Securing messaging

The steps to take to secure asynchronous messaging.

About this task

Security for messaging is enabled only when WebSphere® Application Server administrative security is enabled. In this case:

Standard Java™ EE Connector Architecture (JCA) authentication is used for a request to create a new connection to a messaging provider. If authentication is successful, the JMS connection is created; if authentication fails, the connection request is ended.

Notes:
  • User IDs that are longer than 12 characters cannot be used for authentication with the V5 default messaging provider or with a WebSphere MQ network. For example, the default Windows® user ID "Administrator" is not valid for use in this context because it contains 13 characters.
  • [z/OS] Users that exploit the connection thread identity support do not have to provide a user ID and password for authentication.
  • [z/OS] In addition to the authorization needed for creating a connection to a messaging provider, you also typically need authorization to access specific JMS resources associated with that provider. For example, if you are using the WebSphere MQ messaging provider to connect to a WebSphere MQ network, you might also need permission from the WebSphere MQ network to write to a given queue.
  • To enable the WebSphere MQ messaging provider to connect in bindings transport mode to WebSphere MQ, you set theTransport type parameter on the WebSphere MQ queue connection factory to BINDINGS, and you set the WebSphere Application Server MQ_INSTALL_ROOT environment variable.
    [AIX HP-UX Linux Solaris Windows] [iSeries] You must also choose one of the following options:
    • If you are using security credentials (user ID and password), ensure that the user specified is the current logged-on user for the WebSphere Application Server process, otherwise the following WebSphere MQ JMS Bindings authentication exception message is generated: MQJMS2013 invalid security authentication supplied for MQQueueManager.
    • If you are not using security credentials, ensure that neither the Component-managed Authentication Alias nor the Container-managed Authentication Alias properties are set on the connection factory.

To secure your asynchronous messaging, complete one or more of the following steps:

Procedure




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Feb 19, 2011 5:25:36 AM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v610web&product=was-nd-mp&topic=tmj_securing
File name: tmj_securing.html