Securing Access within a Business Process Service

In addition to the native security support provided by the underlying transports, you can provide additional security to transports by defining authorization and authentication operations for user IDs and passwords.

1. Create a business process service. See Creating a Business Process Service in the Sybase WorkSpace Development collection > Service Development > Developing a Business Process Service for step-by-step instructions.
2. Expand the SecurityService category in the Sybase WorkSpace Service Explorer to display the supported security operations.
3. Drag and drop one of the following SecurityService operations onto your business process service:
   

   • authenticate

   • authenticateautouser

   • authorize

   • authorizeautouser

4. If you used an authenticateautouser or authorizeautouser security operation:
   1. Create a local business process variable.
      

      1. In the Business Process Variable section, right-click Local Variable, and select New Variable to create a new variable.

      2. Select the new variable to display the Properties view.

      3. Define variable properties. Select the Reply-To Address variable type.

   2. Define the properties of each operation in your business process as having a Reply-To Address variable. Select the operation on the design canvas, and then select the Reply-To Address variable that you just defined.
   3. Save your business process service.
5. Define the business process input and output variables for the security operation.
   1. Select the Service Interface tab, and click Add under the Operation Parameters section.
   2. Define the input and output parameters for the security operation as required.

      See the security operation listed in the Service Explorer for the specific parameters.

6. Create the Assign activities.
   1. Open the Tool Palette, and drag three Assign activities onto the business process directly before and after each security operation. Connect your activities.

      For example, Assign > Authenticate Operation > Assign > Authorize Operation > Assign.

   2. Map the values for the pre- and post-operation Assigns.
   3. Save your business process service.
7. Develop a Sybase Services Package profile.

   For step-by-step instructions, see the following topics in the Sybase WorkSpace Development collection > Service Development > Package > Developing a Sybase Services Package Profile:

   
   
   • Completing the Prerequisites for a Sybase Services Package Profile
   • Creating a Sybase Services Package Profile
8. If you used an authenticateautouser or authorizeautouser security operation, configure Authentication Credentials to secure access to the endpoint that initiates the business process:
   1. Select the Access Configuration tab.
   2. Select the transport definition in the Transports section, and click Transport Properties in Access Configuration Details segment.
   3. Select Transport Security Details in the left pane and choose one of the following in the Authentication Credentials box:
      

      • Select None if you do not want any authentication credentials to be used on the transport.

      • Select Use Transport Credential if you want to use the user name and password that flows from an inbound JMS transport. You must also set JMS message header properties for OPT_USER and OPT_PASSWORD.

      • Select Use Explicit Settings to specify a user name and password that overrides existing transport credentials or supplied credentials if the transport provides none. Specify the user ID and password.

   4. Click OK.

Next 

Develop a deployment profile. See Developing a Deployment Profile in the Sybase WorkSpace Development collection > Service Development > Deploy.

Send your feedback on this help topic to Sybase Technical Publications: pubs@sybase.com

Your comments will be sent to the technical publications staff at Sybase, Inc. For product-related issues or technical support, contact Sybase Technical Support at 1-800-8SYBASE.