Configure an alternative mediation identity for a mediation handler

Configure an alternative mediation identity for a mediation handler

Configure an alternative mediation identity for a mediation handler

By default, a mediation inherits the identity used by the messaging engine. In some cases, we might want to specify an alternative identity for a mediation handler to use. For example, for a single mediation that sends messages to a destination. To do this, we specify a "run-as" identity for the mediation handler at deployment, and map the mediation handler to an identity other than the default mediation identity using a role name. Follow these steps to specify an alternative mediation identity:

Tasks

Package your mediation handler as an EAR file.
Edit the deployment descriptor file to define the roles. See Configure programmatic logins for JAAS.
Assign users to the role. See Mapping users to RunAs roles using an assembly tool and Secure applications during assembly and deployment.
Deploy the mediation handler in WebSphere Application Server, and assign users to the RunAs role. See Assigning users to RunAs roles. We can confirm the mappings of users to roles, add new users and groups, and modify existing information during this step. See Deploy secured applications.

Example

What to do next
Next, we are ready to authorize mediations to access destinations. See Administer authorization permissions.

Related:

Mediations security
Mediation handlers and mediation handler lists
Configure the bus to access secured mediations