Authentication

When bus security is enabled and before users are allowed to connect to a bus, their credentials must first be authenticated. Authentication uses the same user registry as the other parts of WebSphere® Application Server.

The user registry is specified as part of the application server security configuration, and can be any of the following types:

Any of these can cover part of a bus, a whole bus, or multiple buses, with LDAP and custom registries typically having larger scope.

Since a messaging client can connect to any messaging engine on a bus, you must ensure that the user name and password that the client uses exist in the user registries on all the application servers hosting these messaging engines.

Application code in an EJB or web container can invoke the JMS client and access it as a JCA resource. The authentication check is determined by whether the application code has been configured to allow container-managed or application-managed sign-on to resources. For further details, see J2EE Connector security.

When an authentication failure occurs, a JMSSecurityException is thrown. Before trying again, you should check that the user name and password are valid in the user registries on all the application servers hosting the messaging engines on the bus.




Related concepts
Role-based authorization
User registries
J2EE connector security
Learning about service integration security
Related tasks
Administering messaging security
Concept topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 5:25:00 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-base-dist&topic=cjr0480_
File name: cjr0480_.html