When you install WebSphere Application Server, global security
is enabled and every installed service integration bus (SIBus) is secured. Set the minimum security configuration that is required
to allow SIBus Web services to work in a secure service integration bus.
Before you begin
Why and when to perform this task
When security is enabled, WebSphere
Application Server and the service integration bus require authentication
by user ID and password for the resource adapter and for every endpoint listener
that you have installed. To meet this requirement, you configure an authentication
alias for the resource adapter and endpoint listeners to use when they communicate
with the bus.
To set the minimum security configuration
that is required to allow SIBus Web services to work in a secure service integration
bus, use the administrative console to complete the following steps:
Steps for this task
- In the navigation pane, click bus_name.
- Create a J2C authentication alias.
- Configure authentication for the resource adapter by completing
the following steps:
- In the administrative console navigation pane, click .
- In the Authentication alias selection list, choose the
authentication alias that you created.
- Click Apply.
- Optional: Configure endpoint listener
authentication.
If you configure the endpoint listener authentication
property as detailed in this step, then messages sent to the bus from the
endpoint are always sent under the user ID specified in the property value.
If you omit this step, then the message sent to the bus is sent as the ID
of the user already authenticated by WebSphere Application Server (for example,
if the inbound request contains WS-Security authentication, or if the endpoint
is protected). If you omit this step and no authenticated user ID is found,
then the message send will fail with the following error:
CWSIK0018E: Send access to destination <destination> was denied for user with subject <subject>.
To configure endpoint listener authentication, complete the following
steps for every bus that is connected to an endpoint listener:
- In the administrative console navigation pane, click one of the paths shown in the table Paths to this panel.
Paths to this panel |
server_name
cluster_name
|
A list of endpoint listeners is displayed
in an endpoint
listener collection form.
- Click the name of an endpoint listener in the list. The
current endpoint
listener settings for this endpoint listener are displayed.
- Under the additional properties heading, click Connection
properties. A list of all the service integration
buses that are currently connected to this endpoint listener is displayed
in a service
integration bus connection properties collection form.
- Click the name of a bus in the list. A list of custom
properties (name and value pairs) for this bus is displayed. These custom
properties define the manner in which the endpoint listener connects to this
bus:
Note: Property name com.ibm.websphere.sib.webservices.replyDestination,
defines the reply destination name used by the endpoint listener. Do not modify
or remove this property, which is set automatically when the service integration
bus is associated with the endpoint listener.
- Enter a new custom property. For the property name, type com.ibm.websphere.sib.webservices.EPLAuthAlias.
For the property value, type the authentication alias that you created.
- Save your changes to the master configuration.
- Close the administrative console.
You are now ready to
configure Web services for a service integration bus.