2 Replies Latest reply on Sep 11, 2008 10:24 AM by Sebastian Pätzold

    Securing JBoss ESB services

    Sebastian Pätzold Newbie

      Hi there,

      I've been working with JBoss ESB for some time now. I've written several services used to provide business functionalities. Now I'm thinking about a security mechanism for these services. However, this seems to be a complex topic.

      Most important I need means for authentification. For example only trusted users should be able to access a service and provide input data for it. Are there any best practices for JBoss ESB?

      One of the features I really like about JBoss ESB is the separation of business logic (in the action queue) and the transports. For webservices there exists a security framework with WS-Security, WS-Trust, XML Signature and so on. In my understanding however, these are bound to the transport "webservice". How can I achieve a separation of security issues from the transport? Is there a standard ESB-way to do it?

      Any comments, links to literature concerning SOA security and so on are welcome! Thanks in advance.

      -Sebastian