Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Security context

The service pipeline supports security through the standard Java Authentication and Authorization Service (JAAS). Using this mechanism a service can require that a consumer of the service must provide valid authentication credentials within the message context, and may also require that the authenticated principal be associated with specific roles.

The service security requirements are configured by including the security element within the service definition, as in the following:

<service category="SecuredCategory" name="SecuredService"description="Secured Service">
  <security moduleName="securedModule" rolesAllowed="worker">
    <property name="alias" value="certtest"/>
  </security>
  ...
</service>

Where moduleName specifies the name of the module within the JAAS configuration and rolesAllowed specifies any roles that are required to be associated with the authenticated principal.

When a message is sent to another service, using ServiceInvoker, the security context from the consumer will be automatically attached to the outgoing message as part of the message context and propagated to the service provider. This security context consists of two parts:

An encrypted, pre-authenticated, principal: If this principal exists within the context of the message then it will be trusted as long as the service provider exists within the same ESB server (virtual machine) as the original signer, the principal has been authenticated by the same JAAS module and that the encrypted object has not yet expired. If any of these conditions are not satisfied then re-authentication will occur.
An encrypted authentication request: The authentication request contains the information necessary to authenticate the consumer, by default this will be the name associated with a security principal and its password credential.

The authentication request will usually be created automatically, as the request comes onto the bus, however, it is also possible to create an authentication request through the following programmatic mechanism:

final AuthenticationRequest authRequest =
    new AuthenticationRequestImpl.Builder()
       .username(name)
       .password(password.toCharArray())
       .build();

message.getContext().setContext(SecurityService.AUTH_REQUEST, PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest));

Note

The security mechanisms supported by JBoss ESB can be extended in a number of ways, supporting authentication using certificates, single sign-on, and so on.

Have a go hero – security quickstart

Have a look at the security_basic quickstart. Modify the quickstart action MyListenerAction.java so that the context information is printed. Do you see anything in the context?

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Security context

Create new playlist

Sign In

Sign Up

Security context

Note

Have a go hero – security quickstart

Table of Contents for
Security context