Example of authenticated user's access group

The access group from the service package that is used to find the service rules and the service activities to be run must be accessible to the requestors that are operating with this access group.

The authentication activity must be accessible to the access group specified in the service package.

If authenticated, the access group of the authenticated operator is used as the context, rather than the access group of the service package, to find all application-specific rules. That context is reset if the service is pooled and the requestor is returned to the pool.

When selected, authentication occurs only for the first request for stateful services that use pooling and do not destroy the requestor. Subsequent service requests that include the Session ID in the request message continue with the same previously authenticated requestor session.

Note: In high-volume production settings, authentication can be costly in terms of computer resources. However, unauthenticated service requestors can access the rulesets and versions conveyed by the access group in the Service Access Group field and those assigned to the requestor type named APP. (Services run as APP requestors.) Depending on security and volume factors, for best performance you can leave the Requires Authentication? check box cleared.

The location and name of the Operator ID and password values vary, depending on the service type:

  • EJB – Username and password are passed in as arguments to the Create() method of the EJB Home interface.
  • Email – Operator ID and password are on the Properties tab of the email listener data instance.
  • JMS – Operator ID and password are on the Listener Properties tab of the JMS listener data instance.
  • MQ – Operator ID and password are on the Properties tab of the MQ listener data instance.
  • REST – The arriving REST resource request message must contain the user name and password values in the HTTP header (using HTTP Basic Authentication).
  • SOAP, SAP and dotNet – The arriving SOAP request message must contain a user name and password value either in the HTTP header (using HTTP Basic Authentication), or as header or parameter values of the SOAP request envelope.