Couple of servicemix security configuration questions

[Ryan Moquin <fr...@gmail.com>]

In servicemix, is there anyway to encrypt the password in the
users-passwords.properties file? Is there a way to put the security
credentials such as users, roles and passwords into a database or some other
store so that it would be easier to manage those credentials?  Is that
something you would plug a custom AuthenticationService into security.xml
for?  Or are there other options available for security.xml that aren't as
obvious?

Thanks!
Ryan

Re: Couple of servicemix security configuration questions

[Ryan Moquin <fr...@gmail.com>]

Also, I noticed some discussions about the CXF webservice using JAAS
authentication and how it doesn't forward the credentials to the CXF-BC.  I
thought I did see however that someone said that the credentials are still
recognized in Servicemix for that exchange.  My question then, is that if
someone authenticates to the CXF consumer endpoint, and specifies some
parameter that causes an exchange to be sent to another service for
processing, will the credentials of the user who accessed the CXF
webservice, be enforced by activemq when accessing any other services in
that servicemix container?  Or is it that once the person passes the
authentication in the CXF consumer endpoint, then no restrictions are put on
the message exchange that continues on to another service for processing?
Such as if you setup certain uses to be able to hit a certain internal
endpoint in security.xml.  Will that be enforced for the user who is
identfied by the CXF BC?  Or do you have to intercept those credentials, and
attach them to the message and then verify them on the internal service
independently?

Thanks!

Ryan

On Tue, Jul 28, 2009 at 11:12 AM, Ryan Moquin <fr...@gmail.com>wrote:

> In servicemix, is there anyway to encrypt the password in the
> users-passwords.properties file? Is there a way to put the security
> credentials such as users, roles and passwords into a database or some other
> store so that it would be easier to manage those credentials?  Is that
> something you would plug a custom AuthenticationService into security.xml
> for?  Or are there other options available for security.xml that aren't as
> obvious?
>
> Thanks!
> Ryan
>

Re: Couple of servicemix security configuration questions

[Jean-Baptiste Onofré <jb...@nanthrax.net>]

Hi Ryan,

Currently it's not possible to crypt the content of the properties file.

Guillaume has worked on this topic for SMX4:
http://issues.apache.org/activemq/browse/SMX4KNL-162

Use SMX3, you can setup the JAAS conf/login.properties to add new 
connector in the servicemix-domain security domain.
Using this JAAS connector, you can store your principal/credential into 
a database (via JDBC) or create your own connector.

Regards
JB

Ryan Moquin wrote:
> In servicemix, is there anyway to encrypt the password in the
> users-passwords.properties file? Is there a way to put the security
> credentials such as users, roles and passwords into a database or some other
> store so that it would be easier to manage those credentials?  Is that
> something you would plug a custom AuthenticationService into security.xml
> for?  Or are there other options available for security.xml that aren't as
> obvious?
> 
> Thanks!
> Ryan
>