WAS v8.5 > Secure applications > Secure Service integrationSecure service integration
Messaging security protects a service integration bus from unauthorized access. When administrative security is enabled for the application server, by default messaging security is also enabled for the bus. We can also manually administer messaging security for the bus.Review the security requirements for the bus. For guidance, see Service integration security planning.
Providing administrative security is also enabled, messaging security enforces a security policy that prevents unauthorized client applications from connecting to the bus, and accessing bus resources. There might be circumstances when we do not require messaging security, for example on a development system. In this case, we can disable messaging security.
We can customize the security configuration for the bus using the dmgr console, or wsadmin scripting commands. The security configuration controls the following aspects of bus security:
- Authorizing groups of users in the user registry to undertake selected operations on bus destinations.
- The transport policies that maintain the integrity of messages in transit on the bus.
- The use of global, and multiple custom security domains.
- The integrity of links between messaging engines, foreign buses and databases.
Subtopics
- Secure buses
Securing a service integration bus provides the bus with an authorization policy to prevent unauthorized users from gaining access. If a bus is configured to use multiple security domains, the bus also has a security domain and user realm to further enforce its authorization policy.- Disable bus security
If we do not require messaging security, we can choose to disable messaging security. Any new buses added after messaging is disabled are not secured.- Enable client SSL authentication
We can configure a service integration bus to allow connecting client JMS applications to authenticate using Secure Sockets Layer (SSL) certificates.- Add unique names to the bus authorization policy
How to update the authorization policy for the service integration bus with unique name entries.- Administer authorization permissions
Service integration messaging security uses role-based authorization. When a user is assigned to a role, the user is granted all of the permissions the role contains. By administering authorization permissions, we can control user access to a bus and its resources when messaging security is enabled.- Administer permitted transports for a bus
Use these tasks to configure a transport policy for a service integration bus, and to administer the transports chains that remote applications clients can use to connect to a service integration bus.- Secure messages between messaging buses
Use these tasks to administer the access control security associated with sending messages between buses.- Secure access to a foreign bus
We can secure the link between a local bus and a foreign bus.- Secure links between messaging engines
For a mixed-version bus, when security is enabled, you must define an inter-engine authentication alias so the messaging engines can establish trust.- Controlling which foreign buses can link to your bus
Use this task to control which foreign buses are allowed to link to your bus.- Secure database access
We can protect the data store from access by unauthorized users.- Secure mediations
Use the following tasks to secure mediations at an operations level. For example, a mediation inherits its identity from a the messaging engine, but you might want to specify an alternative identity for the mediation to use.
Subtopics
- Secure buses
Securing a service integration bus provides the bus with an authorization policy to prevent unauthorized users from gaining access. If a bus is configured to use multiple security domains, the bus also has a security domain and user realm to further enforce its authorization policy.- Disable bus security
If we do not require messaging security, we can choose to disable messaging security. Any new buses added after messaging is disabled are not secured.- Enable client SSL authentication
We can configure a service integration bus to allow connecting client JMS applications to authenticate using Secure Sockets Layer (SSL) certificates.- Add unique names to the bus authorization policy
How to update the authorization policy for the service integration bus with unique name entries.- Administer authorization permissions
Service integration messaging security uses role-based authorization. When a user is assigned to a role, the user is granted all of the permissions the role contains. By administering authorization permissions, we can control user access to a bus and its resources when messaging security is enabled.- Administer permitted transports for a bus
Use these tasks to configure a transport policy for a service integration bus, and to administer the transports chains that remote applications clients can use to connect to a service integration bus.- Secure messages between messaging buses
Use these tasks to administer the access control security associated with sending messages between buses.- Secure access to a foreign bus
We can secure the link between a local bus and a foreign bus.- Secure links between messaging engines
For a mixed-version bus, when security is enabled, you must define an inter-engine authentication alias so the messaging engines can establish trust.- Controlling which foreign buses can link to your bus
Use this task to control which foreign buses are allowed to link to your bus.- Secure database access
We can protect the data store from access by unauthorized users.- Secure mediations
Use the following tasks to secure mediations at an operations level. For example, a mediation inherits its identity from a the messaging engine, but you might want to specify an alternative identity for the mediation to use.
Related concepts:
Messaging security and multiple security domains
Messaging security
Destination security
Topic security
Access control for multiple buses
Service integration security planning
Reference:
Topic names and use of wildcard characters in topic expressions
Related information:
Security for bus bus_name [Settings]