Show Table of Contents
10.20. Further HTTP Gateway Security
To force an end-point to use a log-in, utilise the <protected-methods> and <allowed-roles> sections of a <http-bus> configuration file:
<http-bus busid="secureSalesDeletes"> <allowed-roles> <role name="friend" /> </allowed-roles> <protected-methods> <method name="DELETE" /> </protected-methods> </http-bus>
The above configuration stipulates that a valid "friend" log-in is required for delete requests made on the "secureSalesDeletes" bus.
The following log-in matrix tries to illustrate which configurations will enforce a log-in, and when.
Table 10.15.
| Methods Specified | Roles Specified | Log-in Required |
|---|---|---|
| No |
No
| No |
| No |
Yes
| For All Methods |
| Yes |
Yes
| For Specified Methods Only |
| Yes |
No
| No. Specified methods blocked to all. |
Configure the authentication method and security domain from within the <war-security> configuration's <globals> element:
<http-provider name="http"> <http-bus busid="secureFriends"> <allowed-roles> <role name="friend" /> </allowed-roles> <protected-methods> <method name="DELETE" /> </protected-methods> </http-bus> <auth method="BASIC" domain="java:/jaas/JBossWS" /> </http-provider>
The method attribute can be one of "BASIC" (default), "CLIENT-CERT" or "DIGEST".
You can configure the HTTP Transport Guarantee on a per http-bus basis by specifying it on the bus using the "transportGuarantee" attribute.
<http-bus busid="secureFriends" transportGuarantee="CONFIDENTIAL"> <!-- etc etc --> </http-bus>
The valid values for transportGuarantee are "CONFIDENTIAL", "INTEGRAL" and "NONE".
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.