IBM BPM, V8.0.1, All platforms > Migrating and upgrading your IBM BPM environment > Migrating from other products > Migrating from WebSphere InterChange Server or WebSphere Business Integration Server Express > Postmigration considerations

Configure global security after WebSphere InterChange Server or WebSphere Business Integration Server Express migration

Perform these additional security configuration steps to enable projects migrated from WebSphere InterChange Server or WebSphere Business Integration Server Express to run successfully in an IBM BPM environment.

You must first configure security for IBM BPM as described in Configure application security. In particular, make sure you have completed the steps in Considerations for securing adapters and Create end-to-end security. In addition, install the EAR file for each module. Refer to Deploying (installing) secure applications for details.

After performing these tasks, you are ready to complete the configuration steps, as follows:

Mapping security roles to users or groups and mapping RunAs roles is possible from the administrative console only if the EJB deployment descriptors for the EJB projects have had a RunAs role defined. See Mapping users to RunAs roles using an assembly tool in the WebSphere Application Server ND information center for information about defining RunAs roles with an assembly tool.


Procedure

  1. Bind the message-driven bean to activation specification.

    1. From the administrative console, select Applications > Enterprise Applications.

    2. In the right panel, select the name of the application you just installed. (Select the name, not the check box to the left of the name.)

    3. In the right panel again, under Enterprise Java™ Bean Properties, select Message Driven Bean listener bindings.

    4. For each import or export EJB (indicated by an EJB name that starts with "_import" or "_export"), under the Bindings column, specify SCA_Auth_Alias in the "ActivationSpec authentication alias" field.

    5. Select OK, then Save.
  2. Map the resource references to resources.

    1. From the administrative console, select Applications > Enterprise Applications.

    2. In the right panel, select the name of the application you just installed. (Select the name, not the check box to the left of the name.)

    3. In the right panel, under References, select Resource references.

    4. In the Specify authentication method: field under javax.jms.ConnectionFactory, select Use default method (many to one mapping).

    5. In the Select authentication data entry pull down menu, select SCA_Auth_Alias.
    6. Check the check box to select all of the modules.

    7. Select Apply, then OK, then Save.
  3. Map security roles to user groups.

    1. From the administrative console, select Applications > Enterprise Applications.

    2. In the right panel, select the name of the application you just installed. (Select the name, not the check box to the left of the name.)

    3. In the right panel, under Detail Properties, select Security role to user/group mapping.

    4. Select the check box to the left of the role you want to map and then select Look up users.

    5. Select Search to display a list of users who are available to map to the role, and move the correct user name to the "Selected:" column.

    6. Select OK. The "Security role to user/group mapping" panel will be redisplayed.
    7. Clear the check boxes in the "Everyone?" and "All authenticated?" columns corresponding to the role, and select OK, then Save.

  4. Map RunAs roles.

    1. From the administrative console, select Applications > Enterprise Applications.

    2. In the right panel, select the name of the application you just installed. (Select the name, not the check box to the left of the name.)

    3. In the right panel, under Detail Properties, select User RunAs roles.

    4. Select the check box next to the role you mapped in step 3.

    5. Enter the user name and password corresponding to the user name selected in step 3.e into the Username and Password fields.

    6. Select Apply.

    7. Select OK, then Save.


What to do next

After install all of the EAR projects, select Applications > Enterprise Applications in the administrative console and start the installed migrated projects. If they start successfully, then you are now ready to send events through one of the inbound connectors to be processed by the server.

: Postmigration considerations


Related tasks:

Considerations for securing adapters
Configure application security
Deploying (installing) secure applications
Create end-to-end security


Related information:

wsadmin scripting tool
Mapping users to RunAs roles using an assembly tool