The transport policy for a service integration bus controls
which transport mechanisms a remote client application can use to
connect to the bus.
New feature:
In
this release, messaging engine security is enhanced because ports
are only opened for transport chains that are required by the bus.
In the previous release, the InboundBasicMessaging port was opened
even for transport chains that were not required.
newfeat
You can configure one of the following transport policies for a
bus, providing the bus members are at
WebSphere® Application Server Version 6.1 or later:
- All defined transport channel chains
- Connecting client applications can use any transport channel chain,
including unsecured ports. This is the default policy when you create
a new bus with security disabled.
- Transport channel chains that are protected by SSL
- Connecting client applications can only use transport chains that
use the Secure Sockets Layer channel. This is the default policy when
you create a new bus with security enabled.
- Transport channel chains in the list of permitted transports
- Connecting client applications can only use the transport channel
chains in a list of specific transports. This provides the highest
level of control because the bus allows access only to the permitted
transports.
You can configure the transport policy for the bus by using wsadmin commands,
or the administrative console. The transport policy is independent
of the bus security configuration, so you can configure a transport
policy for a bus when security is disabled. Note that by default,
if a newly created bus is not secured, a remote client application
can use any transport channel chain to access the bus. If a newly
created bus is secured, by default a remote client application can
only use SSL protected channel chains to access the bus. If you want
to control exactly which transport channel chains are available for
use, configure the permitted transports policy.
The permitted transport policy provides the following benefits:
- You do not have to disable transport channel chains to prevent
remote client applications from using them to connect to the bus.
- You do not have to disable transport channel chains before adding
a new server as a bus member.
- Buses that have different transport channel chain requirements
can share the same server.
If the permitted transports policy is in use but an inter-bus communications
protocol has not been specified, the InboundSecureMessaging port is
used instead of the InboundBasicMessaging port. You must ensure that
you add the InboundSecureMessaging port to the list of permitted transports.
You can override the default by configuring an inter-bus communication
protocol for the bus.