Configuring security for Web Services for Remote Portlets (WSRP) is optional.
WebSphere Portal supports the following security mechanisms:
- HTTP-cookie-based single sign-on
The consumer forwards LTPA V2 cookies to the producer as part of the WSRP request messages. The producer uses these cookies to authenticate and identify the user and establish the security context for processing the WSRP request.
- Web Services Security (WSS)
The consumer sends a header as part of the WSRP request message that containing credentials that identify and authenticate the user.
A consumer must use the same security configuration as the producer from which it consumes portlets. If the request message sent by the consumer does not comply to the security configuration of the producer, the producer does not accept the message. If the producer is not configured for security, it processes WSRP requests under the anonymous user identity.
Producer portals
Security for WSRP services is optional. We can configure security if required, but we do not have to do so.
If we configure security, we must also configure Portal Access Control, assigning access rights for the Consumer portal users on the Producer portal.
- If we use security, assign access rights on the Producer portal to the actual Consumer portal users.
- If we do not use security, assign access rights to the anonymous user, or disable Portal Access Control for the producer.
By default, Portal Access Control is enabled for the producer.
Consumer portals
On the Consumer portal, the consumed portlets behave like local portlets. Therefore, we can configure Portal Access Control for the remote portlets on the Consumer portal in same way as for local portlets. If we use Web Services Security, do not make the affected remote portlets available to anonymous users on the Consumer portal. Instead, configure Portal Access Control to make the affected remote portlets available to authenticated users only.
Parent Plan for WSRPRelated tasks:
Configure Portal Access Control for a producer portal
Manage Access Control
WebSphere Application Server product documentation V 8.5