4 Replies Latest reply on Jun 11, 2012 5:21 AM by radomir.kadlec

How to make authorization on endpoints working

radomir.kadlec Jun 8, 2012 10:25 AM

Hello,

I will use authorization on my cxfbc:consumer endpoints. So I will order diffrent user roles to my endpoints to allow the access only for users owning the dedicated role.

I use DefaultAuthorizationEntry in the Spring configuration as described in this manual:

http://servicemix.apache.org/SMX4NMR/5-security.html

At first I created a new DefaultAuthorizationEntry with type="Remove" to remove the default authorization entry for endpoint="*".

Then in my second DefaultAuthorizationEntry I entered the name of my endpoint to be authorized in the "endpoint" property.

But the DefaultAuthorizationService did not find any matching endpoint to my entry.

In the debugging mode I realized, the authorization service compares the entered endpoint name with a generated endpoint id. No wonder, no matching endpoins are found.

It seems, there is a BUG in the authorization process in ServiceMix.

See FlowRegistryImpl line 93, where the endpoint id instaed of endpoint name is used to call authorizationService.getAcls.

I use the newest apache-servicemix-4.4.1-fuse-06-03 and osgi deployment.

Thank you for any tips, how to make the authorization working.

Radomir

1. Re: How to make authorization on endpoints working

ffang Jun 10, 2012 10:59 PM (in response to radomir.kadlec)

Hi,

This is a bug, will create an internal jira ticket and fix it soon.

Freeman
Actions
2. Re: How to make authorization on endpoints working

radomir.kadlec Jun 11, 2012 3:12 AM (in response to ffang)

Thank you Freeman!
I saw in the Jira, you have created and fixed the bug allready.
The planed version you entered is ServiceMix NMR 1.6.0.
Will this change come in Fuse ESB too? In which Fuse version?
Thank you
Radomir
Actions
3. Re: How to make authorization on endpoints working

ffang Jun 11, 2012 4:59 AM (in response to radomir.kadlec)

Hi,

Yeah, next FUSE ESB release will pick up this fix too.

Btw, you actually don't need a new DefaultAuthorizationEntry with type="Remove" to remove the default authorization entry for endpoint="*", the AuthorizationEntry with type="Set" will clear all firstly for that entry.

Freeman

Edited by: ffang on Jun 11, 2012 8:52 AM
Actions
4. Re: How to make authorization on endpoints working

radomir.kadlec Jun 11, 2012 5:21 AM (in response to ffang)

Thank you Freeman!
I am expecting the new Fuse ESB release.

Yes, I know the Set/Remove/Add possibilities in DefaultAuthorizationEntry.
I have many configuration files with many services, not only one.
Therefore I use the Remove command in one place in my common configuration file.
All other configuration files with their services use than the Add command to add their own authorization entries.

Radomir
Actions

Go to original post