Network Deployment (Distributed operating systems), v8.0 > Applications > Service integration > Service integration security
Message security in a service integration bus
The transport policy for a service integration bus controls which transport mechanisms a remote client application can use to connect to the bus.
We can configure one of the following transport policies for a bus, providing the bus members are at WAS v6.1 or later:
- All defined transport channel chains
- Connect client applications can use any transport channel chain, including unsecured ports. This is the default policy when you create a new bus with security disabled.
- Transport channel chains that are protected by SSL
- Connect client applications can only use transport chains that use the SSL channel. This is the default policy when you create a new bus with security enabled.
- Transport channel chains in the list of permitted transports
- Connect client applications can only use the transport channel chains in a list of specific transports. This provides the highest level of control because the bus allows access only to the permitted transports.
We can configure the transport policy for the bus by using wsadmin commands, or the administrative console. The transport policy is independent of the bus security configuration, so you can configure a transport policy for a bus when security is disabled. Note that by default, if a newly created bus is not secured, a remote client application can use any transport channel chain to access the bus. If a newly created bus is secured, by default a remote client application can only use SSL protected channel chains to access the bus. To control exactly which transport channel chains are available for use, configure the permitted transports policy.
The permitted transport policy provides the following benefits:
- You do not have to disable transport channel chains to prevent remote client applications from using them to connect to the bus.
- You do not have to disable transport channel chains before adding a new server as a bus member.
- Buses that have different transport channel chain requirements can share the same server.
If the permitted transports policy is in use but an inter-bus communications protocol has not been specified, the InboundSecureMessaging port is used instead of the InboundBasicMessaging port. We must ensure that you add the InboundSecureMessaging port to the list of permitted transports. We can override the default by configuring an inter-bus communication protocol for the bus.
Configure a transport policy for a bus
List permitted transports for a bus
Add a permitted transport to a bus
Remove a permitted transport from a bus
Related
listSIBPermittedChain command
addSIBPermittedChain command
removeSIBPermittedChain command
Permitted transports [Collection]
Add a transport to the list of permitted transports [Settings]
Security for bus bus_name [Settings]