You can use the same service account for multiple business services and proxy services. To specify the user name and password that a service account provides, you can use any of the following techniques:
Requires you to save a user name and password with the service account configuration. The service account encodes this user name and password in the outbound request.
Causes the service account to provide the user name and password that it receives from an incoming client request. For example, if an inbound HTTP BASIC request contains "pat" and "patspassword" as the user name and password, the service account encodes "pat" and "patspassword" in the outbound request.
Because this technique requires that client requests include clear-text user names and passwords, it is applicable only for client requests that use either the HTTP BASIC protocol, a Web Services Security Username Token authentication with a clear-text password, or a custom user name and password token.
BEA recommends that you use this technique only when ALSB and the endpoint belong to the same authentication domain. For example, use this technique when you are routing messages within a single organization and both ALSB and the message consumer authenticate against a common LDAP server.
The following restrictions apply to this technique:
fn-bea:lookupBasicCredentials
XQuery function. For more information, see
XQuery Implementation in AquaLogic Service Bus User Guide.Note: | If your proxy is an active WSS intermediary, you can use WS-Security to encrypt a WS-Security Username Token or custom user name/password. In this instance, user name/password pass-through works because the proxy will first decrypt the request and will then have access to the clear-text user name/password. |
Requires you to correlate (map) the user name that is the result of authenticating an inbound request from a client (the local user name) to a user name and password that you specify (the remote user name and password). When the service account receives a request from an authenticated client that has been mapped, it provides the appropriate remote user name and password for the business service or proxy service outbound request.
If the client authenticates at both transport level and message level, the service account maps the message level user name to the remote user name and password.
You can also map an anonymous user name to a remote user name and password.
The following restrictions apply to this technique:
fn-bea:lookupBasicCredentials
XQuery function. For more information, see
XQuery Implementation in AquaLogic Service Bus User Guide.Creating and Configuring Business Services
Create/Edit a Proxy Service - E-Mail Transport Configuration page