+

Search Tips   |   Advanced Search

Messaging security

Messaging security protects the service integration bus from access by unauthorized users.

Client authentication

When a client application attempts to connect to a messaging engine, the client provides credentials to the server, and they are authenticated against the user registry. If the credentials are found in the user registry, the client application authenticates successfully, and proceeds to the authorization checks. If a Secure Socket Layers (SSL) connection is configured, JMS client applications can authenticate using client SSL. This removes the need for the client to specify a user ID and a password.

Authorization

When a connecting client application authenticates successfully, the messaging engine checks for authority to connect to the bus. Bus authorization is role-based. Specific roles are defined for each bus resource, and groups of users are added to roles. For example, if a client application belongs to a group that has been added to the bus connector role, the messaging engine grants the client application permission to connect to the bus. The messaging engine checks the set of roles defined for each bus destination to determine what action the client application can perform on the bus destination. By default, all local bus destinations can inherit a default set of roles. Inheritance of default roles can be overridden for a particular destination.

For publish subscribe, the messaging engine checks that the client has permission to access the topic space. If the Topic access check required attribute in the properties for a bus destination is set, the messaging engine additionally checks that client applications have permission to access the topic.

Transport encryption

Finally, the security administrator must ensure the confidentiality and integrity of messages in transit, by, for example, configuring an SSL secure transport for every bus connection.


Related:

  • Default messaging
  • JAAS
  • Secure transport configuration requirements
  • Secure service integration
  • Configure bus destination properties
  • Select an authentication mechanism
  • Select a registry or repository
  • Administer destination roles
  • Security for bus bus_name [Settings]