Use this task to configure resource security and security permissions for message-driven beans.
There are two special security considerations when using message-driven beans (MDBs). In other respects, however, the security considerations for an MDB are identical to those of any other EJB. For instance, access of JDBC and JCA (for example CICS, IMS) resources is handled in the same way as for an entity or session EJB. Access to other JMS resources is also handled in the same way as for other EJBs.
However to understand this last point about JMS access correctly, it is important to understand that the security considerations when configuring the MDB listener, which can be thought of as part of the application server infrastructure, are unique to MDBs. These considerations which are specific to MDBs are relevant when configuring authentication and authorization for the server to connect to a JMS provider and a Destination so that a message can be selected and so that the MDB can pass this message to the its onMessage() method.
The user's MDB onMessage() application code might not make additional JMS calls, however if the MDB application code accesses additional JMS resources, it is this access which is handled identically to JMS calls made by an entity or session EJB.
MBD security considerations:
To set the container-managed alias, (if you elect that option), use the administrative console to complete the following steps:
Considerations for invoking other EJBs:
Messages arriving at a listener port have no client credentials associated with them. The messages are anonymous. To call secure enterprise beans from a message-driven bean, the message-driven bean must be configured with a RunAs Identity deployment descriptor. Security depends on the role specified by the RunAs Identity for the message-driven bean as an EJB component.
For more information about EJB security, see Securing enterprise bean applications. For more information about configuring security for your application, see Securing applications during assembly and deployment.
In this information ... | IBM Redbooks, demos, education, and more |