Messaging security

The messaging security model includes authentication of the user, checking that the user is authorized to access resources, and ensuring the confidentiality and integrity of the message in transit.

Note: Messaging security applies to the whole bus: you cannot switch security on for some messaging engines in a bus and off for the others.

When you create a connection to the messaging system, you can specify a user name and password. The user name and password are authenticated using the same user registry that the application server uses for its authentication checks.

If the authentication is successful, an access check is performed to see whether the user has permission to connect to the bus. If the user does not have permission, connection is refused. Otherwise, further access checks on the user name are performed when the connection accesses a destination (to send or receive a message), creates a temporary destination, or accesses a foreign bus. When a messaging client uses a connection to access a topic, an access check is performed for the topic space (destination) that contains the topic. If you define that topic access checking is also required, a second access check is performed for the topic itself. Topic access checking is controlled by the Topic access check required attribute for the topic space, which you select when configuring bus destination properties.

To ensure the confidentiality and integrity of messages in transit, you can configure an SSL secure transport for the connections between clients and messaging engines, between messaging engines in the same bus, and between buses.

Messaging security is optional. If you want to enable it you must also enable global security on the application server.




Related concepts
Learning about the default messaging provider
Authentication mechanisms
Java Authentication and Authorization Service
Secure transport considerations
User registries
Learning about service integration security
Related tasks
Administering messaging security
Configuring bus destination properties
Concept topic    

Terms of Use | Feedback

Last updated: Sep 20, 2010 9:00:59 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-dist&topic=cjr0420_
File name: cjr0420_.html