'destination') and consume only messages meant for them. This would be a simple setup from the servers point of view.

An alternative would be to acquire webservice endpoints from all the clients and perform ws-calls every time the server have a message for a client. I think this alternative sound 'wrong' as I think ws calls are bloated. There is a great overhead for each ws call, and this server would have to make 1000's of call each day. In my opinion this would be suboptimal for the server...

Answer 1

Short answer: Use Message selector.

Detail answer: The question doesn't mention about how conversation is initiated. So here my answers for both scenarios.

a) If client initiates the conversation (i.e. Client sends a message to server and waiting for a reply).

This is a request/reply scenario. Messaging/JMS is a decoupled communication system. But request/reply is a common pattern in JMS. It can be implemented using correlation pattern.

• A unique identifier(correlation id) is sent part of the request message.
• Server receives the message and sets the correlation id in the reply message.
• Client uses Message selector to receive the message with the correct correlation id.

b) If server initiates the conversation (i.e. Server sends messages to the clients without client request).

In this case, similar approach can be used.

• A fixed client id is assigned to each client.
• Server maintains all client ids and sets client id of the recipient as correlation id of the message.
• Client uses Message selector to receive the message which has correlation id equals to its client id.

Update about confidentiality.

Following info extracted from this link useful for you to understand JMS security.

JMS does not specify a security contract or an API for controlling message confidentiality and integrity. Security is considered to be a JMS-provider-specific feature. It is controlled by a System Administrator rather than implemented programmatically or by the J2EE server runtime.

Two major features of JMS security are Authentication and Authorization. According to my knowledge, JMS security for client access is focusing on protecting the JMS destinations (not the individual messages). As long as a client has access to a destination, the security role assigned to the client is applicable for all the messages belongs to the destination.

Based on this,

Solution 1: If the client code is controlled by a trusted party.

Follow my solutions in my original answer. This will make sure the message is delivered to the right person. But will not protect anything if the client code is purposely modified to receive all messages.

Solution 2: Assign private destination and user account to each client and configure security such that user account of a client can access only its destination.

Note: Found a link about "Restrictions for message selectors to provide message level authorization". But I think it is a vendor specific custom feature.

Hope this will be helpful.