Password-protecting inbound services
Password-protect a set of inbound services by requiring user authentication for access to the associated HTTP endpoint listener, or (for JMS) to the associated JMS queue destination.
Before you begin
- Changing the HTTP endpoint listener security role.
- Mapping the HTTP endpoint listener security role to users or groups.
For a SOAP over JMS endpoint listener, you can achieve similar results by securing the underlying destination for each JMS queue.
About this task
When WebSphere® Application Server administrative security is
enabled, clients that access an HTTP endpoint listener can be prompted for
a user ID and password, which are authenticated against the registry defined
within the security configuration. The HTTP endpoint listeners that are supplied
with WebSphere Application Server are configured with a security role named AuthenticatedUsers
.
By default this role is mapped to the special group Everyone, so even
if security is enabled all users can access any inbound service deployed
to the HTTP endpoint listener.
You need not change the default security role. You would only choose to do so if you wanted to use a role name that is more specific, or more meaningful in the context of your organization. To change the security role, you modify the endpoint listener application EAR file before you configure the endpoint listener.
After you configure the endpoint listener application, you can map the security role to specific users or groups so that, when WebSphere Application Server security and service integration bus security are enabled, access to the HTTP endpoint listener is restricted. For more information about why you might want to do this, see Endpoint listeners and inbound ports: Entry points to the service integration bus.
To configure HTTP endpoint listener authentication, complete the following steps: