Password-protect a set of inbound services by requiring user authentication for access to the associated HTTP endpoint listener, or (for JMS) to the associated JMS queue destination.
For a SOAP over JMS endpoint listener, you can achieve similar results by securing the underlying destination for each JMS queue.
When WebSphere® Application Server administrative security is enabled, clients that access an HTTP endpoint listener can be prompted for a user ID and password, which are authenticated against the registry defined within the security configuration. The HTTP endpoint listeners that are supplied with WebSphere Application Server are configured with a security role named AuthenticatedUsers. By default this role is mapped to the special group Everyone, so even if security is enabled all users can access any inbound service deployed to the HTTP endpoint listener.
You need not change the default security role. You would only choose to do so if you wanted to use a role name that is more specific, or more meaningful in the context of your organization. To change the security role, you modify the endpoint listener application EAR file before you configure the endpoint listener.
After you configure the endpoint listener application, you can map the security role to specific users or groups so that, when WebSphere Application Server security and service integration bus security are enabled, access to the HTTP endpoint listener is restricted. For more information about why you might want to do this, see Endpoint listeners and inbound ports: Entry points to the service integration bus.
To configure HTTP endpoint listener authentication, complete the following steps: