Versions Compared

Old Version 1

changes.mady.by.user Philipp Rossmanith

Saved on

compared with

New Version 2

changes.mady.by.user Philipp Rossmanith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In the servicemix-http component, this can be done via the
configured
AuthenticationService.
There is also a way for utilizing servicemix-http#Basic basic authentication configuration via the Jakarta Commons HttpClient API.

Authorization

In order to allow for authorization, the SecuredBroker has to be configured as the Container's broker:

Code Block
  <sm:container id="jbi" rootDir="./target/data/smx">
  
<!-- Use a secured broker which will check the authenticated
         user for the needed ACLs before granting access to a given
         endpoint -->
    <sm:broker>
      <sm:securedBroker>
<!-- Can be referenced from security.xml, too -->
        <sm:authorizationMap>
  	     ...
        </sm:authorizationMap>
      </sm:securedBroker>
    </sm:broker>
      
    <sm:activationSpecs>
    ...
    </sm:activationSpecs>
  </sm:container>

Before routing MessageExchange* Message Exchanges, the
SecuredBroker
checks them against ../ACLs generated by an AuthorizationMapaccess control lists generated from the AuthorizationMaps. A precondition is that the *MessageExchange Message Exchange objects have previously been authenticated.

...

This mostly relates to securing SOAP over HTTP transports on the ../ServiceMix- servicemix-http binding component. It provides both for SSL and WS-Security. At the time of writing, not all of the WS-Security features are yet supported.

Security Configuration

Below the ../ ServiceMix root directory, one can find a directory containing configuration files:

...

  • security.xml: This file manages
    AuthenticationServices, Keystores
    keystores, and
    AuthorizationMaps,
    from which the
    SecuredBroker derives Access acess control listslists.
    Code Block
    <beans xmlns:sm="http://servicemix.apache.org/config/1.0">
<!-- Authentication service -->
  <sm:authenticationService id="authenticationService"/>
<!-- KeyStore manager -->
  <sm:keystoreManager id="keystoreManager">
    <sm:keystores>
      <sm:keystore name="default" path="classpath:keystore.jks" keystorePassword="servicemix" keyPasswords="smx=smx"/>
    </sm:keystores>
  </sm:keystoreManager>
<!-- ServiceMix authorization map -->
  <sm:authorizationMap id="authorizationMap">
    <sm:authorizationEntries>
<!-- Roles correspond to user groups -->
      <sm:authorizationEntry service="*:*" roles="*"/>
    </sm:authorizationEntries>
  </sm:authorizationMap>
</beans>
    If this file is being imported into servicemix.xml:
    Code Block
    ...
<import resource="classpath:security.xml" />
...
    ... it can be referenced when defining the SecuredBroker.

...

  • login.properties: A JAAS configuration file.

Example

The ServiceMix source distribution (3.1) comes with the WS-Sec example, which illustrates both basic authentication and WS-Security. It can be found in:

...