Mediations security considerations

This topic describes the security considerations for mediations.

When security is enabled, the messaging engine requires an identity called a mediations authentication alias to access a mediation. You can use the administrative console to define a mediations authentication alias for the bus. For more information, see Ensuring the messaging engine can access mediations.

When a client application sends a message to a bus destination, the identity of the sender application is associated with the message. If the sender application is authorized to access the target bus destination, the message is sent to the next destination in the forward routing path. If a mediation processes the message in some way at the target destination, the identity associated with the message is preserved by default. You can program the mediation to reset the message identity to the identity under which the mediation code runs. For example, if the mediated destination represents the boundary between two security domains, the sender application is not authorized to access the mediated destination. By translating different identities into a single user identity, you can control access between security domains. For more information about programming mediations, refer to Learning about programming mediations. For more information about using the resetIdentity() method, refer to SIMediationSession.

When administrative security is enabled, a mediation inherits an identity from the mediations authentication alias configured for the bus. You can change the identity for a mediation handler by specifying a RunAS role using the assembly tools. For more information, see Configuring an alternative mediation identity for a mediation handler.

When bus security is enabled, the mediation identity must be authorized to access destinations. For more information, see Administering authorization permissions.

If administrative security is disabled, an identity is not configured for the mediation. If bus security is enabled, and administrative security is disabled, the mediation is not authenticated to access bus destinations.




Related concepts
Mediations
Learning about mediations
Related tasks
Securing mediations
Planning your service integration security
Concept topic Concept topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 2:56:59 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=cjp0019_
File name: cjp0021_.html