When security is turned on, clients must be authenticated.
If a client tries to access a secured application without being authenticated, an exception is thrown.
Web clients (for instance JSPs or servlets) can be setup for HTTP Basic authentication, so that when you reference the URL, the browser prompts for a user name and password.
Java clients should use JAAS for authentication.
WebServices clients can use Webservices/SOAP authentication.
Some of WebSphere ESB components have authentication aliases that are used to authenticate the runtime code for access to databases and messaging engines. You can specify the user ID and password for these authentication aliases when you install WebSphere ESB, or later by using the WebSphere administrative console.
Some runtime components have message driven beans that are configured with a runAs role. You can specify the user ID and password for these runAs role when you install WebSphere ESB, or later by using the WebSphere administrative console.