Bus-enabled web services default configuration for accessing a secure bus
By default, the bus-enabled web services component can access a secure service integration bus. This means that your Web services clients, if they provide suitable credentials when making requests, can use bus-enabled web services when bus security is enabled. You can modify or override the default configuration, for example by defining an authentication alias that the service integration resource adapter uses to access the bus.
- 透過匯流排連接者角色來配置匯流排存取權。依預設,每個匯流排連接者角色都包括一個稱為伺服器的群組。 這個群組的成員有權連接到匯流排。
- 服務整合資源配接器利用 J2C 啟動規格來與匯流排通訊。 依預設,這個啟動規格有一個設為 true 的布林自訂內容 useServerSubject。 這個內容可讓服務整合資源配接器作為伺服器群組的主體(成員),而連接到匯流排。
The server group in the bus connector role
This group controls whether a user is authorized to connect to the bus. The server group can be added or removed by using the administrative console:
addGroupToBusConnectorRole
removeGroupFromBusConnectorRole
The useServerSubject property
This boolean property is found in the custom properties panel of the J2C activation specification associated with the inbound, outbound or gateway service:
This property can also be set by using wsadmin command scripts.
Disabling and overriding the default configuration
To disable the default configuration, set the useServerSubject property to "false" rather than removing the server group, because the service integration resource adapter is not the only system resource that uses the server subject. If you remove the server group from the bus connector role, then no system resources can use the server subject.
You can also override the default configuration by defining an authentication alias that the service integration resource adapter uses to access the bus. 使用鑑別別名不會讓配置更安全。 不過,您可能會想要在 WebSphere Application Server 6.0.x 版之下執行的其他應用程式伺服器,或您要支援 ID 和密碼之運用的內部商業控制,您可以利用別名來取得方法上的一致。
如果配置鑑別別名,您不需要也將預設配置停用。如果鑑別別名存在,它會置換預設配置。 不過,如果您後來從啟動規格中移除鑑別別名,預設配置會重新取得控制權,且(如果未停用的話)會讓服務整合資源配接器繼續存取匯流排。
The following table shows whether the service integration resource adapter can connect to the secured bus, depending on the state of the different properties:
Valid authentication alias | useServerSubject | Server group on bus connector role | Resource adapter can connect? |
---|---|---|---|
Yes | No | No | Yes |
No | Yes | Yes | Yes |
No | No | Yes | No |
No | No | No | No |
No | Yes | No | No |
Yes | Yes | Yes | Yes (using the authentication alias) |