Step | Description |
1 | Port access verification When Integration Server receives an inbound web service response through an HTTP/S port, Integration Server verifies that the consumer web service descriptor can be invoked through that port. ![]() ![]() Integration Server rejects the web service request and no further processing occurs. For more information about restricting access to ports, see
Controlling Access to Resources
by Port. Note:Integration Server does not perform port access verification for a web service response received via the JMS transport. |
2 | Transport-level authentication. When Integration Server receives an HTTP/S web service response, the transport mechanism authenticates the transport-level credentials. ![]() ![]() ![]() When Integration Server receives a SOAP/JMS message via a SOAP-JMS trigger, the execution user assigned to the SOAP-JMS trigger becomes the effective user. Processing continues to step 3, Message-level authentication. |
3 | Message-level authentication. If a WS-SecurityPolicy policy is attached to the consumer web service descriptor, Integration Server authenticates the message-level credentials. ![]() ![]() |
4 | Authorization check for the consumer web service descriptor. Integration Server determines whether the user is authorized to access the web service descriptor by checking the credentials of the effective user against the execute ACL assigned to the web service descriptor. ![]() ![]() |
5 | Authorization check for response and fault handler services. Integration Server determines whether the user is authorized to access the response and fault handler services by performing ACL checking. Integration Server performs ACL checking for a response handler service only if the response handler service permissions specify that the Enforce execute ACL option is set to Always. Integration Server does not consider response handler services to be top-level services. Integration Server uses the credentials of the effective user when performing ACL checking for response handler services. If access is denied to any of the response handler services, Integration Server processing does not continue. Note:Integration Server performs ACL checking for all response and fault handler services at this point. |
6 | Authorization check and execution of the response service. Integration Server determines whether the user is authorized to access the response service by performing ACL checking. Integration Server performs ACL checking for a response service only when the service permissions specify that the Enforce execute ACL option is set to Always. Integration Server does not consider a response service to be a top-level service. If Integration Server performs ACL checking for the response service, Integration Server uses the credentials of the effective user. ![]() ![]() |
7 | Response handler services execute. Integration Server invokes the genericFault_Response service if the user is authorized to access it. If user is denied access to the generic_FaultResponse service, Integration Server logs an error. |