Securing buses
Securing a service integration bus provides the bus with an authorization policy to prevent unauthorized users from gaining access. If a bus is configured to use multiple security domains, the bus also has a security domain and user realm to further enforce its authorization policy.
Before you begin
- If administrative security is not enabled for the cell that hosts the bus, you must enable it. These tasks use an administrative console wizard that detects if administrative security is not enabled, and takes you through the steps to enable it. You must supply the type of user repository used by the server, and the administrative security username and password.
- If the bus contains a bus member at WebSphere® Application Server Version 6, you must provide an inter-engine authentication alias to establish trust between bus members, and to enable the bus to operate securely. The administrative console wizard detects whether an inter-engine authentication alias is required, and prompts you to supply one. If you want to specify a new inter-engine authentication alias, you must provide a user name and password.
About this task
- If you are securing a bus that contains only Version 7.0 or later bus members, you can use a non-global security domain for the bus. If the bus has a WebSphere Application Server Version 6 bus member, or might have a Version 6 bus member in the future, you must assign the bus to the global security domain.
- If you want to assign the bus to a custom domain, you can select an existing security domain, or create a new one.
- If you assign the bus to a custom domain, you must specify a user realm. You can select an existing user realm, or use the global user realm.
What to do next
- The bus is secured after you restart all the servers that are members of the bus, or (for a bus that has bootstrap members) servers for which the SIB service is enabled.
- Use the administrative console to control access to the bus by administering users and groups in the bus connector role.