I am new to WebSphere ESB.
We have a few system to system web service integration in our client side. The system to system calls are through https with certificates. However, not all the calls have Basic authentication in the HTTP transport. The messages are protected with Username token WS-Security. The user id is registered in service providers's LDAP server.
My question is that what I need to do and configured (in WID and ESB) to authorize only specific service ID can access specific web service. (All service IDs are authenticated through the same LDAP server, but in different LDAP security groups.)
The ESB applications just do the transformation and routing to backend web service providers, which do their own authorization as well. I would like to authorize access even in the ESB layer in addition to backend web service provider.
Thanks, please help since I will need to make decision whether to drop this.
Pinned topic Authorize Web Service calls (WS-Security with username token) with http BA
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-02-06T11:33:33Z at 2012-02-06T11:33:33Z by Jens.Engelke
SystemAdmin 110000D4XK289 Posts
Re: Authorize Web Service calls (WS-Security with username token) with http BA2011-12-16T19:21:46ZThis is the accepted answer. This is the accepted answer.Sorry, I meant "Authorize Web Service calls (WS-Security with username token) withOUT http BA
Jens.Engelke 120000BG0J21 Posts
Re: Authorize Web Service calls (WS-Security with username token) with http BA2012-02-06T11:33:33ZThis is the accepted answer. This is the accepted answer.Hi,
the component which is called in ESB by the Web Service binding can specify a Qualifier "Security Permission" on its implementation.
There, you specify a role name, which you can later map to users or groups (later is at deployment time or even at runtime).
This qualifier is basically the same as a JEE role.