WebSphere WebSphere Application Server Network Deployment, Version 6.0.x Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Mediations security considerations

This topic describes the security considerations for mediations.

When WebSphere Application Server global security is enabled, the messaging engine must be authorized to access the mediation. For more information, see Ensuring the messaging engine can access mediations.

When an application sends a message to the bus, the identity of the sender application is associated with the message. The message is sent to the next destination in the forward routing path only if the message originator has Sender authority for that destination. A mediation can change the identity of the senders to the mediations identity.

When you install a mediation for use when security is enabled, you must ensure that the identity that the messaging engine will use to call mediations can access the mediations.

If bus security has been enabled, and the mediation sends messages to, and receives messages from destinations, the mediation identity requires access to the destination. For more information, see Administering authorization permissions.

Any new messages sent by the mediation are sent using the mediation identity.

By default, a mediation inherits its identity from the messaging engine. You can change the identity for a mediation handler by specifying a RunAS role using the assembly tools. For more information, see Role-based authorization.

Related tasks
Securing mediations
Planning your security requirements
Ensuring the messaging engine can access mediations
Configuring an alternative mediation identity for a mediation handler

Concept topic

Terms of Use | Feedback

Last updated: 15 Mar 2007
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.pmc.nd.doc\concepts\cjp0021_.html

© Copyright IBM Corporation 2004, 2007. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)