This topic describes considerations that you should be aware of if you want to use security for asynchronous messaging with WebSphere Application Server.
Security for messaging is
enabled only when WebSphere Application Server administrative security is
enabled. In this case:
When security for messaging is enabled:
If authentication is successful, then the JMS connection is created; if the authentication fails then the connection request is ended.
Standard J2C authentication is used for a request to create a new connection to the JMS provider. If your resource authentication (res-auth) is set to Application, set the alias in the Component-managed Authentication Alias. If the application that tries to create a connection to the JMS provider specifies a user ID and password, those values are used to authenticate the creation request. If the application does not specify a user ID and password, the values defined by the Component-managed Authentication Alias are used. If the connection factory is not configured with a Component-managed Authentication Alias, then you receive a runtime JMS exception when an attempt is made to connect to the JMS provider.
If
your res-auth property is set to Container, you can set the Container-managed
Authentication Alias on the Connection Factory, and specify the user ID and
password within this alias. If you are running in Bindings transport mode
(that is, the TransportType property on the Connection Factory is set to "BINDINGS"),
then you can also exploit the connector thread identity function instead of
specifying a container-managed alias. For more information, see Connection thread identity and Using thread identity support.
If
you are working with a message-driven bean and are configuring a message-driven
bean listener under the Message Listener Service, see Configuring security for message-driven beans that use listener ports for
more information.
Authorization to access messages stored by the default messaging provider is controlled by authorization to access the service integration bus destinations on which the messages are stored. For information about authorizing permissions for individual bus destinations, see Administering destination roles.