I believe that the Subject should be used in some way to carry the WS-Security envelope information. Then, some authentication mechanism is responsible to check each message/invocation against the destination endpoint policy. Each JBI component that has security requirements must declare the policy in using WSDL extensions, specifying the ROLE.
I would prefer another JBI component to be created for handling & managing the security mapping between endpoints and messages. Then, some schema should be used to package security mapping activation in the bus through service units. Regards, -- Rafael Marins Guillaume Nodet wrote: >One of the important feature ServiceMix does not address yet is security. >I' m not really familiar with this aspect so please forgive my >ignorance and speak if you have any idea / corrections. > >Security can be applied in different areas: > * secure transports > * secure messages > * secure services > >Securing transports can be done using SSL on JMS or HTTP. Securing >the JMS broker is beyond ServiceMix scope, but ActiveMQ supports SSL >on tcp transport. So this works fine for both the JMS binding >component and any clustered flow. Securing HTTP will be done asap (we >already have a patch, see >http://issues.apache.org/activemq/browse/SM-372). > >Securing messages is not handled yet, but can be done using >WS-Security on soap enabled transports (servicemix-jms and >servicemix-http binding components). Is there a need to secure >messages within the bus ? > >Securing services seems to be the most difficult part. The JMS specs >only mention the use of the subject property on a NormalizedMessage >http://java.sun.com/integration/1.0/docs/sdk/api/javax/jbi/messaging/NormalizedMessage.html#setSecuritySubject(javax.security.auth.Subject). >The main problem is how to set / use this information and how >informations about service authorizations. >Such security informations may be embedded in the service unit / >service assemblies deployment, or may be configured separately on the >container. When a component sends a jbi exchange, the container >could check the authorizations for the destination endpoint (or >service, interface ?). >However, I do not have any clue on how this information will be >provided by binding components when an external message comes in. HTTP >transport could leverage HTTP authentication, but what about the other >transports ? > >All this security has also to be integrated with J2EE containers >security when ServiceMix is deployed into such a container. > >Cheers, >Guillaume Nodet > > >
