The steps to take to secure asynchronous
messaging.
About this task
Security for messaging is enabled only when WebSphere® Application Server administrative security is enabled. In this
case:
- JMS connections made to a messaging provider are
authenticated.
- Access to JMS resources owned by a messaging
provider is controlled
by access authorizations.
- Requests to create new connections
to a messaging provider must
include a user ID and password for authentication.
- The user
ID and password do not have to be provided by the application.
Standard Java EE Connector Architecture (JCA)
authentication is used for a request to create a new connection to
a messaging provider. If authentication is successful, the JMS connection
is created; if authentication fails, the connection request is ended.
Notes: - User IDs that are longer than
12 characters cannot be used for
authentication with a WebSphere MQ network. For
example, the default Windows NT user
ID "Administrator" is not valid for use in this context because
it contains 13 characters.
- To enable the WebSphere MQ
messaging provider
to connect in bindings transport mode to WebSphere MQ,
you set theTransport type parameter on the WebSphere MQ queue connection factory to BINDINGS,
and you configure the WebSphere MQ messaging provider with native
libraries information.
![[IBM i]](../images/iseries.gif)
You
must also choose one of the following options:
- If you are
using security credentials (user ID and password),
ensure that the user specified is the current logged-on user for the WebSphere Application Server process, otherwise
the following WebSphere MQ JMS Bindings authentication
exception message is generated: MQJMS2013 invalid security
authentication supplied for MQQueueManager.
- If
you are not using security credentials, ensure that neither
the Component-managed Authentication Alias nor
the Container-managed Authentication Alias properties
are set on the connection factory.
To
secure your asynchronous messaging, complete one
or more of the following steps: