When an integration service is
accessed by a JavaScript client
API, you can ensure the integrity and confidentiality of the
data that is sent between the integration service and the JavaScript application that
calls the integration service.
About this task
You can secure a SOAP/HTTP binding by using
WS-Security (see WS-Security), but this mechanism
is not available for use by the JavaScript client
API.
Note: If you developed a
web browser-based JavaScript application,
and
IBM App Connect Enterprise and the web server
that hosts the HTTP proxy servlet are on the same computer, you might
want to secure only the connection between the web browser and the
web server. However, if the HTTP proxy servlet receives data over
SSL, then it must also forward the data to its destination over SSL.
Therefore, to communicate with an integration service hosted on
IBM App Connect Enterprise over a secure connection between
a web browser and the HTTP proxy servlet, you must also secure the
connection between the HTTP proxy servlet and the integration service.
If
you want complete end-to-end security between the web browser and
the integration service, you must also secure the connection to the IBM MQ queue manager. For more information
about securing IBM MQ queue managers,
search for Data integrity in the IBM MQ product documentation.
To secure the data that is sent between
an integration service and a JavaScript application that
calls the integration service,
you must complete the following tasks:
Procedure
- Obtain a certificate from a certificate authority, and
ensure that the certificate is available in the
following formats:
- JKS format for IBM App Connect Enterprise.
- PEM format, if you are securing a Node.js application.
- The certificate formats that are supported by your web browser
and web server, if you are securing a
web browser-based JavaScript
application.
Note: You can
use a self-signed server certificate for testing purposes. For
more information about certificates and certificate
authorities, see
Digital certificates.
- Define a public key infrastructure (PKI) for IBM App Connect Enterprise and configure the PKI with
the JKS keystore and truststore; see Setting up a public key infrastructure.
Note: If
you have a web browser-based JavaScript application,
you must define the PKI at the integration node level, or the integration node listener level (not at
the integration server level or embedded listener
level) because the HTTP proxy servlet is using
the integration node listener.
- Configure the integration service to use
HTTPS; see Securing integration services by using SSL.
- Optional: If you are using a Node.js JavaScript application to
call the integration service,
then configure the Node.js application to use
SSL; see Configuring a Node.js application to access an integration service by using SSL.
- Optional: If you are using a web browser-based JavaScript application to
call the integration service,
then configure the web browser-based application
to use SSL; see Configuring a web browser-based JavaScript application to access an integration service by using SSL.
Results
You have secured an integration service that uses a
JavaScript client
API.