IBM BPM, V8.0.1, All platforms > Programming IBM BPM > Developing client applications for BPEL processes and tasks > Developing web services API client applications
Adding security to Business Process Choreographer web services applications
The Business Process Choreographer web service requires that you configure your client application for an authentication mechanism.
This topic applies to the following Business Process Choreographer web services interfaces:
- HTTP transport layer
- JMS transport layer
By default, Business Process Choreographer supports the following authentication mechanisms:
- Username Token
- A web service consumer supplies a Username token as a means of identifying the requester by "username", and optionally using a password to authenticate that identity to the web service provider.
- Binary Security Token – Lightweight Third-Party Authentication (LTPA) Token
- A web service consumer supplies an LTPA token as a means of authenticating the requester to the web service provider.
You can replace the Business Process Choreographer web service security policy by an alternative authentication mechanism. However, it is not possible to invoke Business Process Choreographer web service operations as an unauthenticated user, so one authentication mechanism is always required.
If you use the JMS transport layer, your client needs additional authentication to put a message on the JMS queue. To set up this authentication, you must provide the appropriate policy sets, bindings, and attachments for JMS transport in the META-INF directory of your application. The following example policy sets, bindings, and attachments are provided in the ProcessChoreographer/client directory of your IBM BPM installation:
- BPCJMSAPIClientBinding.zip
- BPCJMSAPIPolicySet.zip
- clientPolicyAttachments.xml
- wsPolicyClientControl.xml
To use the example artifacts, extract the files to the META-INF directory, and adapt the user ID and password in the bindings.xml file.
Developing web services API client applications for BPEL processes and human tasks
Related concepts:
Authorization roles for BPEL processes
Authorization roles for human tasks
Related information:
Securing applications using message level security for Web servicesJAX-WS annotations