+

Search Tips   |   Advanced Search

Secure an existing bus by using multiple security domains

We can configure an existing bus to use a cell-level or custom security domain. Using non-global security domains provides the scope to use multiple security domains. The bus can inherit security settings from the cell, or have a unique security configuration.

This task uses the administrative console Bus Security Configuration wizard to secure an existing bus. If the wizard detects that administrative security for the cell is disabled, it prompts you to enable it. Specify the type of user repository, the administrative security username and password. By default, connecting clients are required to use SSL protected transports to ensure data confidentiality and integrity. We can choose not to use this option. We can specify that the bus uses the cell-level or a custom security domain. If we choose a custom security domain, you must also specify a user realm.

  1. In the navigation pane, click Service integration -> Buses -> security_value. The general properties for the selected bus are displayed.

  2. Click Configure Bus Security to start the Bus Security Configuration wizard.

  3. Read the Introduction panel, and click Next.

  4. If administrative security is disabled, follow the instructions to configure the appropriate user repository, and click Next.

  5. Review the summary of the choices:

    1. Optional: To make changes, click Previous to return to an earlier panel, and make the changes you require.

    2. Click Finish when we are ready to confirm the choices.
    Administrative security for the cell is now enabled.

  6. If we do not want clients to use SSL protected transports, clear the check box Require clients use SSL protected transports .

  7. Select the cell-level or custom security domain for the bus.

  8. Optional: To create a new custom security domain:

    1. Use the name suggested for the security domain, or type a new one.

    2. Optional: Provide a description of the security domain.

    3. Select a user realm for the domain. We can use the user realm configured in the global security domain, or follow the steps to configure a new user realm.

  9. Click Next.

  10. Review the summary of the choices:

    1. Optional: To make changes, click Previous to return to an earlier panel, and make the changes you require.

    2. Click Finish to confirm your choices.

  11. Save the changes to the master configuration.


Results

You have specified that the selected bus uses a cell-level or custom security domain. The security settings configured for the bus are displayed in the updated Bus Security Settings panel. The bus is secured after you restart all the servers that are members of the bus, or (for a bus that has bootstrap members) servers for which the SIB service is enabled.


What to do next

We must propagate the bus security configuration to all the affected nodes, and restart the servers. For more information, see Synchronize nodes using wsdmin.sh and Start an application server.


Related concepts

  • Messaging security and multiple security domains


    Related tasks

  • Configure bus security by using an administrative console panel
  • Configure the bus to access secured mediations
  • Configure a bus to run mediations in a multiple security domain environment
  • Select a registry or repository


    Related information:

  • Add a secured bus
  • Secure an existing bus using the global security domain
  • Migrate an existing secure bus to multiple domain security