IBM WESB/WAS JCA 安全配置

Question

I'm working with IBM tools. I have a Websphere ESB (WESB) and a CICS transaction gateway (CTG). The basic set-up is as follows:

A SOAP service needs data from CICS. The SOAP-service is connecting to service bus (WESB) to handle data and protocol transformation and then WESB calls the CTG which in turn calls CICS and the reply is handled vice verse (synchronously). WESB calls the CTG using Resource Adapter and JCA connector (or CICS adapter as it is called in WESB). Now, I have all the pieces in place and working.

My question is about the security, and even though I'm working with WESB, the answer is probably the same as in Websphere Application Server (WAS). The Resource Adaper is secured using JAAS - J2C authentication data. I have configured the security using J2C authentication data entry, so basically I have a reference in the application I'm running and at runtime the application does a lookup for the security attributes from the server. So basically I'm always accessing the CICS adapter with the same security reference.

My problem is that I need to access the resource in more dynamic way in the future. The security cannot be welded into the application anymore but instead given as a parameter.

Could some WESB or WAS guru help me out, how this could be done in WESB/WAS exactly?

Answer 1

Can you elaborate a bit further? I don't work with CTG but I believe it is no different from other resources such as JDBC or JMS resource.

On the CTG resource adapter, you have identified credentials that are used for all calls to the CICS.

This is similar to what we do when we work with a Data Source and this approach is agreeable to most people.

I do not see how the J2C credential is welded to the application. The configuration is done @ WAS/WESB. The application would simply work with the JNDI resources on the server to which the J2C aliases are configured.

If you elaborate on the dynamic requirement folks can help out.

HTH

Manglu