Messaging security

Enabling security in service integration bus results requirement for client authentication, the enforcement of authorization policy and by default, the use of SSL transport chains.

Note: Messaging security applies to the whole bus: you cannot switch security on for some messaging engines in a bus and off for the others.

When you create a connection to the messaging system, you can specify a user name and password. The user name and password are authenticated using the same user registry that the application server uses for its authentication checks.

If the authentication is successful, an access check is performed to see whether the user has permission to connect to the bus. If the user does not have permission, connection is refused. Otherwise, further access checks on the user name are performed when the connection accesses a destination (to send or receive a message), creates a temporary destination, or accesses a foreign bus. When a messaging client uses a connection to access a topic, an access check is performed for the topic space (destination) that contains the topic. If you define that topic access checking is also required, a second access check is performed for the topic itself. Topic access checking is controlled by the Topic access check required attribute for the topic space, which you select when configuring bus destination properties.

To ensure the confidentiality and integrity of messages in transit, you can configure an SSL secure transport for the connections between clients and messaging engines, between messaging engines in the same bus, and between buses. You can configure a bus so that all of its connections use a secure transport.

Creating a bus when administrative security is enabled results in a bus that is secure by default. If administrative security is disabled an insecure bus is created.




Related concepts
Learning about the default messaging provider
Authentication mechanisms
Java Authentication and Authorization Service
Secure transport considerations
User registries and repositories
Learning about service integration security
Related tasks
Administering messaging security
Configuring bus destination properties
Concept topic    

Terms of Use | Feedback

Last updated: Feb 19, 2011 5:25:36 AM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v610web&product=was-nd-mp&topic=cjr0420_
File name: cjr0420_.html