There are two different aspects to configuration a Web messaging enabled application: protecting the incoming URI and configuring client authentication and authorization to the service integraton bus.
Depending on the type of Web messaging
application you are writing, you might want to restrict access
to a Web messaging URI. Web messaging URI's can be protected using
standard Web application security methods. When a Web messaging URI
is protected, the Bayeux handshake request will be authenticated
and authorized using normal Web application security methods. Refer
to the following topic: