When administrative security is turned on, clients must be authenticated.
If a client tries to access a secured application without being authenticated, an exception is generated.
Client | Authentication options | Notes |
---|---|---|
Web services clients | You can use WS-Security/SOAP authentication. | |
Web or HTTP clients | HTTP Basic authentication (the browser prompts the client for a user name and password). | These clients reference JSPs, Servlets, and HTML documents. |
Java™ clients | JAAS. | |
All clients | SSL client authentication. |
Some of the components of the WebSphere ESB infrastructure have authentication aliases that are used to authenticate the runtime code for access to databases and the messaging engine. These Business Process Choreographer and Common Event Infrastructure authentication aliases are outlined in subsequent topics. The WebSphere ESB installer collects the user name and passwords to create these aliases.
Some runtime components have message-driven beans (MDBs) that are configured with a runAs role. The WebSphere ESB installer collects the user name and password for the runAs role.