The messaging security model includes authentication of the user, checking that the user is authorized to access resources, and ensuring the confidentiality and integrity of the message in transit.
When you create a connection to the messaging system, you can specify a user name and password. The user name and password are authenticated using the same user registry that the application server uses for its authentication checks.
If the authentication is successful, an access check is performed to see whether the user has permission to connect to the bus. If the user does not have permission, connection is refused. Further access checks on the user name are performed when the connection accesses a destination (to send or receive a message), creates a temporary destination, or accesses a foreign bus. When a connection accesses a topic, an access check is performed for the topic space (destination) that contains the topic. If you define that topic access checking is also required, a second access check is performed for the topic itself. Topic access checking is controlled by the Topic access check required attribute for the topic space, which you select when configuring bus destination properties.
To ensure the confidentiality and integrity of messages in transit, you can configure an SSL or HTTPS secure transport for the connections between clients and messaging engines, between messaging engines in the same bus, and between buses. You can configure a messaging engine to require that all its connections use a secure transport which accepts connections from known sources only. You can also disable non-secure inbound transport chains to ensure that only secure chains can contact the messaging engines on a server. In this way, you can configure a secure message path, from source application to destination application.
Messaging security is optional. If you want to enable it you must also enable global security on the application server.
Messaging security applies to the whole bus: you cannot switch security on for some messaging engines in a bus and off for the others.