Two types of adapter are supported in WebSphere Process Server: WebSphere Business Integration Adapters and WebSphere Adapters. The security of both types of adapter is discussed.
Adapters are the mechanism by which applications communicate with Enterprise Information Systems (EISs). The information that is exchanged between an application and an EIS can be highly sensitive. It is important to ensure the security of this information transaction.
WebSphere Business Integration Adapters consist of a collection of software, application program interfaces (APIs) and tools that enable applications to exchange business data through an integration broker. WebSphere Business Integration Adapters rely on JMS messaging and JMS does not support security context propagation.
WebSphere Adapters enable managed, bidirectional connectivity between Enterprise Information Systems (EISs) and J2EE components supported by WebSphere Process Server.
For inbound communication from both types of adapter into WebSphere Process Server, there is no authentication mechanism. For WebSphere Business Integration Adapters the reliance on JMS messaging precludes security context propagation. J2C also lacks inbound security support, therefore WebSphere Adapters also have no authentication mechanism for inbound communication.
The entry from an adapter to WebSphere Process Server always employs a service component architecture (SCA) export. The SCA export has to be wired to an SCA component, such as mediation, business process, SCA Java component or Selector.
The security solution is to define a runAs role on the component that is the target for the WebSphere Adapter export. This is done using the SCA qualifier SecurityIdentity during development (see the WebSphere Integration Developer Information Center for more information). When the component runs, it does so under the identity defined in the runAs role.
WebSphere Business Integration Adapters send data to WebSphere Process Server as JMS messages over the service integration bus.
WebSphere Adapters reside in the JVM of the WebSphere Process Server, and therefore only the communication between the adapter and the target EIS needs to be secured. The protocol between the adapter and the EIS is EIS-specific. The documentation of the EIS will provide information about how to secure this link.
Last updated: Thu Apr 27 14:39:09 2006
(c) Copyright IBM Corporation 2006.
This information center is powered by Eclipse technology (http://www.eclipse.org)