Using the AquaLogic Service Bus Console
This section includes the following topics:
A service account is an alias resource for a username and password. AquaLogic Service Bus uses service accounts to provide authentication when connecting to a service or server. For example, when configuring FTP transport-level security for a business service, you may need to provide a username and password to authenticate to the FTP server.
Service accounts are used when configuring business services, transport protocols, and proxy services. Before configuring your business and proxy services, you should define your service account. After you define a service account, you can specify the associated username and password to the service account using the Credentials section of the Security Configuration module. To learn more, see Adding a Credential.
For proxy services with a JMS transport protocol, you can select a service account in the JMS service account field to use for a JMS server connection. The proxy services use this username and password to authenticate to the JMS server. You can also select a service account for proxy services with Email and FTP transport protocols. For email, the service account is used to authenticate to the SMTP server; for FTP, the service account is used to authenticate to the FTP server. To learn more, see Adding a Proxy Service.
For business services with a HTTP transport protocol, if you select the Basic Authentication Required field, you must select a service account in the Service Account field. For business services with a HTTPS transport protocol, you must also select a service account in the Service Account field if you select Basic in the Business Service Authentication field. The proxy service uses this username and password to authenticate at the HTTP transport when routing messages to the business services. To learn more, see Adding a Business Service.
Note: Basic authentication over HTTP is strongly discouraged because the password is sent in clear text. However, it is safe to send passwords over HTTPS because HTTPS provides an encrypted channel.
For business services with a JMS transport protocol, you can enter a service account in the JNDI Service Account field to use for JNDI lookups and the JMS Service Account field to use for a JMS resource managed by the JMS server. You can also select a service account for business services with Email and FTP transport protocols. For email, the proxy service uses this username and password to authenticate to the SMTP server. For FTP, the proxy service uses this username and password to authenticate to the FTP server. To learn more, see Adding a Business Service.
Note: To learn more about security, see Securing Inbound and Outbound Messages in the BEA AquaLogic Service Bus User Guide.
The following table lists the Service Account pages you can access from the Resource Browser and Project Explorer modules. The tasks and help topics associated with each are provided.
The Summary of Service Accounts page enables you to view a list of service accounts. A service account is an alias resource for a username and password. To learn more, see Overview of Service Accounts.
A unique name for the service account. The name is a link to the Service Account Details page. To learn more, see Viewing and Changing Service Account Details. |
|
The path is the project name and the name of the folder in which the service account resides. It is a link to the project or folder that contains this resource. To learn more, see Viewing Project Details or Viewing Folder Details. |
|
Click the Delete icon to delete a specific service account. To learn more, see Deleting a Service Account. |
The Create a New Service Account page enables you to add a new service account. A service account is an alias resource for a username and password. To learn more, see Overview of Service Accounts.
Note: Click the name of a folder to select it. The Folder View page is displayed.
The Project View or Folder View page is displayed. The new service account is included in the list of resources.
Note: After you create a Service Account resource, you must go to the Security Configuration
Note: The new service account is saved in the current session. When you have finished making changes to this configuration, from the left navigation pane, click Activate under Change Center. The session ends and the configuration is deployed to run time. Alternatively, click Discard at any time during the session to delete the changes you have made so far in the current session.
Note: Newly created service accounts within a session are not visible to the Credentials section in the Security Configuration module. Therefore, you cannot associate a new service account with a username and password until you click Activate to commit the session.
Listing and Locating Service Accounts
Viewing and Changing Service Account Details
The Service Account Details page enables you to view and change details of a specific service account. A service account is an alias resource for a username and password. To learn more, see Overview of Service Accounts.
The user who created this service account or imported it into the configuration. |
|
The date and time that the user created this service account or imported it into the configuration. |
|
The number of objects that this service account references. If such references exist, click the link to view a list of the objects. To learn more, see Viewing References. |
|
The number of objects that reference this service account. If such references exist, click the link to view a list of the objects. For example, if you selected this service account as the JMS service account in a proxy service with a JMS transport protocol, the proxy service is listed as a reference when you click the link.To learn more, see Viewing References. |
|
The updated service account is saved in the current session. When you have finished making changes to this configuration, from the left navigation pane, click Activate under Change Center. The session ends and the configuration is deployed to the run time. Alternatively, click Discard at any time during the session to delete the changes you have made so far in the current session.
Warning: When you employ a service account for authentication on outbound JMS transports, it can take up to 60 seconds for any changes you make to that service account to take effect on the server. By default, WebLogic Server JMS checks the ACL for each destination every 60 seconds. You can change this default time or ensure security checks are performed on JMS resources for every send
, receive
, and getEnumeration
action on a JMS resource. To do so, set the weblogic.jms.securityCheckInterval
attribute. A value of zero for this attribute ensures that an authorization check is performed for every send
, receive
, and getEnumeration
action on a JMS resource.
Ensuring the Security of Your Production Environment in Securing a Production Environment, which is available at the following URL:
http://download.oracle.com/docs/cd/E13222_01/wls/docs91/lockdown/index.html
The Summary of Service Accounts page enables you to delete service accounts. A service account is an alias resource for a username and password. To learn more, see Overview of Service Accounts.
Note: You cannot delete a resource if it is referenced by other resources in AquaLogic Service Bus. Instead of the Delete icon, a Delete icon with a red X is displayed for these resources.
Warning: Deleting a service account does not delete the associated username/password credential. You must first delete the username/password credential before deleting the service account.
Note: If necessary, you can undo the deletion of this resource. To learn more, see Undoing a Task.
The service account is deleted in the current session. When you have finished making changes to this configuration, from the left navigation pane, click Activate under Change Center. The session ends and the configuration is deployed to run time. Alternatively, click Discard at any time during the session to delete the changes you have made so far in the current session.