Red Hat Training

A Red Hat training course is available for Red Hat Fuse

Chapter 1. SwitchYard Security

SwitchYard services can be secured by:
  • Specifying a list of security policies that are required for that service.
  • Configuring application-level security processing details for the services within a domain.
  • Configuring system-level security processing details.
  • Storing sensitive information, such as passwords, in the JBoss AS password vault.
For information on SAML (Security Assertion Markup Language) and Java Security Manager, refer JBoss Enterprise Application Platform 6.1.1 Security Guide.

See Also:

1.1. About SwitchYard Security

SOA architecture involves applications to be exposed as services. These services must be protected against security vulnerabilities such as a SQL injection attack, XML entity expansion, and denial of service attack. The security implementation covers these security concerns and also provides the ability to monitor usage of services in SOA. However, you need to address the security concerns as an application developer if you are building your application on top of the product. For more information on such security concerns, refer https://www.owasp.org/index.php/Top_10_2013-Top_10.
SwitchYard services are secured in the following ways:
  • Specify a list of security policies that are required for that service in the SwitchYard application descriptor (switchyard.xml). Edit the switchyard.xml file using the SwitchYard editor plug-in and specify the security policy by using the requires attribute of a component service definition as shown below: 
    <service name="WorkService" requires="authorization clientAuthentication confidentiality">
  • You can configure the security processing details for the services within a domain in the following ways:
    • Select the Service for a component and view the Properties View in the SwitchYard editor.
    • Hover over the Service for a component. A list of tools including the Property Sheet appears. It contains the security information.
  • Ensure Authorization, Client Authentication and Confidentiality are checked.
This guide provides information on Red Hat JBoss Fuse security. For information on the security of underlying application platform, refer JBoss Enterprise Application Platform 6.1.1 Security Guide.