The service pipeline supports security through the standard Java Authentication and Authorization Service (JAAS). Using this mechanism a service can require that a consumer of the service must provide valid authentication credentials within the message context, and may also require that the authenticated principal be associated with specific roles.
The service security requirements are configured by including the security element within the service definition, as in the following:
<service category="SecuredCategory" name="SecuredService"description="Secured Service"> <security moduleName="securedModule" rolesAllowed="worker"> <property name="alias" value="certtest"/> </security> ... </service>
Where moduleName
specifies the name of the module within the JAAS configuration and rolesAllowed
specifies any roles that are required to be associated with the authenticated principal.
When a message is sent to another service, using ServiceInvoker
, the security context from the consumer will be automatically attached to the outgoing message as part of the message context and propagated to the service provider. This security context consists of two parts:
The authentication request will usually be created automatically, as the request comes onto the bus, however, it is also possible to create an authentication request through the following programmatic mechanism:
final AuthenticationRequest authRequest = new AuthenticationRequestImpl.Builder() .username(name) .password(password.toCharArray()) .build(); message.getContext().setContext(SecurityService.AUTH_REQUEST, PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest));