JNDI Connection Properties
This section discusses JMS properties associated with a JNDI connection.
Authentication Scheme
This property specifies the authentication scheme and applies to both the JNDI and data connection.
- Supported by: For basic and client certificate authentication schemes, event brokers running Solace PubSub+ version 6.1 and higher. For a Kerberos authentication scheme, event brokers running Solace PubSub+ version 7.0 and higher.
- Type: String
- Format must be one of the following:
SupportedProperty.AUTHENTICATION_SCHEME_BASIC
(username/password authentication). This is the default authentication scheme.
Refer to AUTHENTICATION_SCHEME_BASIC for more information.SupportedProperty.AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE
(Client Certificate Authentication).
Refer to AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE for more information.SupportedProperty.AUTHENTICATION_SCHEME_GSS_KRB
(Kerberos).
Refer to AUTHENTICATION_SCHEME_GSS_KRB for more information.SupportedProperty.AUTHENTICATION_SCHEME_OAUTH2
(OAuth 2.0). You can useOAUTH2_ACCESS_TOKEN
,OIDC_ID_TOKEN
or both. Both are required depending on your requirements.
- Default:
SupportedProperty.AUTHENTICATION_SCHEME_BASIC
When AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE
is used then at least one of these properties have to be set:
SSL_KEY_STORE_PASSWORD
SSL_PRIVATE_KEY_PASSWORD
The SSL_KEY_STORE
property becomes mandatory when AUTHENTICATION_SCHEME
is set to AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE
. For more information, refer to the Class JCSMPProperties page.
Property Source (in descending priority) | Property Source (in descending priority) |
---|---|
Initial Context |
The example below shows how to enable Client Certificate authentication. env.put(SupportedProperty.SOLACE_JMS_AUTHENTICATION_SCHEME, SupportedProperty.AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE); |
JNDI Properties File |
Solace_JMS_Authentication_Scheme=AUTHENTICATION_SCHEME_BASIC Solace_JMS_Authentication_Scheme=AUTHENTICATION_SCHEME_GSS_KRB Solace_JMS_Authentication_Scheme=AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE Solace_JMS_Authentication_Scheme=AUTHENTICATION_SCHEME_OAUTH2 |
Allow Duplicate Client ID Enabled
The property specifies whether new JMS connections can use the same Client identifier (ID) as an existing connection. If the property is enabled and the JMS client did not provide a client ID, the API could just use the auto-generated unique client-id used for the initial connection.
- Supported by: Version 8.6.0 or higher on the Solace PubSub+ software event broker and version 8.3.0 or higher on the Solace appliance. Also, JMS API 10.2.0 or higher is required.
- Type: Boolean
- Format: [true|false]
- Default: false
Property Source (in descending priority) | Example |
---|---|
JNDI Connection Factory |
CLI/SEMP - Set through the property list "client-properties", Property "allow-duplicate-client-id" |
Client Description
This property specifies the application description.
- Supported by: Solace PubSub+ version 5.0 and higher
- Type: String
- Format: A maximum of 254 ASCII characters.
- Default: “JNDI”
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JNDI_CLIENT_DESCRIPTION, “My JNDI Client Description”); |
JNDI Properties File |
Solace_JMS_JNDI_ClientDescription=My JNDI Client Description |
Client ID
This property specifies the client name. If not specified, the API generates a unique client ID.
- Supported by: Solace PubSub+ version 5.0 and higher
- Type: String
- Format: Must be a valid topic name; a maximum of 160 bytes is supported when encoded in UTF-8.
- Default: A generated client ID
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JNDI_CLIENT_ID, “My JNDI Client”); |
JNDI Properties File |
Solace_JMS_JNDI_ClientID=My JNDI Client |
Compression Level
This property is used to enable and specify the ZLIB compression level.
- Type: Integer
- Format: Valid values for the compression level are 0 (no compression), or 1 through 9 (where 1 offers the least amount of compression and fastest data throughput, and 9 offers the most compression and slowest data throughput). The default value is 0.
- Default: 0
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_COMPRESSION_LEVEL, 6); |
JNDI Properties File |
Solace_JMS_CompressionLevel=6 |
Connect Retries
This property specifies the maximum number of times to attempt a JNDI Connection if the first connect fails. If this value is -1 or greater than 1, and a host list is used, each connect retry will traverse the host list according to the value set for the Connect Retries property.
- Type: Integer
- Format: Valid values are -1 through 2147483647. 0 means do not perform any automatic connection retries (that is, try once and give up); –1 means retry forever.
- Default: 0
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JNDI_CONNECT_RETRIES, 5); |
JNDI Properties File |
Solace_JMS_JNDI_ConnectRetries=3 |
System |
-DJNDI_Connect_Retries=3 |
Connection Retries Per Host
When using a list of hosts for the URL property (refer to URL), this property defines the maximum number of times to retry a JNDI connection attempt to a single host before moving on to the next host in the list.
When traversing the list, each entry may be attempted the number of times set for the connection retries per host property plus 1.
- Type: Integer
- Format: Valid values are -1 through 2147483647. 0 means no retries (that is, try once and give up); –1 means retry forever (that is, the API only tries to connect or reconnect to first host listed.)
- Default: 0
This property works in conjunction with the connect and reconnect retries settings; it does not replace them.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JNDI_CONNECT_RETRIES_PER_HOST, 5); |
JNDI Properties File |
Solace_JMS_JNDI_ConnectRetriesPerHost=10 |
System |
-DJNDI_Connection_Retries_Per_Host=10 |
Connect Timeout
This property specifies the maximum amount of time (in milliseconds) permitted for a JNDI connection attempt.
- Type: Integer
- Format: In milliseconds; valid values are 0 through 2147483647. 0 means wait forever.
- Default: 30000 (that is, 30 seconds)
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JNDI_CONNECT_TIMEOUT, 50000); |
JNDI Properties File |
Solace_JMS_JNDI_ConnectTimeout=60000 |
System |
-DJNDI_Connect_Timeout=60000 |
Interceptors
These properties specify the producer interceptor (pre-send hook) and consumer interceptor (pre-receive hook) used by applications to address core-concepts, such as logging or encryption. It is used to set the fully-qualified name of classes whose methods are called prior to sending or receiving the message using the producer interceptor and consumer interceptor, respectively.
Consumer Interceptor
- Type: String
- Format: The name that refers to the interceptor that runs prior to receiving a message.
Property Source | Example |
---|---|
Initial Context |
For the consumer interceptor: env.put(SupportedProperty.SOLACE_JMS_MESSAGE_CONSUMER_INTERCEPTOR_CLASS_NAME, CONSUMER_INTERCEPTOR_CLASS_NAME); |
JNDI Properties File |
For the consumer interceptor, where the fully-qualified name of the class is Solace_JMS_MessageConsumerInterceptorClassName=com.solace.example.MyDecryptingReceiverInterceptor |
System |
For the consumer interceptor: -DSolace_JMS_MessageConsumerInterceptorClassName=com.solace.example.MyDecryptingReceiverInterceptor |
Producer Interceptor
- Type: String
- Format: The name that refers to the interceptor that runs prior to sending a message.
Property Source | Example |
---|---|
Initial Context |
For the producer interceptor: env.put(SupportedProperty.SOLACE_JMS_MESSAGE_PRODUCER_INTERCEPTOR_CLASS_NAME, PRODUCER_INTERCEPTOR_CLASS_NAME); |
JNDI Properties File |
For the producer interceptor, where the fully-qualified name of the class is Solace_JMS_MessageProducerInterceptorClassName=com.solace.example.MyEncryptingMessageProducerInterceptor |
System |
For the producer interceptor: -DSolace_JMS_MessageProducerInterceptorClassName=com.solace.example.MyEncryptingMessageProducerInterceptor |
JAAS Login Context
This property specifies a name that applications use to refer to the entry in a login configuration file when they instantiate a LoginContext.
- Type: String
- Format: The name that refers to the entry in the login configuration file.
- Default: SolaceGSS
Property Source (in highest priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JAAS_LOGIN_CONTEXT, “SolaceGSS”); |
JAAS Configuration File Reload Enabled
This property, when true, indicates the login configuration file is reloaded before connect or reconnect to the event broker.
- Type: Boolean
- Format: [true | false]
- Default: false (disabled)
Property Source (in highest priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JAAS_CONFIG_FILE_RELOAD_ENABLED, true); |
JMSX User ID Enabled
This property specifies if the identity of the user is included in the messages it sends.
- Supported by: Solace PubSub+ 7.2 and higher
- Type: Boolean
- Format: [true|false]
- Default: false
Property Source (in descending priority) | Example |
---|---|
JNDI Connection Factory |
SolAdmin—Set through the Messaging Properties tab of the New JMS Connection Factory or Edit JMS Connection Factory dialog box. CLI/SEMP—Set through Property List “messaging‑properties”, Property “jmsx-user-id-enabled”. |
Kerberos Mutual Authentication
This property specifies that mutual authentication is to be used when the Kerberos authentication scheme is enabled.
- Supported by: Solace PubSub+ 7.0 and higher
- Type: Boolean
- Format: [true|false]
- Default: true
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_KRB_MUTUAL_AUTHENTICATION, false); |
JNDI Properties File |
Solace_JMS_KRB_Mutual_Authentication=false |
Kerberos Service Name
This property specifies that mutual authentication is to be used when the Kerberos authentication scheme is enabled.
- Supported by: Solace PubSub+ 7.0 and higher
- Type: String
- Format: Any string. The total SPN value must not exceed 190 characters, including Service Name, Host FQDN, ‘@’ symbol, and ‘REALM’ name.
- Default: “solace” (SupportedProperty.DEFALUT_KRB_SERVICE_NAME)
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_KRB_SERVICE_NAME, "solace"); |
JNDI Properties File |
Solace_JMS_KRB_Service_Name=KRBName |
Local Host
This property specifies the IP address of the local interface to use. By default, the operating system picks the interface. This property applies to both the JNDI and data connections.
- Type: String
- Format: IP address
- Default: none
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put( SupportedProperty.SOLACE_JMS_LOCALHOST, "192.168.1.1"); |
JNDI Properties File |
Solace_JMS_Localhost=192.168.1.1 |
System |
-DJMS_Solace_localhost=192.168.1.1 |
Password
This property specifies a password to connect to the event broker with. By default, no password is specified. This password applies to both the JNDI and JMS (that is, data) connections, but it can be overridden when creating a JMS connection. For more information, refer to Managing Sessions.
- Type: String
- Format: The maximum length is 128 characters.
- Default: “”
Property Source (in descending priority) | Example |
---|---|
System |
-Djava.naming.security.credentials=pwd |
Initial Context |
env.put(Context. SECURITY_CREDENTIALS, pwd); |
JNDI Properties File |
java.naming.security.credentials=pwd |
URL |
smf://user1:pwd@192.168.1.1:55555 With host lists there is the capability to specify a username or password with every URL. In this case, the chosen username and password are the first ones found in the URL list. |
Read Timeout
This property specifies the maximum amount of time (in milliseconds) permitted for reading a JNDI lookup reply from the host.
- Type: Integer
- Format: Valid values are 0 through 2147483647. 0 means wait forever.
- Default: 10000 (that is, ten seconds)
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JNDI_READ_TIMEOUT, 60000); |
JNDI Properties File |
Solace_JMS_JNDI_ReadTimeout=60000 |
System |
-DJNDI_Read_Timeout=60000 |
Reconnect Retries
This property specifies the number of times to attempt to reconnect to a host once an established JNDI connection has been lost. The JNDI connection to the host will not be reestablished if there is no JNDI lookup that needs to be performed.
When using a list of hosts for the URL property (refer to URL), and no connection is reestablished to any of the hosts, the API can reattempt connecting to the listed hosts again starting with the first host in the list. Each time the API works through the host list without establishing a reconnection is considered an reconnect retry. For example, if a Reconnect Retries value of two is used, the API could possibly work through all of the listed hosts without reconnecting to them three times: one time through for the initial connect attempt, and then two times through for reconnect retries.
After each unsuccessful attempt to reconnect to a host, the API waits for the amount of time set for Reconnect Retry Wait property (refer to Reconnect Retry Wait) before attempting another reconnection to a host. It should be noted that the number times to attempt to reconnect to one host before moving on to the next listed host is determined by the value set for the Connection Retries Per Host property (refer to Connection Retries Per Host).
- Type: Integer
- Format: Valid values are -1 through 2147483647. 0 means no automatic reconnect retries (that is, try once and give up); –1 means retry forever.
- Default: 20
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JNDI_RECONNECT_RETRIES, 100); |
JNDI Properties File |
Solace_JMS_JNDI_ReconnectRetries=100 |
System |
-DJNDI_Reconnect_Retries=100 |
Reconnect Retry Wait
If a connect or reconnect attempt to a host is not successful, the API waits the amount of time (in milliseconds) set for this property, and then makes another connect or reconnect attempt.
When using a list of hosts for the URL property (refer to URL), the Connect Retries Per Host property (refer to Connection Retries Per Host) sets how many connection or reconnection attempts can be made before moving on to the next host in the list.
- Type: Integer
- Format: Valid values are 0 through 60000. 0 means do not wait.
- Default 3000 (that is, three seconds)
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_JNDI_RECONNECT_RETRY_WAIT, 10000); |
JNDI Properties File |
Solace_JMS_JNDI_ReconnectRetryWait=10000 |
System |
-DJNDI_Reconnect_Retry_Wait=3000 |
SSL Certificate Validation
Indicates whether the API should validate server certificates with the trusted certificates in the trust store. A JKS or PKCS12 certificate file is used for the trust store. This property must be set to true
to use the SSL Certificate Host Validation and SSL Certificate Date Validation properties.
- Supported by: Solace PubSub+ and higher
- Type: Boolean
- Format: [
true
|false
] - Default:
true
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_VALIDATE_CERTIFICATE, true); |
JNDI Properties File |
Solace_JMS_SSL_ValidateCertificate=false |
SSL Certificate Date Validation
Indicates whether the Session connection should fail when an expired certificate or a certificate not yet in use is received. No date validation is performed (overriding this property) if SSL Certificate Validation is set to false
.
- Supported by: Solace PubSub+ 6.0 and higher
- Type: Boolean
- Format: [
true
|false
] - Default:
true
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_VALIDATE_CERTIFICATE_DATE, true); |
JNDI Properties File |
Solace_JMS_SSL_ValidateCertificateDate=true |
SSL Certificate Host Validation
Indicates if the session connection verifies if the subject alternative name in the server's X.509 certificate matches the host specified the URL property. If the X.509 certificate does not contain a subject alternative name section, the Common Name in the Subject field is checked instead. This setting is set to True
by default (the recommended setting). It's important to note that the SSL Certificate Validation property overrides this property, therefore, if SSL Certificate Validation is set to false
, no SSL certificate host validation is performed.
- Supported by: Solace PubSub+ 9.7 and higher
- Type: Boolean
- Format: [
true
|false
] - Default:
true
This property applies to both the JNDI and data connections.
As per RFC 2818 and RFC 5280, Solace does not recommend that you set this property to false. Setting the property to false means that Server Certificate Validation Using Subject-Alternative Name is not performed.
SSL Certificate Host Validation Property
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_VALIDATE_CERTIFICATE_HOST, true); |
JNDI Properties File |
Solace_JMS_SSL_ValidateCertificateHost=true |
SSL Cipher Suite
The TLS/ SSL cipher suites to use to negotiate a secure connection with the event broker.
A cipher suite is a combination of cryptographic parameters that define the security algorithms and key sizes used for authentication, key agreement, encryption, and integrity protection. Cipher suites can be specified using their JSSE name or OpenSSL name.
The Solace JMS API supports the following cipher suites (showing the JSSE name with the OpenSSL name in brackets):
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
(ECDHE-RSA-AES256-SHA384)This cipher suite requires Java 7 or higher and the installation of the JCE Unlimited Strength Jurisdiction Policy Files.
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(ECDHE-RSA-AES256-SHA)This cipher suite requires Java 7 or higher and the installation of the JCE Unlimited Strength Jurisdiction Policy Files.
TLS_RSA_WITH_AES_256_CBC_SHA256
(AES256-SHA256)This cipher suite requires Java 7 or higher and the installation of the JCE Unlimited Strength Jurisdiction Policy Files.
TLS_RSA_WITH_AES_256_CBC_SHA
(AES256-SHA)This cipher suite requires installation of the JCE Unlimited Strength Jurisdiction Policy Files.
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
(ECDHE-RSA-DES-CBC3-SHA)This cipher suite requires Java 7 or higher.
SSL_RSA_WITH_3DES_EDE_CBC_SHA
(DES-CBC3-SHA)TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(ECDHE-RSA-AES128-SHA)This cipher suite requires Java 7 or higher.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(ECDHE-RSA-AES128-SHA256)This cipher suite requires Java 7 or higher.
TLS_RSA_WITH_AES_128_CBC_SHA256
(AES128-SHA256)This cipher suite requires Java 7 or higher.
TLS_RSA_WITH_AES_128_CBC_SHA
(AES128-SHA)
This property applies to both the JNDI and data connections.
- Supported by: Solace PubSub+ 6.0 and higher
- Type: String
- Format: Comma-separated list of ciphers
- Default: All supported ciphers
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put( SupportedProperty.SOLACE_JMS_SSL_CIPHER_SUITE, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "); |
JNDI Properties File |
Solace_JMS_SSL_CipherSuites=SSL_RSA_WITH_RC4_128_SHA |
SSL Connection Downgrade To
Sets the transport protocol that TLS/SSL connections will be downgraded to after client authentication. This property applies to both the JNDI and data connections.
- Supported by: Solace PubSub+ 7.2 and higher
- Type: String
-
Allowed values: "
PLAIN_TEXT
"
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put( SupportedProperty.SOLACE_JMS_SSL_CONNECTION_DOWNGRADE_TO, “PLAIN_TEXT”); |
JNDI Properties File |
Solace_JMS_SSL_ConnectionDowngradeTo=PLAIN_TEXT |
SSL Excluded Protocols
A comma-separated list of encryption protocols that should not be used. SSL v3.0 (sslv3), TLS v1.0 (tlsv1), TLS v1.1 (tlsv1.1) and TLS v1.2 (tlsv1.2) are valid entries. When specifying multiple protocols, the order is not important.
- Supported by: Solace PubSub+ and higher
- Type: String
- Format: Comma-separated list of protocol names
- Default:
""
TLS v1.1 (tlsv1.1) and TLS v1.2 (tlsv1.2) require Java 7 or greater.
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put( SupportedProperty.SOLACE_JMS_SSL_EXCLUDED_PROTOCOLS, "tlsv1"); |
JNDI Properties File |
Solace_JMS_SSL_ExcludedProtocols=tlsv1 |
SSL Internal Normalized Key Store Format
This property specifies the format of the internal normalized key store. It allows you to override the type of the internal normalized keystore used for processing the keys from the SSL Key Store if there are issues with the default format.
This property applies to both the JNDI and data connections.
- Supported by: Solace PubSub+ 7.2.1 and higher
- Type: String
- Format: Typically one of the standard built-in formats, like “jks” or “pkcs12”
- Default: “”. If not specified then the type of SSL Key Store is used.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put( SupportedProperty.SOLACE_JMS_SSL_KEY_STORE_NORMALIZED_FORMAT, “pkcs12”); |
JNDI Properties File |
Solace_JMS_SSL_KeyStoreNormalizedFormat =pkcs12 |
System |
System Property -Djavax.net.ssl.keyStoreNormalizedType=PKCS12 |
SSL Key Store
This property specifies the keystore to use in the URL or path format. The keystore holds the client’s private key and certificate required to authenticate a client during the TLS/SSL handshake. This property is required if the authentication scheme is client certificate authentication.
This property applies to both the JNDI and data connections.
- Supported by: Solace PubSub+ 6.1 and higher
- Type: String
- Format: URL or path of the keystore file
- Default:
""
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put( SupportedProperty.SOLACE_JMS_SSL_KEY_STORE, "mykeystore.jks"); |
JNDI Properties File |
Solace_JMS_SSL_KeyStore=myKeyStore.jks |
System |
-Djavax.net.ssl.keyStore=myKeyStore.jks |
SSL Key Store Format
This property specifies the format of the given keystore. It applies to both the JNDI and data connections.
- Supported by: Solace PubSub+ 6.1 and higher
- Type: String
- Format: JKS or PKCS12
- Default:
"jks"
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put( SupportedProperty.SOLACE_JMS_SSL_KEY_STORE_FORMAT, "pkcs12"); |
JNDI Properties File |
Solace_JMS_SSL_KeyStoreFormat=pkcs12 |
System |
-Djavax.net.ssl.keyStoreType=PKCS12 |
SSL Key Store Password
This property specifies the keystore password to use and allows JMS to verify the integrity of the keystore.
This property applies to both the JNDI and data connections.
- Supported by: Solace PubSub+ and higher
- Type: String
- Format: String
- Default:
""
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_KEY_STORE_PASSWORD, "password"); |
JNDI Properties File |
Solace_JMS_SSL_KeyStoreFormat=mypass |
System |
-Djavax.net.ssl.keyStorePassword=mypass |
SSL Private Key Alias
This property specifies which private key in the keystore to use for authentication. This property is necessary when a keystore with multiple private key entries is used.
This property applies to both the JNDI and data connections.
- Supported by: Solace PubSub+ and higher
- Type: String
- Format: String
- Default:
""
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_PRIVATE_KEY_ALIAS, "alias"); |
JNDI Properties File |
Solace_JMS_SSL_PrivateKeyAlias=alias |
SSL Private Key Password
This property specifies which private key in the keystore to use for authentication. This property is necessary when a keystore with multiple private key entries is used.
This property applies to both the JNDI and data connections.
- Supported by: Solace PubSub+ 6.1 and higher
- Type: String
- Format: String
- Default:
""
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_PRIVATE_KEY_PASSWORD, "password"); |
JNDI Properties File |
Solace_JMS_SSL_PrivateKeyPassword=password |
SSL Protocol
A comma-separated list of the encryption protocols to use. SSL v3.0 (sslv3), TLS v1.0 (tlsv1), TLS v1.1 (tlsv1.1) and TLS v1.2 (tlsv1.2) are supported. When specifying multiple protocols, the order is not important.
- Supported by: Solace PubSub+ 6.0 and higher
- Type: String
- Format: Comma-separated list of protocol names
- Default:
"sslv3,tlsv1,tlsv1.1,tlsv1.2"
.
- As of Solace PubSub+ 7.1, use of the “SSL Excluded Protocols” property is recommended instead. You may not use both “SSL Protocol” and “SSL Excluded Protocols”. Refer to SSL Excluded Protocols.
- TLS v1.1 (tlsv1.1) and TLS v1.2 (tlsv1.2) require Java 7 or greater.
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_PROTOCOL, "tlsv1"); |
JNDI Properties File |
Solace_JMS_SSL_Protocol=tlsv1 |
SSL Trust Store
The trust store file to use. This property is mandatory if the SSL Certificate Validation property is set to true
.
- Supported by: Solace PubSub+ 6.0 and higher
- Type: String
- Format: URL or path of the trust store file
- Default:
""
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
System |
-Djavax.net.ssl.trustStore=myTrustStore.jks |
JNDI Properties File |
Solace_JMS_SSL_TrustStore=myTrustStore.jks |
Initial Context |
env.put( SupportedProperty.SOLACE_JMS_SSL_TRUST_STORE, "mytruststore.jks"); |
SSL Trust Store Format
Indicates the format used by the trust store provided for the SSL Trust Store property.
- Supported by: Solace PubSub+ 6.0 and higher
- Type: String
- Format:
"jks"
or"pkcs12"
- Default: "
jks"
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_TRUST_STORE_FORMAT, "pkcs12"); |
JNDI Properties File |
Solace_JMS_SSL_TrustStoreFormat=pkcs12 |
System |
-Djavax.net.ssl.keyStoreType=PKCS12 |
SSL Trust Store Password
The password for the trust store provided for the SSL Trust Store property. This property is mandatory if the SSL Certificate Validation property is set to true.
- Supported by: Solace PubSub+ 6.0 and higher
- Type: String
- Format: String
- Default:
""
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_TRUST_STORE_PASSWORD, "password"); |
JNDI Properties File |
Solace_JMS_SSL_TrustStorePassword=mypass |
System |
-Djavax.net.ssl.trustStorePassword=mypass |
SSL Trusted Common Name List
A list of up to 16 acceptable common names for matching in server certificates. If no common names are provided (the default), it means that there is no common name verification and all common names are acceptable.
No common name validation is performed if SSL Certificate Validation is set to false
or the SSL Server Certificate Validation is set to true
.
- Supported by: Solace PubSub+ 6.0 and higher
- Type: String
- Format: Comma-separated list of common names
Leading and trailing white spaces are considered to be part of the common names and are not ignored.
- Default:
""
This property applies to both the JNDI and data connections.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_SSL_TRUSTED_COMMON_NAME_LIST, "acme.com,www.acme.com"); |
JNDI Properties File |
Solace_JMS_SSL_TrustedCommonNameList= acme.com,www.acme.com |
URL
This property specifies the IP address and port (optional) of the host (LDAP server or event broker) to connect to for a JNDI lookup. A host entry uses the following format:
<URI Scheme>://[username]:[password]@<IP address>[:port]
Where:
URI Scheme
is the uniform resource identifier (URI) scheme used for the JNDI lookup. The valid values are:
smf
—use plain-text over SMF for communications between the application and the host. SMF is the default.smfs
—use TLS/ SSL protocols over SMF for secure communications between the application and the host
username
is the user name that is required to authenticate a client connecting to the host. A client username can be used by a single or by multiple JMS clients.
password
is the username password for the connection when authentication is required.
IP address
is the IP address (or hostname) of the host. To specify a prioritized list of hosts that a client can attempt to connect to, list each IP address, in order of importance, separated by a comma.
port
is the port number to use to establish the connection. A value is only required when the client needs to use a port other than the automatically‑assigned default port number. The default port number for is 55555 when compression is not in use, or 55003 when compression is in use. The default port for TLS/SSL connections (with or without compression) is 55443.
- Type: String
- Format: smf://username:password@ipaddress:port
- Default: None
The provided URL parameters are used for both a JNDI connection and a JMS data connection. This is useful when both the JNDI and JMS data connections are for an event broker that provides JNDI and JMS service. However, when the JNDI store to be used is hosted on an LDAP server, and the event broker is only used for the JMS broker, the specified URL parameters, which are used for the JNDI connection, can be overridden by parameters specified in the Connection Factory when creating a JMS connection.
Property Source (in descending priority) | Example |
---|---|
Initial Context |
env.put( InitialContext.PROVIDER_URL, “smf://user:pwd@192.168.1.1:55555”); |
System |
-Djava.naming.provider.url=smf://192.168.1.1 |
JNDI Properties File |
java.naming.provider.url=smf://192.168.1.1,smf://192.168.2.1 Host=smf://192.168.1.1,smf://192.168.2.1 Note: This example shows a prioritized list of event brokers. |
Username
This property specifies the username to connect to the event broker with. By default, this username property applies to both the JNDI connection and JMS data connections, but it can be overridden when creating a JMS connection.
- Type: String
- Format: The maximum length is 32 characters.
- Default: None
Property Source (in descending priority) | Example |
---|---|
System |
-Djava.naming.security.principal=user1 |
Initial Context |
env.put(Context.SECURITY_PRINCIPAL, user1); |
JNDI Properties File |
java.naming.security.principal=user1 |
URL |
smf://user1:pwd@192.168.1.1:55555 With host lists there is the capability to specify a username or password with every URL. In this case, the chosen username and password are the first ones found in the URL list. |
VPN
This property specifies the Message VPN to use when connecting to the event broker. This property applies to both the JNDI and data connections. The default value is “” which means connect to the default Message VPN.
- Type: String
- Format: The maximum length is 32 bytes when encoded in UTF-8.
- Default: “”
Property Source (in descending priority) | Example |
---|---|
System |
-DSolace_JMS_VPN=myVPN |
Initial Context |
env.put(SupportedProperty.SOLACE_JMS_VPN, “myVPN”); |
JNDI Properties File |
Solace_JMS_VPN=myVPN |
Username |
env.put(Context.SECURITY_PRINCIPAL, user1@myVPN);
|