4 Replies Latest reply on Dec 21, 2009 4:11 AM by blep

    ESB 4.7, security and FSListener

    blep
    blep Dec 16, 2009 5:29 AM

      Hello,

       

      I have to control services access, the services guide and security_basic sample helped me.

       

      I have a question: Is it possible to set a FS provider as a gateway to a service with authentication? Is there any way to set principal/credential in the FS provider?

      • 3037 Views
      • Tags:
        • 1. Re: ESB 4.7, security and FSListener
          beve
          beve Dec 17, 2009 1:00 AM (in response to blep)

          Hi,

           

          sorry, there is currently nothing like that in the code base.

           

          Could you explain your use case and what you'd like to see?

           

          Thanks,

           

          /Daniel

            • Actions
          • 2. Re: ESB 4.7, security and FSListener
            blep
            blep Dec 17, 2009 4:12 AM (in response to beve)

            Well, the structure is the following:

             

            • A directory listened for incoming data
            • A CBR to route data
            • Services to process data

             

            We have to make direct remote service invokations (with the service invoker) possible but with at least access control. The FS gateway is not considered as a security hole because the directory is under OS access control.

             

            It doesn't seem to be a blocking issue because we can imagine to place an action before the CBR in witch the message is added a security context. If the gateway had the ability to be set for principal/credentials to add in the message we would use this way.

             

            Rgds

              • Actions
            • 3. Re: ESB 4.7, security and FSListener
              beve
              beve Dec 17, 2009 2:59 PM (in response to blep)

              blep wrote:

               

              If the gateway had the ability to be set for principal/credentials to add in the message we would use this way.

               

               

              You can do this by specifying your own custom org.jboss.soa.esb.listener.message.MessageComposer.

              In your jboss-esb.xml you can specify that your MessageComposer should be used like this:

               

              <fs-listener name="FileGateway" busidref="xxxFileMessageBus" is-gateway="true" >
     <property name="composer-class" value="your.package.YourComposerImpl"/>
              For an example of a MessageComposer you can take a look at org.jboss.soa.esb.listeners.gateway.LocalFileMessageComposer. It simply adds information about the file being read as properties on the ESB Message object instance.
              In your case I think what you want is to be able to specify the credentials in the config as properties. This is possible, as you probably can see the MessageComposer interface method setConfiguration gets passed a ConfigTree instance which will contain the properties.
              For example, if you want to have a username in you config like this:
              <property name="username" value="Smith"/>
              Then you can access that property like this:
              config.getAttribute("username");
              Hope this makes sense.
              Regards,
              /Daniel
                • Actions
              • 4. Re: ESB 4.7, security and FSListener
                blep
                blep Dec 21, 2009 4:11 AM (in response to beve)

                Of course it makes sense!

                 

                Thanks for your help, it solves the issue by a smart way!

                  • Actions