Two types of adapters are supported in WebSphere® ESB: WebSphere Business Integration Adapters and WebSphere Adapters. The security of both types of adapters is discussed.
An adapter is the mechanism by which an application communicates with an Enterprise Information System (EIS). The information that is exchanged between an application and an EIS can be highly sensitive. It is important to ensure the security of this information transaction.
WebSphere Business Integration Adapters consist of a collection of software, application program interfaces (APIs), and tools that enable applications to exchange business data through an integration broker. WebSphere Business Integration Adapters rely on JMS messaging, and JMS does not support security context propagation.
WebSphere Adapters enable managed, bidirectional connectivity between an EIS and J2EE components supported by WebSphere ESB.
For inbound communication from both types of adapters into WebSphere ESB, there is no authentication mechanism. For WebSphere Business Integration Adapters, the reliance on JMS messaging precludes security context propagation. J2C also lacks inbound security support; therefore, WebSphere Adapters also have no authentication mechanism for inbound communication.
The entry from an adapter to WebSphere ESB always employs a Service Component Architecture (SCA) export. The SCA export has to be wired to an SCA component, such as mediation, business process, SCA Java™ component, or Selector.
The security solution is to define a runAs role on the component that is the target for the WebSphere Adapter export. This is done using the SCA qualifier SecurityIdentity during development (see the WebSphere Integration Developer Information Center for more information). When the component runs, it does so under the identity defined in the runAs role.
WebSphere Business Integration Adapters send data to WebSphere ESB as JMS messages over the service integration bus.
WebSphere Adapters reside in the JVM of the WebSphere ESB, and therefore only the communication between the adapter and the target EIS needs to be secured. The protocol between the adapter and the EIS is EIS-specific. The documentation of the EIS provides information about how to secure this link.