How to Avoid Anonymous Lookups on JMS Queues

(Doc ID 2202205.1)

Last updated on DECEMBER 19, 2016

Applies to:

Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.

Goal

When no credentials are provided in the initial context, by default a JMS client can lookup the JMS resources. It may be desired to remove this lookup.

eg:

Hashtable properties = new Hashtable();
properties.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
// NOTE: The port number of the server is provided in the next line,
// followed by the userid and password on the next two lines.
properties.put(Context.PROVIDER_URL, "t3://<hostname>:port");
properties.put(Context.SECURITY_PRINCIPAL, "weblogic");
properties.put(Context.SECURITY_CREDENTIALS, "welcome1");

Even without SECURITY_PRINCIPAL or SECURITY_CREDENTIALS, the JMS client program can connect to the server, lookup queues and read/write JMS messages.
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms