WebSphere WebSphere Enterprise Service Bus, Version 6.0.1 Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Security and the Common Event Infrastructure

You can use WebSphere method-level declarative security to restrict access to Common Event Infrastructure functions.

The Common Event Infrastructure defines six security roles, each one associated with a related group of functions. These security roles control access to both programming interfaces and commands. (The default configuration of the Common Event Infrastructure does not require the use of these roles; however, in a Network Deployment environment, the WebSphere ESB needs to be authenticated with the same users assigned to the Common Event Infrastructure security roles. For more information about security roles, see Learning about security and Role-based authorization in the WebSphere Application Server Information Center.) If you are already a WebSphere ESB authenticated user, and global security is turned on, you can access the Common Event Infrastructure resources.

Note:

If the security roles are used by mapping specific users to the roles, the authenticated users need to be the same users as assigned to the security role. For additional information about authenticated users and the RunAs role, see Assigning users to RunAs roles.

The following table describes the security roles and the types of users associated with each role.

Table 1. Security roles and user types
Security role User types
eventAdministrator Event consumers that need to query, update, and delete events stored in the event database. This role provides access to the following interfaces:
  • EventAccess.purgeEvents()
  • EventAccess.eventExists()
  • EventAccess.queryEventByGlobalInstanceId()
  • EventAccess.queryEventsByAssociation()
  • EventAccess.queryEventsByEventGroup()
  • EventAccess.updateEvents()
  • Emitter.sendEvent()
  • Emitter.sendEvents()
  • eventquery.jacl
  • eventpurge.jacl
  • emitevent.jacl
  • eventbucket.jacl
eventConsumer Event consumers that need to query events stored in the event database. This role provides access to the following interfaces:
  • EventAccess.eventExists()
  • EventAccess.queryEventByGlobalInstanceId()
  • EventAccess.queryEventsByAssociation()
  • EventAccess.queryEventsByEventGroup()
  • eventquery.jacl
eventUpdater Event consumers that need to update events stored in the event database. This role provides access to the following interfaces:
  • EventAccess.updateEvents()
  • EventAccess.eventExists()
  • EventAccess.queryEventByGlobalInstanceId()
  • EventAccess.queryEventsByAssociation()
  • EventAccess.queryEventsByEventGroup()
  • eventquery.jacl
eventCreator Event sources that need to submit events to an emitter using synchronous EJB calls. This role provides access to the following interfaces:
  • Emitter.sendEvent()
  • Emitter.sendEvents()
  • emitevent.jacl
Note: The eventCreator role restricts access to event submission only if the emitter is configured to use synchronous EJB calls for event transmission. If the emitter uses asynchronous JMS messaging for event transmission, you must use JMS security to restrict access to the destination used to submit events.
catalogAdministrator Event catalog applications that need to create, update, delete, or retrieve event definitions in the event catalog. This role provides access to all methods of the EventCatalog interface and all functions of the eventcatalog.jacl script. Because changes to the event catalog can result in generation of events, this role also provides access to event submission interfaces.
catalogReader Event catalog applications that need to retrieve event definitions from the event catalog. This role provides access to the following interfaces:
  • EventCatalog.getAncestors()
  • EventCatalog.getChildren()
  • EventCatalog.getDescendants()
  • EventCatalog.getEventDefinition()
  • EventCatalog.getEventDefinitions()
  • EventCatalog.getEventExtensionNamesForSourceCategory()
  • EventCatalog.getEventExtensionToSourceCategoryBindings()
  • EventCatalog.getParent()
  • EventCatalog.getRoot()
  • EventCatalog.getSourceCategoriesForEventExtension()
  • eventcatalog.jacl (-listdefinitions option)
  • eventcatalog.jacl (-listcategories option)
  • eventcatalog.jacl (-exportdefinitions option)
Note:

The security roles most relevant to utilizing the functionality of the Common Event Infrastructure are eventAdministrator and eventConsumer .

The event server message-driven bean runs using the WebSphere ESB user identity. If you are using asynchronous JMS transmission to submit events to the event server, and you have enabled method-based security, you must map this user identity to the eventCreator role.

Note:

If Java 2 security is enabled, you must modify your policy file to enable access to certain functions:


Concept topic

Terms of Use | Rate this page

Timestamp iconLast updated: 13 Dec 2005
http://publib.boulder.ibm.com/infocenter/dmndhelp/v6rxmx/index.jsp?topic=/com.ibm.websphere.wesb.doc\doc\ccei_install_securityRoles.html

(C) Copyright IBM Corporation 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)