[jboss-dev-forums] [Design of JBoss Identity] - Re: SAML Assertions

[jeff.yuchang]

"jkurtz.wa at gmail.com" wrote : "mark.little at jboss.com" wrote : "anil.saldhana at jboss.com" wrote : John,  what would be the various integration points in ESB?  From my recollection,  the ESB message can contain security context.  So an action can be an integration point.  
  |   |   | 
  |   | 
  |   | It could be enforced within an action, or within filters. Since filters are imposed by the infrastructure and do not rely on the application or service configuration being right (or deliberately spoofed) they would seem to be more appropriate.
  | 
  | Mark, could you elaborate on this? This is really an important point. I am going to look for some examples of filters and will work through the examples to understand further.

Hi John,

As Mark mentioned the filter, it reminds me of this great feature. So today, I've looked into the filter feature again. Have some thoughts on adding security feature by using filter. 

Right now, we extract the security information in the Gateway, and then do the authentication in the service actionProcessingPipeline.

With introducing a securityFilter, we will do the extraction work on the onOutput(...), which before leaving Gateway. onInput(...) will do the seucirty enforcement. And then we just need to configure the $jbossesb/server/default/jbossesb.sar/jbossesb-properties.xml by adding the securityFilter.

In this way, the security feature becomes very pluggable.

If I understands codes correctly. The process will be like:


  | Message -> Gateway -> Filter.doOuput -> Transport -> Filter.onInput -> Service1 -> Filter.onOutput -> Transport ->....
  | 
So the Gateway will only has the Filter.onOutput, no onInput though. But for service level, it has both onInput and onOutput.

Hope this Helps.

Jeff

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188061#4188061

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4188061