Adding a secured bus
In this task you add a new service integration bus that is secured by default. The security settings for the bus are stored in a security domain. When you add a new bus, you can assign it to the default global security domain, the cell-level domain, or specify a custom domain that contains a set of settings that are unique to the bus, or shared with another resource.
Before you begin
- Plan the security requirements for the bus. See information about security planning and security domains.
- Stop all servers that have the SIB Service enabled. This ensures that the bus security configuration is applied consistently when the servers are restarted.
About this task
By default, connecting clients are required to use SSL protected transports to ensure data confidentiality and integrity. If you do not want clients to use SSL protected transports, you can specify that you do not require this option.
The type
of security domain you can specify for the bus depends on the versions
of the bus members you intend to add to the bus:
- You must specify the global domain if you want to add one or more WebSphere® Application Server Version 6 bus members.
- You can specify the global, cell-level, or custom domain if you want to add WebSphere Application Server Version 7.0 or later bus members only.
Procedure
- In the navigation pane, click .
A list of buses is displayed.
- Click New.
- Type a name for the new bus. You must choose bus names that are compatible with the WebSphere MQ queue manager naming restrictions. You cannot change a bus name after the bus is created, which means that you can only interoperate with WebSphere MQ in the future if you use compatible names. See the topic about WebSphere MQ naming restrictions in the related links.
- Ensure that the Bus security check box is selected.
- Click Next. The Bus Security Configuration wizard is started.
- Read the Introduction panel, and click Next.
- If the wizard detects that administrative security is disabled, follow the prompts to select, and configure the appropriate user repository.
- Click Next. A summary of the administrative security settings for the bus is displayed.
- Review the summary, and click Finish.
Administrative security for the cell is now enabled.
- If you do not want clients to use SSL protected transports, clear the check box Require clients use SSL protected transports .
- Select a security domain for the bus.
- If you have selected to use a custom security domain, follow the prompts to specify a user realm.
- Review the summary of your choices, and click Finish.
- Save your changes to the master configuration.
Results
What to do next
- You must propagate the bus security configuration to all the affected nodes, and restart the servers. For more information, see Synchronizing nodes using the wsadmin scripting tool and Starting an application server.
- You can add bus members to the bus.
- Groups of users in the user repository require explicit authority to access the bus. For more information, see Administering authorization permissions.