Overview
When the server receives a client’s request to access a service, the server performs a number of checks to make sure the client is allowed to access the service. The server performs the following checks, in the order shown below. The client must pass all checks to access the service:
1. Does the port allow connections from this client’s IP address?
The server checks allow/deny lists of IP addresses that are allowed to connect to the server through this port. If the port is an Enterprise Gateway external port and the server is licensed for webMethods Enterprise Gateway, the server also checks the Enterprise Gateway deny list. If the IP address is allowed, the server performs the next test. Otherwise, the server rejects the request.
2. Is the requested service available from this port?
The server checks allow/deny lists of services that the server makes available for execution from this port. If the service is available from this port, the server performs the next test. Otherwise the server rejects the request. The server performs this test for requests to execute services. It does not perform this test for requests for list, read, or write access to services.
3. Is the requesting user allowed to access this service?
The server checks the user name associated with the request against the appropriate access control list (ACL) associated with the service.
The server checks the user name against the List, Read, Write, or Execute ACL associated with the service. If the user belongs to a group that is listed in the ACL, the server accepts the request. Otherwise the server rejects the request.
You can configure these settings using the Integration Server Administrator.
To limit IP addresses that connect to a port see Restricting IP Addresses that Can Connect
to a Port below.