Configuring messaging security for the SCA.SYSTEM bus. When
messaging security is switched on, all access to the bus itself and to all
the destinations on the bus must be authorized. This means that all users
who want to connect to the bus must have permission to use the bus resources,
either directly or as part of a user group.
When the SCA.SYSTEM bus
is created, messaging security for a bus is switched on by default. Only authorized
messaging engines are allowed to create a connection to a secure bus.
The
SCA.SYSTEM bus is configured with the authentication alias called SCA_Auth_Alias,
with an initial set of default authorization permissions that allows SCA to
connect to the secured bus, and grants full access to all local destinations
on the bus. You can change the default authorization permissions to restrict
access to a bus to a specific set of users, and can choose to create and use
a different authentication alias.
By default, the same SCA_Auth_Alias
is used as the inter-engine authentication alias, to authorize communication
between messaging engines on the bus. You can choose to create and use a different
inter-engine authentication alias.
To further configure security, you
can use secure transport connections (SSL or HTTPS) to ensure confidentiality
and integrity of messages in transit between application clients and messaging
engines and between messaging engines. You can specify the transport chain
InboundSecureMessaging (for JFAP over SSL over TCP/IP) that is provided with WebSphere ESB.
Alternatively, you can also create and specify another transport chain.
For
information about setting these security-related properties of the SCA.SYSTEM
bus as part of the total configuration of security, see Securing the WebSphere ESB.