Security in open-esb
By sujit on Jul 11, 2008
Basic Authentication, this can be based on
1. Glassfish security realm
2. Sun Java Access Manager
The following steps describes the basic authentication process
- The client sends a request to the Web service, sending the credentials as part of the http authorization header , base64 encoded.
- The Web service validates the credentials against the glassfish/access-manager /WssTokenCompare.
- The Web service returns a response to the client.
For more information see basic authentication
Basic Authentication and Authorization
1. this support is only available while using Sun Java System Access Manager while doing basic authentication for more detail see
The brokered authentication has the following steps
- The client submits an authentication request
- The authentication broker validate the authentication credentials , The authentication broker responds to the client if authentication is successful and issues a security token. The client can use the security token to authenticate with the service.
- A request message containing the security token is sent to the service.
- The service authenticates the request by validating the security token and sent the response
In open-esb this is achieved using wsit , and the most common security mechanism used in this regard are
- X509 Security token
- Security Token Service
Fore more details see the following examples