Versions Compared

Old Version 13

changes.mady.by.user Aaron Mulder

Saved on

compared with

New Version 14

changes.mady.by.user Aaron Mulder

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It is possible to use transactional delivery on the bus, either encompassing a single message delivery or a flow involving a series of components and response messages. See, for example, the JMS and JCA Flows, as well as the page on Transactions. However, to be honest, this is not the easiest to configure and the documentation is liable to give you a headache.

Security

What authentication/authorization options are there?

So to begin with, there are several ways for a client to authenticate on a request to a binding component. For HTTP binding components, this may include HTTP Basic, Client Certs, etc. SOAP over HTTP and JMS can use WS-Security to authenticate.

Then, there are several ways to validate the client's authentication request. ServiceMix uses JAAS for this, so you can hook up a JAAS LoginModule supporting properties files, a user database, an LDAP or ActiveDirectory server, or any other user data repository. Once authenticated, a Subject is populated on the JBI Normalized Message, so authorization can be performed down the line.

Note that with a somewhat more complex JAAS configuration, you may provide additional features such as a lockout after a certain number of login failures, denial-of-service prevention, login auditing, etc.

Finally, to control authorization, ServiceMix uses an XML file that defines which users/groups/etc. can access which services (or which operations on a service). The standard implementation is not very flexible (there's one XML file for the whole server and it cannot be reloaded at runtime), but it is pluggable, so alternatives are possible.

One option that has been discussed, for example, is to expose the JBI Subject to Spring to allow Spring security to act on service invocations. Another option would be to support annotations on the service WSDL. Of course, these have not been implemented at present.

What encryption or digital signature options are there?

For messages in or out of the bus, WS-Security provides the encryption and digital signature options. For messages within the bus, there are no particular features along these lines.

What auditing options are there?

Logins may be audited using a JAAS module, as mentioned above.

It is also possible to audit message traffic – one option would be to use XPath Routing to send each message to both an auditing service and the usual destination. Another (if using the JMS Flow) would be to configure a virtual destination in ActiveMQ and audit copies of the message traffic.

Performance

Testing

Complex Services

...