Given below is an overview of how some common security concepts are implemented in EI-Broker runtime.
|Security Concept||How it is Implemented in EI-Broker|
|Authentication||Andes Authenticator connected entities to authenticate.|
|Authorization||Creation and use of role-based permissions.|
|Availability||Clustering using Apache Zookeeper.|
|Integrity||Message-level encryption using WS-Security.|
Let's see how each concept in the table above is implemented in EI-Broker.
To set up EI-Broker runtime with the Integration runtime in WO2 EI, refer to section Configuring with the Broker Profile. Also, open
<EI_HOME>/wso2/broker/conf/advanced/qpid-config.xml file and add the following line as a child element of <tuning>.
Authentication: Plain Text
EI-Broker requires all its incoming connections to be authenticated. The
<EI_HOME>/conf/jndi.properties file contains lines similar to the following. They contain the username and password credentials used to authenticate connections made to the EI-Broker runtime. This is plain text authentication.
In the EI-Broker authentication example below, we send a request to the proxy service testJMSProxy, which adds a message to the example.MyQueue queue.
If you change the authentication credentials of the jndi.properties file, the connection will not be authenticated. You will see an error similar to:
In the previous authentication example, the user names and passwords are stored in plain text inside the WSO2 EI’s jndi.properties file. These credentials can be stored in an encrypted manner for added security.
EI-Broker runtime allows user-based authorization as seen in the example on WSO2 MB Authentication. To set up users, follow the instructions in User Management section of the WSO2 Admin Guide.
EI-Broker provides role-based authorization for topics, where public/subscribe access can be assigned to user groups. For more information on setting up role-based authorization for topics, refer to section Managing Topics and Subscriptions section of the WSO2 MB documentation.
Next, let's see how security is implemented in Apache ActiveMQ: Security in Apache ActiveMQ .