To ensure that the Fuse ESB Enterprise container is automatically secure after you install it, the default security settings have changed in version 7.0.2. By default in Fuse ESB Enterprise 7.0.2, none of the container's services are remotely accessible.
The following ports and services are affected by this security change:
SSH console port (remote administration).
JMX port.
Apache ActiveMQ JMS broker.
Karaf Web console (not enabled by default).
Apache ActiveMQ Web console (not enabled by default).
If you deploy any routes that connect to the internal Apache ActiveMQ broker, you must change the configuration of the ConnectionFactory so that it is defined with a username and a password. This is necessary, because the Apache ActiveMQ broker is now secure by default.
For example, in Spring XML you could configure the Camel ActiveMQ component as follows:
<beans ... >
...
<bean id="activemq"
class="org.apache.activemq.camel.component.ActiveMQComponent">
<property name="brokerURL" value="tcp://localhost:61616"/>
<property name="userName" value="Username"/>
<property name="password" value="Password"/>
</bean>
...
</beans>Where the UsernamePasswordadmin privileges.
When migrating your applications to a fresh installation of a Fuse ESB Enterprise 7.0.2 container, you should perform the following steps to configure security on the container:
Configure JAAS security in the
InstallDir/etc/users.propertiesadminprivileges . Each user entry is defined on its own line and has the following format:Username=Password,adminWhere the
adminrole gives this user the privileges to access all administration and management functions of the container.Edit the
InstallDir/etc/system.propertieswebconsole.jmx.*andwebconsole.jms.*properties as follows:webconsole.jmx.user=
Usernamewebconsole.jmx.password=Passwordwebconsole.jms.user=Usernamewebconsole.jms.password=PasswordWhere the
UsernamePasswordadminprivileges.
For more details about these security changes, see Basic Security in Configuring and Running Fuse ESB Enterprise.
 |  | |
 |
