This is my first post here, although I've been using this forum for quite some time - it helped me a lot during preparations for previous certificates. Great job and thank you all:)
Ok, to the point. Currently I am working on Gusher Oil assignment. One of the requirements is: system security - minimum 128bits-encryption and JMS messages security. I have problems finding answers to address that requirement.
For one thing - I can ensure that application is accessible only through HTTPS.
Second thing is securing JMS - I can use SSL to achieve transport-layer encryption. What about message security? I wanted to use ObjectMessages in JMS communication, but I don't think that I can provide message security in that case? Sending encrypted SOAP messages with digital signatures over JMS is another option but I think there must exist better solution (and also, encrypting and signing XML messages along with mashalling can take some time and another requirement is that 99 percent of messages must be constructed and sent in under 3 seconds).