I have been spending some time to understand how the SIBus security works when using the WebServices gateway. Its slightly different from the way its done for a normal JMS application connecting to the bus. There are 2 basic questions that arise when using WebServices gateway regarding security
How do we authenticate with a secured bus when using WebServices gateway ?
The Web Services Gateway internally connects to the bus using a special subject (lets call it SIBSubject). By default, the SIBSubject has access to any secured bus (BusConnectorRole). The ID supplied via WSSecurity (i.e in webservices application) is used to send the message into the secured bus, and is used to authenticate with the secured destinations within the bus.
Connecting to the bus with a different ID ?
You can change the UserID that is used to connect to the bus, by adding the custom property com.ibm.websphere.sib.webservices.EPLAuthAlias on the EPL connection Properties. When an EPLAuthAlias is set, both the connection to the bus and the send of the message is done using the EPLAuthAlias value. Using EPLAuthAlias is not recommended. Using the default behavior and using destination security is the preferred solution.