Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Given below is an overview of how some common security concepts are implemented in WSO2 Message EI-Broker runtime.

Security ConceptHow it is Implemented in WSO2 MB
Authentication Andes Authenticator connected entities to authenticate.
Authorization Creation and use of role-based permissions.
AvailabilityClustering using Apache Zookeeper.
Integrity Message-level encryption using WS-Security.

Let's see how each concept in the table above is implemented in WSO2 MBEI-Broker.  

To set up WSO2 MB with WSO2 ESB, refer to section Configure with WSO2 Message Broker. Also, open <MB<EI_HOME>/wso2/repositorybroker/conf/advanced/qpid-config.xml file and add the following line as a child element of <tuning>.

Code Block
languagehtml/xml
<messageBatchSizeForBrowserSubscriptions>100000</messageBatchSizeForBrowserSubscriptions>

Authentication: Plain Text
Anchor
AuthMB
AuthMB

WSO2 MB EI-Broker requires all its incoming connections to be authenticated. The <ESB<EI_HOME>/repository/conf/jndi.properties file contains lines similar to the following. They contain the username and password credentials used to authenticate connections made to the WSO2 MBEI-Broker runtime. This is plain text authentication.

Anchor
plain
plain

Code Block
connectionfactory.TopicConnectionFactory = amqp://admin:admin@clientID/carbon?brokerlist='tcp://localhost:56725675'
connectionfactory.QueueConnectionFactory = amqp://admin:admin@clientID/carbon?brokerlist='tcp://localhost:56725675'

In the WSO2 MB authentication example

Anchor
Auth
Auth
below, we send a request to the proxy service testJMSProxy, which adds a message to the example.MyQueue queue.  

...

Code Block
ERROR - AMQConnection Throwable Received but no listener set: org.wso2.andes.AMQDisconnectedException: Server closed connection and reconnection not permitted.

Authentication: Encrypted

In the previous authentication example, the user names and passwords are stored in plain text inside the WSO2 ESB’s jndi.properties file. These credentials can be stored in an encrypted manner for added security.  

Authorization
Anchor
AuthrMB
AuthrMB

WSO2 MB EI-Broker runtime allows user-based authorization as seen in the example on WSO2 MB Authentication. To set up users, follow the instructions in User Management section of the WSO2 MB documentationAdmin Guide.
 
WSO2 MB EI-Broker provides role-based authorization for topics, where public/subscribe access can be assigned to user groups. For more information on setting up role-based authorization for topics, refer to section Managing Topics and Subscriptions section of the WSO2 MB documentation.

Integrity
Anchor
InMB
InMB

Integrity is part of message-level security, and can be implemented using a standard like WS-Security. Refer to the section on Integrity in ActiveMQ to see how message-level security works over JMS.

...