Sujit Biswas

Security in open-esb

Basic Authentication, this can be based on 

1. Glassfish security realm
2. Sun Java Access Manager
3. WssTokenCompare

 The following steps describes the basic authentication process

• The client sends a request to the Web service, sending the  credentials as part of the http authorization header , base64 encoded.
• The Web service validates the credentials against the glassfish/access-manager /WssTokenCompare.
• The Web service returns a response to the client.

 For more information see basic authentication

Basic Authentication and Authorization

1. this support is only available while using Sun Java System Access Manager while doing basic authentication for more detail see

Brokered Authentication  

The brokered authentication has the following steps

• The client submits an authentication request
  
• The authentication broker validate the authentication credentials , The authentication broker responds to the client if authentication is successful and issues a security token. The client can use the security token to authenticate with the service.
• A request message containing the security token is sent to the service.
  
• The service authenticates the request by validating the security token and sent the response

In open-esb this is achieved using wsit , and the most common security mechanism used in this regard are

•  X509 Security token
  
• Security Token Service

Fore more details see the following examples

• mutual cerficates
• saml
  

Posted at 03:58PM Jul 11, 2008 by sujit in Sun  |  Comments[0]