Configure an alternative mediation identity for a mediation handler

Use this task to configure an alternative mediation identity for a mediation handler

By default, a mediation inherits the identity used by the messaging engine. In some cases, you might want to specify an alternative identity for a mediation handler to use. For example, for a single mediation that sends messages to a destination. To do this, specified a "run-as" identity for the mediation handler at deployment, and map the mediation handler to an identity other than the default mediation identity by using a role name. Follow these steps to specify an alternative mediation identity:

1. Package the mediation handler as an EAR file.

2. Edit the deployment descriptor file to define the roles. For more information, see Configure programmatic logins for Java Authentication and Authorization Service.

3. Assign users to the role. For more information, see Mapping users to RunAs roles using an assembly tool and Secure applications during assembly and deployment.

4. Deploy the mediation handler in WebSphere Application Server, and assign users to the RunAs role. For more information, see Assigning users to RunAs roles. We can confirm the mappings of users to roles, add new users and groups, and modify existing information during this step. For more information, see Deploy secured applications.

Example

What to do next

Next, you are ready to authorize mediations to access destinations. For more information, see Administer authorization permissions.

Related concepts

Mediations security

Mediation handlers and mediation handler lists

Related tasks

Configure the bus to access secured mediations