WAS v8.5 > WebSphere applications > Service integration > Service integration securityMessaging security
Messaging security protects the service integration bus from access by unauthorized users.
Client authentication
When a client application attempts to connect to a messaging engine, the client provides credentials to the server, and they are authenticated against the user registry. If the credentials are found in the user registry, the client application authenticates successfully, and proceeds to the authorization checks. If a Secure Socket Layers (SSL) connection is configured, JMS client applications can authenticate using client SSL. This removes the need for the client to specify a user ID and a password.
Authorization
When a connecting client application authenticates successfully, the messaging engine checks for authority to connect to the bus. Bus authorization is role-based. Specific roles are defined for each bus resource, and groups of users are added to roles. For example, if a client application belongs to a group that has been added to the bus connector role, the messaging engine grants the client application permission to connect to the bus. The messaging engine checks the set of roles defined for each bus destination to determine what action the client application can perform on the bus destination. By default, all local bus destinations can inherit a default set of roles. Inheritance of default roles can be overridden for a particular destination.
For publish subscribe, the messaging engine checks the client has permission to access the topic space. If the Topic access check required attribute in the properties for a bus destination is set, the messaging engine additionally checks that client applications have permission to access the topic.
Transport encryption
Finally, the security administrator must ensure the confidentiality and integrity of messages in transit, by, for example, configuring an SSL secure transport for every bus connection.
Related concepts:
Default messaging
Java Authentication and Authorization Service
Secure transport configuration requirements
Related
Secure service integration
Configure bus destination properties
Select an authentication mechanism
Select a registry or repository
Related information:
Security for bus bus_name [Settings]