The messaging security model includes authentication of the user, checking that the user is authorized to access resources, and ensuring the confidentiality and integrity of the message in transit.
When you create a connection to the messaging system, you can specify a user name and password. The user name and password are authenticated using the same user registry that the application server uses for its authentication checks.
If the authentication is successful, an access check is performed to see whether the user has permission to connect to the bus. If the user does not have permission, connection is refused. Otherwise, further access checks on the user name are performed when the connection accesses a destination (to send or receive a message), creates a temporary destination, or accesses a foreign bus. When a messaging client uses a connection to access a topic, an access check is performed for the topic space (destination) that contains the topic. If you define that topic access checking is also required, a second access check is performed for the topic itself. Topic access checking is controlled by the Topic access check required attribute for the topic space, which you select when configuring bus destination properties.
To ensure the confidentiality and integrity of messages in transit, you can configure an SSL secure transport for the connections between clients and messaging engines, between messaging engines in the same bus, and between buses.
Messaging security is optional. If you want to enable it you must also enable global security on the application server.