IBM Integration Bus, Version 9.0.0.8 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Securing an integration service that uses a JavaScript client API

When an integration service is accessed by a JavaScript client API, you can ensure the integrity and confidentiality of the data that is sent between the integration service and the JavaScript application that calls the integration service.

Complete the following steps:

Generate a JavaScript client API for your integration service; see Generating a JavaScript client API for an integration service.
Develop a JavaScript application that calls the integration service; see Calling an integration service by using a JavaScript client API.

You can secure a SOAP/HTTP binding by using WS-Security (see WS-Security), but this mechanism is not available for use by the JavaScript client API.

Note: If you developed a web browser-based JavaScript application, and the Integration Bus component and the web server that hosts the HTTP proxy servlet are on the same computer, you might want to secure only the connection between the web browser and the web server. However, if the HTTP proxy servlet receives data over SSL, then it must also forward the data to its destination over SSL. Therefore, to communicate with an integration service hosted on IBM Integration Bus over a secure connection between a web browser and the HTTP proxy servlet, you must also secure the connection between the HTTP proxy servlet and the integration service.

If you want complete end-to-end security between the web browser and the integration service, you must also secure the connection to the WebSphere® MQ queue manager. For more information about securing WebSphere MQ queue managers, search for Data integrity in the WebSphere MQ product documentation.

To secure the data that is sent between an integration service and a JavaScript application that calls the integration service, you must complete the following tasks:

Obtain a certificate from a certificate authority, and ensure that the certificate is available in the following formats:
- JKS format for IBM Integration Bus.
- PEM format, if you are securing a Node.js application.
- The certificate formats that are supported by your web browser and web server, if you are securing a web browser-based JavaScript application.
Note: You can use a self-signed server certificate for testing purposes. For more information about certificates and certificate authorities, see Digital certificates.
Define a public key infrastructure (PKI) for IBM Integration Bus and configure the PKI with the JKS keystore and truststore; see Setting up a public key infrastructure.
Note: If you have a web browser-based JavaScript application, you must define the PKI at the broker level, or the broker listener level (not at the integration server level or embedded listener level) because the HTTP proxy servlet is using the broker listener.
Configure the integration service to use HTTPS; see Securing integration services by using SSL configuration.
Optional: If you are using a Node.js JavaScript application to call the integration service, then configure the Node.js application to use SSL; see Configuring a Node.js application to access an integration service by using SSL.
Optional: If you are using a web browser-based JavaScript application to call the integration service, then configure the web browser-based application to use SSL; see Configuring a web browser-based JavaScript application to access an integration service by using SSL.

You have secured an integration service that uses a JavaScript client API.

ss26040_.htm |

Last updated Friday, 21 July 2017