Enabling authentication for a Service Locator server

About this task

Part of this configuration involves specifying users with corresponding passwords and roles. It depends on type of your JAAS login module where and how this information is specified. For example, if the JDBCLoginModule is used then user, passwords and roles are stored in a database.

Please take a look at the Security framework section of the Karaf Developers Guide (http://karaf.apache.org/) to get information on how to configure and use these different JAAS login modules in the container.

The configuration steps needed are as follows:

Procedure

Enable authentication in a server container, by setting the corresponding property in the ZooKeeper server configuration file <container>/etc/org.talend.esb.locator.server.cfg: authentication = true

Information noteWarning: Do not switch off authentication after Service Locator is secured and services have been registered with the Service Locator.

Specify users with corresponding passwords and roles.

By default all information about users is stored in <container>/etc/users.properties. So, modify this file in the container where the Service Locator is running, and add roles for the user(s).

For example, add the following lines to <container>/etc/users.properties:

# tadmin is user with administrator privileges
tadmin=tadmin,admin,sl_admin
# sluser is a user for the client side that is just able to lookup 
# endpoints on Service Locator
sluser=upassword,sl_read
# slservice is a user for server side that is able to register and  
# lookup endpoints on Service Locator
slservice=spassword,sl_maintain

Note that the following roles are available for Service Locator clients:

Role	Description
sl_read	This role is for clients, that only lookup endpoints. If the sl_read role is given to a user, they can get data from a node and list its children.
sl_maintain	This role is for users that register endpoints on the Service Locator server. The user can: get data from a node and list its children create a child node set data for a node delete a child node
sl_admin	It is the same as sl_maintain, but in addition, the user can set permissions.

Role

Description

sl_read

This role is for clients, that only lookup endpoints.

If the sl_read role is given to a user, they can get data from a node and list its children.

sl_maintain

This role is for users that register endpoints on the Service Locator server. The user can:

get data from a node and list its children
create a child node
set data for a node
delete a child node

sl_admin

It is the same as sl_maintain, but in addition, the user can set permissions.

Note: Roles are case insensitive - you can use either uppercase or lowercase letters for roles in configuration files.

Warning: For production use, the sample passwords used here will need to be replaced with your project's own passwords.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here