Securing the external scheduler interface requires securing the JobSchedulerMDI system application and the JMS resources it uses.
The following steps show you how to secure the external scheduler interface:
The JMS activation specification for the JobSchedulerMDI application requires a JAAS alias. The user ID and password defined to this alias represents access to the job scheduler inbound JMS queue, com.ibm.ws.grid.InputQueue. The JobSchedulerMDI application also uses the JAAS alias programmatically for authenticating to the outbound queue that the job scheduler uses to communicate with its clients. The outbound queue is com.ibm.ws.grid.OutputQueue. Define the JAAS alias in the administrative console:
Give the JAAS alias a name of your choice. Specify a user ID and password that provides access to the job scheduler inbound JMS queue, com.ibm.ws.grid.InputQueue, and enables authentication to the outbound queue, com.ibm.ws.grid.OutputQueue.
Roles must be assigned to authorize access to the bus and input and output bus destinations. These role assignments can be performed in the administrative console: Security > Bus security > bus_name > Disabled > Users and groups in the bus connector role.
You can also assign roles using either of the following wsadmin commands:
Make the following role assignments:
Permit access to this destination by assigning sender, receiver, and browser roles to the same user IDs. These IDs are the same IDs that you assigned the BusConnector role in the previous step. You can permit access only through wsadmin commands:
$AdminTask addUserToDestinationRole {-type queue –bus JobSchedulerBus
-destination com.ibm.ws.grid.InputQueue -role Sender -user userName}
or $AdminTask addGroupToDestinationRole {-type queue –bus JobSchedulerBus
-destination com.ibm.ws.grid.InputQueue -role Sender –group groupName}
AdminTask.setInheritDefaultsForDestination('-bus WSS.JobScheduler.Bus -type queue
-destination com.ibm.ws.grid.InputQueue -inherit false')
Repeat for receiver and browser roles.
Permit access to this destination by assigning the same roles to destination com.ibm.ws.grid.OutputQueue as were assigned for com.ibm.ws.grid.InputQueue in the previous step.
submitter-userid=username
submitter-password=password