This topic describes the security considerations for mediations.
When WebSphere global security is enabled, the messaging engine must be authorized to access the mediation. For more information, see Ensuring the messaging engine can access mediations.
When an application sends a message to the bus, the identity of the sender application is associated with the message. The message is sent to the next destination in the forward routing path only if the message originator has sent permission to that destination. A mediation can change the identity of the senders to the mediations identity.
When you install a mediation for use when security is enabled, you must ensure that the identity that the messaging engine will use to call mediations can access the mediations.
If bus security has been enabled, and the mediation sends messages to, and receives messages from destinations, the mediation identity requires access to the destination. For more information, see Administering authorization permissions.
Any new messages sent by the mediation are sent using the mediation identity.
By default, a mediation inherits its identity from the messaging engine. You can change the identity for a mediation handler by specifying a RunAS role using the assembly tools. For more information, see Role-based authorization.