The steps to take to secure asynchronous messaging.
About this task
Security for messaging is enabled only when WebSphere® Application Server administrative security is enabled.
In this case:
- JMS connections made to a messaging provider are authenticated.
- Access to JMS resources owned by a messaging provider is controlled
by access authorizations.
- Requests to create new connections to a messaging provider must
include a user ID and password for authentication.
- The user ID and password do not have to be provided by the application.
Standard Java™ EE Connector Architecture (JCA)
authentication is used for a request to create a new connection to
a messaging provider. If authentication is successful, the JMS connection
is created; if authentication fails, the connection request is ended.
Notes:
- User IDs that are longer than 12 characters cannot be used for
authentication with the V5 default messaging provider or with a WebSphere MQ network. For example, the
default Windows® user ID "Administrator" is
not valid for use in this context because it contains 13 characters.
- Users
that exploit the connection thread
identity support do not have to provide a user ID and password
for authentication.
- In
addition to the authorization needed for creating a connection to
a messaging provider, you also typically need authorization to access
specific JMS resources associated with that provider. For example,
if you are using the WebSphere MQ messaging provider
to connect to a WebSphere MQ network, you might also need
permission from the WebSphere MQ network to write
to a given queue.
- To enable the WebSphere MQ messaging provider
to connect in bindings transport mode to WebSphere MQ,
you set theTransport type parameter on the WebSphere MQ queue connection factory to BINDINGS,
and you configure the WebSphere MQ messaging provider with native
libraries information.
To secure your asynchronous messaging, complete one
or more of the following steps: