Five Stars

Securing a ESB Job

Hi!

 

I have a REST job. This job can be executed only by authorized users.

 

Is it possible to protect the job execution using Basic Authentication? If yes, how can I do it?

 

Thanks!

 

Luciano

  • ESB
Tags (3)
7 REPLIES
Eleven Stars

Re: Securing a ESB Job

This is pretty straight forward. These are the high level steps.....

 

1) Build your Rest service using the tRestRequest and tRestResponse components. Click the "Use Authentication" tick box in the tRestRequest basic settings, and select "Basic HTTP".

2) You will need to run the service using the Runtime (Apache Karaf). To configure your users you will need to add them to the users.properties file in the Runtime_ESBSE\container\etc folder. Google this for details on how this works.

3) Build your service and save it as an OSGI Bundle for ESB. Save it to the Runtime_ESBSE\container\deploy folder.

4) Assuming default settings, you can see your service end by going to this URL (http://localhost:8040/services). 

 

When you run your service it should require you to enter credentials.

 

As simple as that :-)

Rilhia Solutions
Five Stars

Re: Securing a ESB Job

Thank you RH_ALL!

 

It works! Just one another question...

 

Is it possible to authorize the job using group or role? Example: job1 can be executed by user that have role usr1 and usr2, job2 can be executed by users with role usr3 only?

 

Best regards!

 

Luciano

Eleven Stars

Re: Securing a ESB Job

I'm not sure about this. It is not something that I have needed to do. I had a bit of a Google and didn't find anything that said you couldn't.....but also didn't find anything that said you could and how. I'd be interested in seeing how this could be implemented though

Rilhia Solutions
Moderator

Re: Securing a ESB Job

Hello,

We have redirected your issue to ESB expert and then come back to you as soon as we can.

Best regards

Sabrina

--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.
Employee

Re: Securing a ESB Job

When you say executed by different user, do you mean actually the consumer of the service, or do you mean the actual service account under which the service is started?

Five Stars

Re: Securing a ESB Job

Hi,

I mean the service consumer. I would like to authorize the service by groups like an web application using JAAS. Is is possible?

I think it must have a service descriptor where I put the job and groups having access. What do you think about?

Luciano
Six Stars

Re: Securing a ESB Job

Hi,

I did not test it yet, but some research I did points me in the direction of configuring an new authentication realm for the specific endpoint and use spring to point to the new realm. In studio 6.4 you can edit and see the spring config.