一個建立於訊息導向中介軟體上的可抽換式安全架構

Abstract

近年來，隨著網際網路的快速發展，訊息導向中介軟體 (Message-Oriented Middleware) 成為企業間傳遞訊息最普遍使用的工具，隨著這股熱潮，昇陽公司制定了Java 訊息服務應用程式設計介面 (JMS API)，提供一個統一的標準介面，讓建立於訊息導向中介軟體之上的應用程式具有可移植性，而Persistent Fast Java Messaging (PFJM) 即是一套相容於 JMS API 的訊息導向中介軟體，並加強了其永續訊息與效能等特性。

隨著訊息導向中介軟體廣泛的應用於網際網路服務，以往被忽略的安全問題也慢慢浮出檯面，本篇論文將討論訊息導向中介軟體的安全議題，並於 PFJM 的基礎之上，提出一套可抽換式的安全架構，"可抽換" 意味著應用程式開發者只要透過簡單的修改設定檔，就能以不同的安全模組來建構其安全環境，而不須為了使用不同的安全架構，修改應用程式本身，透過抽換式的方法，應用程式開發者所使用的安全架構可隨其需求改變，提高開發應用程式的彈性。

With the rapidly growth of Internet, Message-oriented Middleware (MOM) had became the widespread used tool for delivering messages between companies. Sun Corporation had been aware the trend and defined a Java Message Service Application Programming Interface (JMS API) standard. This standard provides a set of uniform interface for application development and makes applications more portable. Persistent Fast Java Messaging (PFJM) is a JMS compliant Message-oriented Middleware and it has some outstanding features such as persistent message and high performance.

MOM had be widely adopted in Internet and the security issues not been noticed in the past had been discussed more and more. This paper will discuss the security issues on MOM. Based on PFJM, we bring up a pluggable security framework. "Pluggable" means application developers only need to modify configurations and plug in many different security modules to build a secure message delivering system. He/She needs not to modify applications in order to adopt different security strategies and be more flexible on developing.