Authenticate WebService

One Star

Authenticate WebService

Hello,

How i can manage jass authenticate role on karaf.
I check ESB Service Security Username / Password, i deploy my kar on ESB Container
But how i can specify jaas role access for my service.
Thanks
Employee

Re: Authenticate WebService

Hi,
There is a PropertiesLoginModule preinstalled in Talend Runtime/karaf container which can be used to do auth for your application.
karaf@trun> jaas:realms
Index Realm Module Class
1 karaf org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
you can manage this karaf realm from console commands:
karaf@trun> jaas:
jaas:cancel jaas:manage jaasSmiley Tongueending jaas:realms jaas:roleadd jaas:roledel jaas:update
jaas:useradd jaas:userdel jaas:users
also, you could find user/pwd info directly from etc/users.properties
HTH
One Star

Re: Authenticate WebService

Hello,
How i can define for each TalendService an access Role. Sample :
TalendServiceHello --> Only role1 can have full access
TalendServiceHey --> Only role2 can have full access

My "./etc/users.properties"
user1=pwd,role1
user2=pwd,role2
But how i can define role access for each Service.
Thanks
Employee

Re: Authenticate WebService

One way is using XACML authorization. To use this you first need to make sure you do authentication in CXF and also populate the roles of the SecurityContext. The you need to add a XACML Policy Enforcement point interceptor in your service provider. Together with a Policy Decision Point and the Talend XACML registry you can then do authorization using XACML policies which can also do role based access.
Another solution is to use Spring Security. There you can use @RolesAllowed annotations on your service methods to specify which roles have access.
Both variants are not easy to setup though. So you may want to ask our professinal services for assistence.
Btw. I also think we need some simple default configuration for role based authentication but currently there is no out of the box solution.
One Star

Re: Authenticate WebService

Hello,
Thanks for your help, can you tell me with file we can configure to specify XACML policies.
Thanks a lot
Employee

Re: Authenticate WebService

Unfortunately managing XACML policies is not possible in a simple file. You need to setup the XACML policy registry. It manages policies in a jackrabbit repository. There is also a UI to manage permissions. So once it is set up it is fairly easy.
I just checked the product feature map. XACML is only available in the Talend Enterprise ESB. The documentation there will get you started.
One Star

Re: Authenticate WebService

hi,
how to asaign username/password for particular service in esb
One Star

Re: Authenticate WebService

hi,
i created one service -->Runtime ESB Options -->i am providing authentication like username /password ..
and goes to consumer job .after that i am going to acess that service,at that time it doesn't asking authentication but response is getting.i want to know where can i acess that crediantials in consumer level.