5. Security
The NMR provides a security layer that allows authentication of users and authorizing endpoint access.
Authentication
The authentication service is exposed in OSGi and can be used by any bundle by retrieving the service from the registry.
package org.apache.servicemix.nmr.api.security; import java.security.GeneralSecurityException; import javax.security.auth.Subject; /** * Interface for the authentication service. * */ public interface AuthenticationService { /** * Authenticate a user given its name and credentials. * Upon sucessfull completion, the subject should be populated * with the user known principals, including, but not limited to * a UserPrincipal and the GroupPrincipal that this user belongs * to. * * @param subject the subject to populate * @param domain the security domain to use * @param user the user name * @param credentials the user credntials * @throws GeneralSecurityException if the user can not be authenticated */ void authenticate(Subject subject, String domain, String user, Object credentials) throws GeneralSecurityException; }
The default implementation of this service delegates to JAAS, leveraging ServiceMix Kernel JAAS support. This means that new JAAS realms can be deployed along with your application at runtime.
Authorization
The authentication feature is provided by the AuthenticationService
which is also registered in the OSGi registry.
package org.apache.servicemix.nmr.api.security; import java.security.Principal; import java.util.Set; import javax.xml.namespace.QName; /** * The AuthorizationService interface allows the NMR to retrieve the * Access Control List for a given combination of endpoint / operation. * * This is used to secure access to a given endpoint. * */ public interface AuthorizationService { /** * Retrieve the Access Control List for a given endpoint and operation. * The endpoint is identified by its ID (usually a combination of * service QName and endpoint in the JBI case). * * @param endpoint the endpoint identifier * @param operation the operation invoked or null * @return a set of GroupPrincipal allowed to invoke the endpoint / operation */ Set<GroupPrincipal> getAcls(String endpoint, QName operation); }
Configuration
Access to endpoints in the NMR can be checked against some authorizations entries that can be easily deployed at runtime. The NMR will check the target endpoint against the authorized roles for the user (if any user has been authenticated) and reject the exchange is no endpoint matches the security rules.
The default implementation looks for these entries in the OSGi registry, so that you can also deploy your authorization entries along with your endpoints.
Here is a simple xml configuration file that contains and export the default authorization entry:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:osgi="http://www.springframework.org/schema/osgi" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/osgi http://www.springframework.org/schema/osgi/spring-osgi.xsd"> <osgi:service interface="org.apache.servicemix.nmr.api.security.AuthorizationEntry"> <bean class="org.apache.servicemix.nmr.core.security.DefaultAuthorizationEntry"> <property name="endpoint" value="*" /> <property name="rank" value="-2147483648" /> <property name="roles" value="*" /> <property name="type" value="Set" /> </bean> </osgi:service> </beans>
Property |
Type |
Default |
Description |
---|---|---|---|
endpoint |
String |
(required) |
The regexp pattern used to match against the target endpoint. "*" is a special value to match all endpoints |
operation |
QName |
(no default) |
The QName of the operation that need to match the exchange operation |
type |
Add, Set, Remove |
Add |
The logical operation to perform with this entry |
roles |
Comma separated list of string |
(required) |
List or roles authorized to access the matching endpoints / operations |
rank |
Integer |
0 |
The rank, or order, associated with this entry |
Resolution
Multiple entries can be deployed and some of them can be conflicting or have wildcards to match several endpoints. Therefore, the need to order them when resolving the list of roles authorized is important. This is what the rank and type properties do. When computing the list of roles, the entries are sorted from the smallest rank to the greatest rank and for each of these entries, the type
is used to compute the new list of roles with respect to the previously computed list and the list associated to the entry.
Add
: add the list of roles on this entry to the list of authorized rolesSet
: the list of authorized roles becomes the the list configured on this entryRemove
: remove the roles on this entry from the list of authorized roles