WebSphere WebSphere Application Server Version 6.1.x Feature Pack for Web Services Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

Configuring bus-enabled Web services to use an authentication alias to access a secure service integration bus

When you install WebSphere Application Server, security is enabled and every installed service integration bus is secured. By default, the bus-enabled Web services configuration works when security is enabled. However you can override the default method of allowing bus-enabled Web services to access a secure bus, by configuring an authentication alias that the service integration technologies resource adapter uses to access the bus.

About this task
The default configuration that bus-enabled Web services use to access a secure bus is as follows:
  • Access to a bus is configured through the bus connector role. By default, every bus connector role includes a group called server. Members of this group are authorized to connect to the bus.
  • The service integration technologies resource adapter uses a J2C activation specification to communicate with the bus. By default, this activation specification has a boolean custom property useServerSubject that is set to "true". This property allows the service integration technologies resource adapter to connect to the bus as a subject (a member) of the server group.

For more information, see Bus-enabled Web services default configuration for accessing a secure service integration bus.

You can override this default method by configuring an authentication alias that the service integration technologies resource adapter uses to access the bus. Using an authentication alias does not make your configuration more secure. However, you might want to use an alias for consistency of approach if you have other application servers running under WebSphere Application Server Version 6.0, or to support your internal business controls for use of IDs and passwords.

To configure an authentication alias for the resource adapter to use when it communicates with the bus, use the administrative console to complete the following steps:

Procedure

  1. In the navigation pane, click Service integration > Buses > [Content Pane] bus_name > J2EE Connector Architecture (J2C) authentication data entries.
  2. Create a J2C authentication alias.
  3. Configure authentication for the resource adapter by completing the following steps:
    1. In the administrative console navigation pane, click Resources > Resource adapters > SIB_RA > J2C activation specification > SIBWS_OUTBOUND_MDB.
    2. In the Authentication alias selection list, choose the authentication alias that you created.
    3. Click Apply.
  4. Optional: Disable the default authentication configuration.

    If you configure an authentication alias you need not also disable the default configuration. If an authentication alias exists, it overrides the default configuration. This means that if you use an authentication alias that is authorized to access the bus then the communication will succeed, and if you use an authentication alias that is not authorized to access the bus then the communication will fail, irrespective of the default settings. However if you subsequently remove the authentication alias from the activation specification, the default configuration will again take control and (if not disabled) will allow the service integration technologies resource adapter to continue to access the bus. For more information, see Bus-enabled Web services default configuration for accessing a secure service integration bus.

    To disable the default authentication configuration, complete the following steps:

    1. In the administrative console navigation pane, click Resources > Resource adapters > SIB_RA > J2C activation specification > SIBWS_OUTBOUND_MDB > [Additional Properties] J2C activation specification custom properties.
    2. In the list of custom properties, click useServerSubject
    3. Change the Value for the useServerSubject property from "true" to "false".
    4. Click OK.
  5. Save your changes to the master configuration.
  6. Close the administrative console.
Related tasks
Configuring secure transmission of SOAP messages using WS-Security
Working with password-protected components
Invoking outbound services over HTTPS

Task topic

Terms of use | Feedback


Timestamp icon Last updated: 27 November 2008
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.pmc.wsfep.multiplatform.doc/tasks/tjw_security_install.html

Copyright IBM Corporation 2004, 2008. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)