You can use WebSphere® method-level declarative security to secur access to Common Event Infrastructure functions.
Common Event Infrastructure defines seven security roles, each one associated with a related group of functions. These security roles control access to both programming interfaces and commands.
The following table describes the security roles and the types of users associated with each role.
Security role | User types |
---|---|
eventCreator | Event sources that need to submit events to
an emitter using synchronous EJB calls. This role provides access
to the following interfaces:
The eventCreator role restricts access to event submission only if the emitter is configured to use synchronous EJB calls for event transmission. If the emitter uses asynchronous JMS messaging for event transmission, you must use JMS security to restrict access to the destination used to submit events. |
eventUpdater | Event consumers that need to update events stored
in the event database. This role provides access to the following
interfaces:
|
eventConsumer | Event consumers that need to query events stored
in the event database. This role provides access to the following
interfaces:
|
eventAdministrator | Event consumers that need to query, update,
and delete events stored in the event database. This role provides
access to the following interfaces:
|
catalogReader | Event catalog applications that need to retrieve
event definitions from the event catalog. This role provides access
to the following interfaces:
|
catalogAdministrator | Event catalog applications that need to create, update, delete, or retrieve event definitions in the event catalog. This role provides access to all methods of the EventCatalog interface and all functions of the eventcatalog command. Because changes to the event catalog can result in generation of events, this role also provides access to event submission interfaces. |
The event service message-driven bean runs using the server user identity. If you are using asynchronous JMS transmission to submit events to the event service, and you have enabled method-based security, you must map this user identity to the eventCreator role.
permission java.io.FilePermission "${java.io.tmpdir}${/}guid.lock", "read, write, delete"; permission java.net.SocketPermission "*", "resolve";