[jboss-dev-forums] [Design of JBoss ESB] - Re: Http Gateway - requirements please...
tfennelly
do-not-reply at jboss.com
Wed Jul 29 09:23:36 EDT 2009
So just to let people comment on how some of the security aspects might look....
Specifying the http authentication method for the deployment could look like this:
| <http-provider name="http">
| <http-bus busid="ordermgt" />
|
| <auth method="BASIC" />
| </http-provider>
|
Where the auth method can be an enum of "BASIC", "CLIENT" and "DIGEST".
The allowed methods and roles could be defined on a per http-bus basis as follows (extending the last example):
| <http-provider name="http">
| <http-bus busid="sales">
| <methods>
| <!-- Restrict access to the GET, POST and OPTIONS (auto) methods... -->
| <method name="GET" />
| <method name="POST" />
| </methods>
| <roles>
| <!-- Restrict access to authenticated members of the "salesAdmin" role... -->
| <role name="salesAdmin" />
| </roles>
| </http-bus>
|
| <auth method="BASIC" />
| </http-provider>
|
Where the method name can be an enum of the HTTP method types listed as requirements earlier in this thread, with the OPTIONS method always allowed (I think that was the requirement for OPTIONS). All methods are allowed by default.
Transport guarantees might also be configured on a per bus basis as follows e.g.
| <http-provider name="http">
| <http-bus busid="sales">
| <transport guarantee="CONFIDENTIAL" />
| </http-bus>
| </http-provider>
|
Where the guarantee is an enum of CONFIDENTIAL, INTEGRAL or NONE (default).
Of course all of this is open to change. This is just one set of options/suggestions.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4246712#4246712
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4246712
More information about the jboss-dev-forums
mailing list