Securing your WSRP producer

By default, WSRP connections are not secured and there is no reliable user identity propagated from the consumer portal to the producer portal. Instead you can configure what all user information should be carried from consumer to producer and those fields would be carried as SOAP META Information.

When it comes to security for WSRP you have two options to choose from one is WS-Security and other is SSL certificate

  • WS-Security: WebSPhere Portal is installed as enterprise application in WebSphere Application Server and it takes advantage of WAS Web Services infrastructure for both producing and consuming web services. The WAS Web Services infrastructure allows you to pass userId of the actual user using token in the body of the message. Ex. you can pass LTPAToken of the user in the body of the message to the web service. So if both source and target portal are in SSO then target portal can use this LTPA token to find out user id of the actual user accessing consumer portlet and execute the producer portlet in the context of that user id.

  • SSL certificate: You can create a SSL connection between producer and consumer portal, in which case a single certifcate will be used by producer to authenticate request. As a result producer wont be able to find out the actual user who is accessing the consumer portlet. So it will work under the shared user id



If you do not use either of these two authentication methods, the Producer portal assumes the anonymous user.

Assigning access rights: The Producer needs to assign access rights on the Producer portal based on the authentication information as follows:

* If you use WS-Security, assign access rights on the Producer portal to the actual Consumer portal users.
* If you use SSL client certificate authentication, assign access rights to the shared user ID that the Consumer uses and that is specified in the client certificate.
* If you use none of these two authentication methods, assign access rights to the anonymous user. This is necessary because the Producer portal assumes the anonymous user, if no authentication is performed.

3 comments:

srjwebsolutions said...


We are leading responsive website designing and development company in Noida.
We are offering mobile friendly responsive website designing, website development, e-commerce website, seo service and sem services in Noida.

Responsive Website Designing Company in Noida
Website Designing Company in Noida
SEO Services in Noida
SMO Services in Noida

Vikas Chaudhary said...

Battery Mantra is Authorized exide car battery dealer in Noida and Greater Noida. We are providing our service in Indirapuram, Delhi, Ashok Nagar.

Exide Battery Dealer in Noida
Battery Dealer in Noida
Authorized Battery Dealer in Noida
Car Battery Dealer in Noida
Car Battery Dealer
Exide Battery Dealer

EG MEDI said...

Egmedi.com is online medical store pharmacy in laxmi nagar Delhi. You can Order prescription/OTC medicines online.
Cash on Delivery available. Free Home Delivery


Online Pharmacy in Delhi
Buy Online medicine in Delhi
Online Pharmacy in laxmi nagar
Buy Online medicine in laxmi nagar
Onine Medical Store in Delhi
Online Medical store in laxmi nagar
Online medicine store in delhi
online medicine store in laxmi nagar
Purchase Medicine Online
Online Pharmacy India
Online Medical Store