I think that you are right with your example of a web container.
JBI defines a container, just like a web container or a ejb container.
En/na Guillaume Nodet ha escrit:
The main problem of using a JBI component to provide security is that
when you use a clustered ServiceMix, JBI exchanges may go to the
security component using a clustered flow. In such a case, the
exchange will be sent on the wire in an unsecured / unauthenticated
way.
I have always thought that security should be provided by the
container. I would compare it to a web server which has built-in
security to secure web applications. The application can always use a
custom login / authentication scheme, but the prefered way is to
delegate to the container (and implement a specific realm if needed),
which is the only way to provide SSO afaik.
Besides this, if security is handled by the container, it will be able
to detect authorization failures earlier and even use them when
implicit endpoint selection is used: if the jbi exchange target is an
interface QName, the container could check matching endpoints for
authorization instead of selecting one and having an authorization
failure.
Last point, if security is provided by a component, all components
will have to be rewritten so that they can leverage this feature. It
seems much more interesting that security is provided transparently by
the container...
I really think that container security is the most flexible and
pluggable way to handle security as it is centralized.
Any thoughts ?
Cheers,
Guillaume Nodet
On 4/19/06, Hossam Karim <[EMAIL PROTECTED]> wrote:
Just thinking:
- Security is a service
- A component installed inside SM can support a SM specific security
contract, in which a security provider implementing this contract can be
bound to one or more installed components. This provider can provide
authentication, digital signature verification, XML encryption and
decryption, integration with LDAP, etc.
- A component that has a security provider installed should delegate all
security operations to its provider.
- A component that has a security provider should provide additional
management operations through JMX to secure its lifecycle management.
Hossam
-----Original Message-----
From: Guillaume Nodet [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 19, 2006 2:57 AM
To: [email protected]
Subject: ServiceMix and security
One of the important feature ServiceMix does not address yet is security.
I' m not really familiar with this aspect so please forgive my
ignorance and speak if you have any idea / corrections.
Security can be applied in different areas:
* secure transports
* secure messages
* secure services
Securing transports can be done using SSL on JMS or HTTP. Securing
the JMS broker is beyond ServiceMix scope, but ActiveMQ supports SSL
on tcp transport. So this works fine for both the JMS binding
component and any clustered flow. Securing HTTP will be done asap (we
already have a patch, see
http://issues.apache.org/activemq/browse/SM-372).
Securing messages is not handled yet, but can be done using
WS-Security on soap enabled transports (servicemix-jms and
servicemix-http binding components). Is there a need to secure
messages within the bus ?
Securing services seems to be the most difficult part. The JMS specs
only mention the use of the subject property on a NormalizedMessage
http://java.sun.com/integration/1.0/docs/sdk/api/javax/jbi/messaging/Normali
zedMessage.html#setSecuritySubject(javax.security.auth.Subject).
The main problem is how to set / use this information and how
informations about service authorizations.
Such security informations may be embedded in the service unit /
service assemblies deployment, or may be configured separately on the
container. When a component sends a jbi exchange, the container
could check the authorizations for the destination endpoint (or
service, interface ?).
However, I do not have any clue on how this information will be
provided by binding components when an external message comes in. HTTP
transport could leverage HTTP authentication, but what about the other
transports ?
All this security has also to be integrated with J2EE containers
security when ServiceMix is deployed into such a container.
Cheers,
Guillaume Nodet
--
----------------------------------------
Antoni Reus Darder
Cap de Projecte
Administració Digital, Negoci Electrònic i Sanitat
F u n d a c i ó I B I T
Illes Balears Innovació Tecnològica
http://www.ibit.org
Tel. +34 971 17 72 70/71
Fax. +34 971 17 72 79
----------------------------------------
