SlideShare una empresa de Scribd logo

Apache Camel Middleware Security

Kenneth Peeples
Kenneth Peeples

This document provides an overview of a presentation on middleware security for Apache CXF, Camel, ActiveMQ and Karaf. It discusses various security concepts like authentication, authorization, auditing and encryption. It then goes into more details on implementing security for specific middleware like 2-way SSL for ActiveMQ, JAAS for authentication and authorization, password masking. It also discusses security implementations and examples for Camel, CXF, Karaf container and integration with other security frameworks like PicketLink, Spring Security and Shiro. The presentation will include demonstrations of web console security and securing ActiveMQ broker, producers and consumers using SSL.

TecnologíaNoticias y política
1 de 35
Descargar para leer sin conexión
CamelOne 2013 1 Apache Karaf, ActiveMQ, Camel and CXF Security Kenny Peeples JBoss Technology Evangelist, Red Hat
2 CamelOne 2013 CamelOne Session Overview Middleware Security for Apache CXF, Camel, ActiveMQ and Karaf as well as others continue to be an ongoing concern especially around Authentication,Authorization, Data at Rest and Data in Transit.The session will include a presentation and demonstrations of implementing Authentication (AuthN) and Authorization (AuthZ) as well as other security topics.
3 CamelOne 2013 CamelOne Speaker Bio Kenneth has spent the last 7 years, with the last 3 being with Red Hat, working as a Consultant for the government for the Department of Defense, Department of Homeland Security and Intelligence Community. He designed, built and lead multiple projects including the Enterprise Security Federation Framework (ESF2), Information Assured Android Device (IA2D) and JBoss SCAP Content. During this time he has worked with Open Source Software with a focus on Red Hat and JBoss Products and Information Assurance. He also received his Security+ and Computer Hacking Forensic Investigator (CHFI) certifications. Kenneth works in the Red Hat Middleware Product Business Unit as a JBoss Technology Evangelist with a focus on Fuse, SOA and EDS products. Kenneth's Social Media Links Website: http://people.redhat.com/kpeeples Blogger: http://www.ossmentor.com
4 CamelOne 2013 CamelOne JBoss.org http://www.jboss.org/products Enterprise software downloads for developers
5 CamelOne 2013 CamelOne Middleware Security Concepts • Authentication • Authorization • Auditing • Encryption
6 CamelOne 2013 CamelOne 2-way SSL Mutual authentication or two-way authentication
7 CamelOne 2013 CamelOne Password Masking When securing a container or its components it is undesirable to use plain text passwords in configuration files. One way to avoid this problem is to use encrypted property placeholders when ever possible.This is done in Fuse with the Java Simplified Encryption. • http://www.jasypt.org/ • http://activemq.apache.org/encrypted-passwords.html • https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Secu rity_Guide/files/ESBSecurityEncryptProperties.html
8 CamelOne 2013 CamelOne What is JAAS? The Java Authentication and Authorization Service (JAAS) can be used for two purposes: • for authentication of users, to reliably and securely determine who is currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet; and • for authorization of users to ensure they have the access control rights (permissions) required to do the actions performed. http://docs.oracle.com/javase/7/docs/technotes/guides/secur ity/jaas/JAASRefGuide.html
9 CamelOne 2013 CamelOne Apache ActiveMQ Security SSL/TLS security Apache ActiveMQ supports the use of SSL/TLS to secure client- to-broker and broker-to-broker connections, where the underlying SSL/TLS implementation is provided by the Java Secure Socket Extension (JSSE). JAAS security Apache ActiveMQ also supports JAAS security, which typically requires clients to log on to the broker by providing username and password credentials. https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/ 6.0/html/Security_Guide/files/Arch-Architecture-ActiveMQ.html
10 CamelOne 2013 CamelOne Apache ActiveMQ Security (Continued) To enable JAAS security in a broker, you install one of the supported JAAS plug-ins. Each of the JAAS plug-ins supports a different kind of credentials or implements a somewhat different login procedure. The following JAAS plug-ins are currently supported by Apache ActiveMQ: • jaasAuthenticationPlugin • jaasCertificateAuthenticationPlugin • JaasDulAuthenticationPlugin
11 CamelOne 2013 CamelOne Apache ActiveMQ Security (Continued) Apache ActiveMQ provides a number of different JAAS login module implementations, which are used to define JAAS realms.The following JAAS login modules are currently implemented by Apache ActiveMQ: • PropertiesLoginModule • LDAPLoginModule • GuestLoginModule • TextFileCertificateLoginModule
12 CamelOne 2013 CamelOne Apache Camel Security Camel offers several forms & levels of security capabilities that can be utilized on camel routes.These various forms of security may be used in conjunction with each other or separately. The broad categories offered are • Route Security • Payload Security • Endpoint Security • Configuration Security http://camel.apache.org/security.html
13 CamelOne 2013 CamelOne Apache Camel Security (Continued) This figure shows an overview of the basic options for securely routing messages between Apache Camel endpoints. https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Security_Guide/files/Arch -Architecture-Camel.html
14 CamelOne 2013 CamelOne Apache Camel Security (Continued) As shown in the figure above, you have the following options for securing messages: Endpoint security—part (a) shows a message sent between two routes with secure endpoints. Payload security—part (b) shows a message sent between two routes where the endpoints are both insecure.
15 CamelOne 2013 CamelOne Apache Camel Security (Continued) Some of the Camel components that currently support security are, as follows: • JMS and ActiveMQ—SSL/TLS security and JAAS security for client-to-broker and broker-to-broker communication. • Jetty—HTTP Basic Authentication and SSL/TLS security. • CXF—SSL/TLS security andWS-Security. • Crypto—creates and verifies digital signatures in order to guarantee message integrity. • Netty—SSL/TLS security. • MINA—SSL/TLS security. • Cometd—SSL/TLS security. • glogin and gauth—authorization in the context of Google applications.
16 CamelOne 2013 CamelOne Apache Camel Security (Continued) Apache Camel provides the following payload security implementations, where the encryption and decryption steps are exposed as data formats on the marshal() and unmarshal() operations • XMLSecurity data format For more details, see http://camel.apache.org/xmlsecurity- dataformat.html. • Crypto data format For more details, see http://camel.apache.org/crypto.html
17 CamelOne 2013 CamelOne Apache Camel Security Example In order to explain how to secure a Camel CXF endpoint in OSGi, the tutorial below builds on an example available from the standalone distribution of Apache Camel, the Camel CXF proxy demonstration. The figure below gives an overview of how this demonstration works. https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Security_Guide/files/Cam elCXF-ProxyDemo.html
18 CamelOne 2013 CamelOne Karaf (OSGi) Container Security JAAS realms - Red Hat JBoss Fuse supports a special mechanism for defining JAAS login modules (in either a Spring or a blueprint file) karaf realm - The OSGi container has a predefined JAAS realm, the karaf realm. Red Hat JBoss Fuse uses the karaf realm to provide authentication for remote administration of the OSGi runtime, for the Web Console, and for JMX management. Console port - You can administer the OSGi container remotely either by connecting to the console port with a Karaf client or using the Karaf ssh:ssh command. JMX port - You can manage the OSGi container by connecting to the JMX port. The JMX port is also secured by a JAAS login feature that connects to the karaf realm. Application bundles and JAAS security - Any application bundles that you deploy into the OSGi container can access the container's JAAS realms. https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Se curity_Guide/files/Arch-Architecture-Camel.html .
19 CamelOne 2013 CamelOne Karaf Security Example This tutorial below explains how to set up an X.500 directory server and configure the OSGi container to use LDAP authentication. • install Apache Directory Server and Apache Directory Studio • add user entries into the LDAP server • add a group to manage security role • configure Red Hat JBoss Fuse to use LDAP authentication • configure JBoss Fuse to use roles for authorization • configure an instance of Apache ActiveMQ to use LDAP authentication • configure SSL/TLS connections to the LDAP server https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Security _Guide/files/ESBLDAPTutorialOverview.html
20 CamelOne 2013 CamelOne Apache CXF Security Securing CXF Services • Secure Transports • WS-* Security • WS-Trust, STS • SAML Web SSO • Oauth • Authentication with JAASLoginInterceptor and Kerberos • Authorization • Large Data Stream Caching http://cxf.apache.org/docs/security.html
21 CamelOne 2013 CamelOne Apache CXF Example An example of Apache CXF security is the same as the Camel Security example above https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/ht ml/Security_Guide/files/CamelCXF.html
22 CamelOne 2013 CamelOne Picketlink • IDM: Provide an object model for managing Identities (Users/Groups/Roles) and associated behavior using different identity store backends like LDAP and RDBMS. • Federated Identity: Support SAMLv2,WS-Trust and OpenID. • XACML: Oasis XACMLv2 implementation. • Negotiation: Provide SPNego/Kerberos based Desktop SSO. For latest information, please refer to http://www.picketlink.org
23 CamelOne 2013 CamelOne Picketlink - OASIS OASIS (Organization for the Advancement of Structured Information Standards) is a non-profit consortium that drives the development, convergence and adoption of open standards for the global information society. https://www.oasis-open.org/
24 CamelOne 2013 CamelOne Picketlink - SAML Security Assertion Markup Language (SAML) is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. https://www.oasis-open.org/committees/tc_home.ph p?wg_abbrev=security
25 CamelOne 2013 CamelOne Picketlink - Fed The following features are provided by the Fed component of PicketLink: • Federated Authentication and SSO using Oasis SAML v2.0. • Trusted Security System using a SecurityToken Server (STS) in an heterogeneous environment, using Oasis WS-Trust. • Decentralized user driven Identity support via OpenID.
26 CamelOne 2013 CamelOne Picketlink - XACML eXtensible Access Control Markup Language (XACML) is the standard that defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate authorization requests according to the rules defined in policies. https://www.oasis-open.org/committees/tc_home.p hp?wg_abbrev=xacml
27 CamelOne 2013 CamelOne Picketlink - XACML The following features are provided by the XACML component of PicketLink: • Oasis XACML v2.0 library • JAXB v2.0 based object model • Multiple Database Integration for storing/retrieving XACML Policies and Attributes • SAML v2.0 Profile of XACML v2.0 • RBAC Profile of XACML v2.0 • WSDL based SOAP PDP Service • Servlet that accepts SOAP/SAML/XACML Payload
28 CamelOne 2013 CamelOne Picketlink - XACML
29 CamelOne 2013 CamelOne Access Control Best Practices1. Know that you will need access control/authorization – spend time on it 2. Externalize the access control policy processing – do not hard code 3. Understand the difference between coarse grained and fine grained authorization – spend time during intitial design 4. Design for coarse grained authorization but keep the design flexible for fine grained authorization – loosely couple access control 5. Know the difference between Access Control Lists and Access Control standards – ACLS usually proprietary and not interoperable 6.Adopt Rule Based Access Control : view Access Control as Rules and Attributes – spend time on designing the rules and attributes 7.Adopt REST Style Architecture when your situation demands scale and thus REST authorization standards - Oauth or REST profile of XACML 8. Understand the difference between Enforcement versus Entitlement model – yes/no or what http://anil-identity.blogspot.com/
30 CamelOne 2013 CamelOne Picketlink Security Picketlink and Fuse Integration • Camel - Route Security PicketLink provided Camel Route Policy Security Interceptor • ActiveMQ PicketLink provided Security Classes
31 CamelOne 2013 CamelOne Spring Security The camel-spring-security component provides role- based authorization for Camel routes. It leverages the authentication and user services provided by Spring Security and adds a declarative, role-based policy system to control whether a route can be executed by a given principal. http://camel.apache.org/spring-security.html
32 CamelOne 2013 CamelOne Spring Security The camel-spring-security component provides role- based authorization for Camel routes. It leverages the authentication and user services provided by Spring Security and adds a declarative, role-based policy system to control whether a route can be executed by a given principal. http://camel.apache.org/spring-security.html
33 CamelOne 2013 CamelOne Shiro Security Apache Shiro is a security framework that handles authentication, authorization, enterprise session management and cryptography. The camel shiro-security component allows authentication and authorization support to be applied to different segments of a camel route. Shiro security is applied on a route using a Camel Policy. Security Examples on the security page: • Applying Shiro Authentication on a Camel Route • Applying Shiro Authorization on a Camel Route • Creating a ShiroSecurityToken and injecting it into a Message Exchange • Sending Messages to routes secured by a ShiroSecurityPolicy http://camel.apache.org/shiro-security.html
34 CamelOne 2013 CamelOne Demonstrations • Web Console Security • ActiveMQ Broker, Producer, Consumer with SSL and JBDS
35 CamelOne 2013 CamelOne Questions

Recomendados

Apache, osgi and karaf par Guillaume Nodet
Apache, osgi and karaf par Guillaume NodetApache, osgi and karaf par Guillaume Nodet
Apache, osgi and karaf par Guillaume NodetNormandy JUG
 
OSGi & Blueprint
OSGi & BlueprintOSGi & Blueprint
OSGi & BlueprintKara Satish Kumar
 
Introduction to-osgi
Introduction to-osgiIntroduction to-osgi
Introduction to-osgiIoannis Canellos
 
Jug Poitou Charentes - Apache, OSGi and Karaf
Jug Poitou Charentes - Apache, OSGi and KarafJug Poitou Charentes - Apache, OSGi and Karaf
Jug Poitou Charentes - Apache, OSGi and KarafGuillaume Nodet
 
W-JAX 2011: OSGi with Apache Karaf
W-JAX 2011: OSGi with Apache KarafW-JAX 2011: OSGi with Apache Karaf
W-JAX 2011: OSGi with Apache KarafJerry Preissler
 
OSGi ecosystems compared on Apache Karaf - Christian Schneider
OSGi ecosystems compared on Apache Karaf - Christian SchneiderOSGi ecosystems compared on Apache Karaf - Christian Schneider
OSGi ecosystems compared on Apache Karaf - Christian Schneidermfrancis
 
Intro To OSGi
Intro To OSGiIntro To OSGi
Intro To OSGiStephan Janssen
 
The Web on OSGi: Here's How
The Web on OSGi: Here's HowThe Web on OSGi: Here's How
The Web on OSGi: Here's Howmrdon
 

Recomendados

Apache, osgi and karaf par Guillaume Nodet
Apache, osgi and karaf par Guillaume NodetApache, osgi and karaf par Guillaume Nodet
Apache, osgi and karaf par Guillaume NodetNormandy JUG
 
OSGi & Blueprint
OSGi & BlueprintOSGi & Blueprint
OSGi & BlueprintKara Satish Kumar
 
Introduction to-osgi
Introduction to-osgiIntroduction to-osgi
Introduction to-osgiIoannis Canellos
 
Jug Poitou Charentes - Apache, OSGi and Karaf
Jug Poitou Charentes - Apache, OSGi and KarafJug Poitou Charentes - Apache, OSGi and Karaf
Jug Poitou Charentes - Apache, OSGi and KarafGuillaume Nodet
 
W-JAX 2011: OSGi with Apache Karaf
W-JAX 2011: OSGi with Apache KarafW-JAX 2011: OSGi with Apache Karaf
W-JAX 2011: OSGi with Apache KarafJerry Preissler
 
OSGi ecosystems compared on Apache Karaf - Christian Schneider
OSGi ecosystems compared on Apache Karaf - Christian SchneiderOSGi ecosystems compared on Apache Karaf - Christian Schneider
OSGi ecosystems compared on Apache Karaf - Christian Schneidermfrancis
 
Intro To OSGi
Intro To OSGiIntro To OSGi
Intro To OSGiStephan Janssen
 
The Web on OSGi: Here's How
The Web on OSGi: Here's HowThe Web on OSGi: Here's How
The Web on OSGi: Here's Howmrdon
 
Camel_From_The_Field
Camel_From_The_FieldCamel_From_The_Field
Camel_From_The_FieldBryan Saunders
 
Moving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesMoving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesJeff Potts
 
AWS Observability Made Simple
AWS Observability Made SimpleAWS Observability Made Simple
AWS Observability Made SimpleLuciano Mammino
 
OSGi and Java EE: A Hybrid Approach to Enterprise Java Application Development
OSGi and Java EE: A Hybrid Approach to Enterprise Java Application DevelopmentOSGi and Java EE: A Hybrid Approach to Enterprise Java Application Development
OSGi and Java EE: A Hybrid Approach to Enterprise Java Application DevelopmentSanjeeb Sahoo
 
Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...
Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...
Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...mfrancis
 
OSGi in 5 minutes
OSGi in 5 minutesOSGi in 5 minutes
OSGi in 5 minutesSerge Huber
 
What's next for Java API for WebSocket (JSR 356)
What's next for Java API for WebSocket (JSR 356)What's next for Java API for WebSocket (JSR 356)
What's next for Java API for WebSocket (JSR 356)Pavel Bucek
 
WebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsWebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsPavel Bucek
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015Pavel Bucek
 
Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reza Rahman
 
Rest overview briefing
Rest overview briefingRest overview briefing
Rest overview briefing◄ vaquar khan ► ★✔
 
RESTful web service with JBoss Fuse
RESTful web service with JBoss FuseRESTful web service with JBoss Fuse
RESTful web service with JBoss Fuseejlp12
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...J V
 
Apic dc api deep dive
Apic dc api deep dive Apic dc api deep dive
Apic dc api deep dive Cisco DevNet
 
Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015
Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015
Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015Krzysztof Sobkowiak
 
JavaOne 2014 BOF4241 What's Next for JSF?
JavaOne 2014 BOF4241 What's Next for JSF?JavaOne 2014 BOF4241 What's Next for JSF?
JavaOne 2014 BOF4241 What's Next for JSF?Edward Burns
 
Modularization With Project Jigsaw in JDK 9
Modularization With Project Jigsaw in JDK 9Modularization With Project Jigsaw in JDK 9
Modularization With Project Jigsaw in JDK 9Simon Ritter
 
WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!Maarten Smeets
 
JavaOne 2015: 12 Factor App
JavaOne 2015: 12 Factor AppJavaOne 2015: 12 Factor App
JavaOne 2015: 12 Factor AppJoe Kutner
 
Sun Web Server Brief
Sun Web Server BriefSun Web Server Brief
Sun Web Server BriefMurthy Chintalapati
 
All about Oracle Security Developer Tools
All about Oracle Security Developer ToolsAll about Oracle Security Developer Tools
All about Oracle Security Developer Toolssophina_dillard
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarJoseph Holbrook, Chief Learning Officer (CLO)
 

Más contenido relacionado

La actualidad más candente

Moving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesMoving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesJeff Potts
 
AWS Observability Made Simple
AWS Observability Made SimpleAWS Observability Made Simple
AWS Observability Made SimpleLuciano Mammino
 
OSGi and Java EE: A Hybrid Approach to Enterprise Java Application Development
OSGi and Java EE: A Hybrid Approach to Enterprise Java Application DevelopmentOSGi and Java EE: A Hybrid Approach to Enterprise Java Application Development
OSGi and Java EE: A Hybrid Approach to Enterprise Java Application DevelopmentSanjeeb Sahoo
 
Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...
Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...
Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...mfrancis
 
OSGi in 5 minutes
OSGi in 5 minutesOSGi in 5 minutes
OSGi in 5 minutesSerge Huber
 
What's next for Java API for WebSocket (JSR 356)
What's next for Java API for WebSocket (JSR 356)What's next for Java API for WebSocket (JSR 356)
What's next for Java API for WebSocket (JSR 356)Pavel Bucek
 
WebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsWebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsPavel Bucek
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015Pavel Bucek
 
Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reza Rahman
 
RESTful web service with JBoss Fuse
RESTful web service with JBoss FuseRESTful web service with JBoss Fuse
RESTful web service with JBoss Fuseejlp12
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...J V
 
Apic dc api deep dive
Apic dc api deep dive Apic dc api deep dive
Apic dc api deep dive Cisco DevNet
 
Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015
Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015
Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015Krzysztof Sobkowiak
 
JavaOne 2014 BOF4241 What's Next for JSF?
JavaOne 2014 BOF4241 What's Next for JSF?JavaOne 2014 BOF4241 What's Next for JSF?
JavaOne 2014 BOF4241 What's Next for JSF?Edward Burns
 
Modularization With Project Jigsaw in JDK 9
Modularization With Project Jigsaw in JDK 9Modularization With Project Jigsaw in JDK 9
Modularization With Project Jigsaw in JDK 9Simon Ritter
 
WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!Maarten Smeets
 
JavaOne 2015: 12 Factor App
JavaOne 2015: 12 Factor AppJavaOne 2015: 12 Factor App
JavaOne 2015: 12 Factor AppJoe Kutner
 

La actualidad más candente (20)

Camel_From_The_Field
Camel_From_The_FieldCamel_From_The_Field
Camel_From_The_Field
 
Moving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to MicroservicesMoving From Actions & Behaviors to Microservices
Moving From Actions & Behaviors to Microservices
 
AWS Observability Made Simple
AWS Observability Made SimpleAWS Observability Made Simple
AWS Observability Made Simple
 
OSGi and Java EE: A Hybrid Approach to Enterprise Java Application Development
OSGi and Java EE: A Hybrid Approach to Enterprise Java Application DevelopmentOSGi and Java EE: A Hybrid Approach to Enterprise Java Application Development
OSGi and Java EE: A Hybrid Approach to Enterprise Java Application Development
 
Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...
Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...
Build bundles in the cloud - How Cloudyle PaaS+ helps creating OSGi applicati...
 
OSGi in 5 minutes
OSGi in 5 minutesOSGi in 5 minutes
OSGi in 5 minutes
 
What's next for Java API for WebSocket (JSR 356)
What's next for Java API for WebSocket (JSR 356)What's next for Java API for WebSocket (JSR 356)
What's next for Java API for WebSocket (JSR 356)
 
WebSockets in Enterprise Applications
WebSockets in Enterprise ApplicationsWebSockets in Enterprise Applications
WebSockets in Enterprise Applications
 
WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015WebSocket in Enterprise Applications 2015
WebSocket in Enterprise Applications 2015
 
Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!
 
Rest overview briefing
Rest overview briefingRest overview briefing
Rest overview briefing
 
RESTful web service with JBoss Fuse
RESTful web service with JBoss FuseRESTful web service with JBoss Fuse
RESTful web service with JBoss Fuse
 
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
Deep Dive: Alfresco Core Repository (... embedded in a micro-services style a...
 
Apic dc api deep dive
Apic dc api deep dive Apic dc api deep dive
Apic dc api deep dive
 
Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015
Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015
Integrate (Yourself) with the Apache Software Foundation - Open Source Day 2015
 
JavaOne 2014 BOF4241 What's Next for JSF?
JavaOne 2014 BOF4241 What's Next for JSF?JavaOne 2014 BOF4241 What's Next for JSF?
JavaOne 2014 BOF4241 What's Next for JSF?
 
Modularization With Project Jigsaw in JDK 9
Modularization With Project Jigsaw in JDK 9Modularization With Project Jigsaw in JDK 9
Modularization With Project Jigsaw in JDK 9
 
WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!
 
JavaOne 2015: 12 Factor App
JavaOne 2015: 12 Factor AppJavaOne 2015: 12 Factor App
JavaOne 2015: 12 Factor App
 
Sun Web Server Brief
Sun Web Server BriefSun Web Server Brief
Sun Web Server Brief
 

Similar a Apache Camel Middleware Security

All about Oracle Security Developer Tools
All about Oracle Security Developer ToolsAll about Oracle Security Developer Tools
All about Oracle Security Developer Toolssophina_dillard
 
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptxIBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptxGeorg Ember
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxVasiliy Fomichev
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoringElasticsearch
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Jim Manico
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Jim Manico
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersDataWorks Summit
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxcgt38842
 
Whats new in was liberty security and cloud readiness
Whats new in was liberty security and cloud readinessWhats new in was liberty security and cloud readiness
Whats new in was liberty security and cloud readinesssflynn073
 

Similar a Apache Camel Middleware Security (20)

All about Oracle Security Developer Tools
All about Oracle Security Developer ToolsAll about Oracle Security Developer Tools
All about Oracle Security Developer Tools
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptxIBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
IBM BP Session - Multiple CLoud Paks and Cloud Paks Foundational Services.pptx
 
RESTful Security
RESTful SecurityRESTful Security
RESTful Security
 
SUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptxSUGCON EU 2023 - Secure Composable SaaS.pptx
SUGCON EU 2023 - Secure Composable SaaS.pptx
 
Security in Java
Security in JavaSecurity in Java
Security in Java
 
Mule security
Mule securityMule security
Mule security
 
Mule security
Mule securityMule security
Mule security
 
Mule security - pgp
Mule security - pgpMule security - pgp
Mule security - pgp
 
Fuse technology-2015
Fuse technology-2015Fuse technology-2015
Fuse technology-2015
 
Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven Cawn
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
 
Mule security
Mule securityMule security
Mule security
 
Mule security
Mule securityMule security
Mule security
 
Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5Top Ten Proactive Web Security Controls v5
Top Ten Proactive Web Security Controls v5
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Whats new in was liberty security and cloud readiness
Whats new in was liberty security and cloud readinessWhats new in was liberty security and cloud readiness
Whats new in was liberty security and cloud readiness
 

Más de Kenneth Peeples

Data Virtualization Primer -
Data Virtualization Primer -Data Virtualization Primer -
Data Virtualization Primer -Kenneth Peeples
 
Data Virtualization Primer - Introduction
Data Virtualization Primer - IntroductionData Virtualization Primer - Introduction
Data Virtualization Primer - IntroductionKenneth Peeples
 
Connect to the IoT with a lightweight protocol MQTT
Connect to the IoT with a lightweight protocol MQTTConnect to the IoT with a lightweight protocol MQTT
Connect to the IoT with a lightweight protocol MQTTKenneth Peeples
 
Maximize information exchange in your enterprise with AMQP
Maximize information exchange in your enterprise with AMQPMaximize information exchange in your enterprise with AMQP
Maximize information exchange in your enterprise with AMQPKenneth Peeples
 
Integration intervention: Get your apps and data up to speed
Integration intervention: Get your apps and data up to speedIntegration intervention: Get your apps and data up to speed
Integration intervention: Get your apps and data up to speedKenneth Peeples
 
Big data insights with Red Hat JBoss Data Virtualization
Big data insights with Red Hat JBoss Data VirtualizationBig data insights with Red Hat JBoss Data Virtualization
Big data insights with Red Hat JBoss Data VirtualizationKenneth Peeples
 
Understanding and Using Client JBoss A-MQ APIs
Understanding and Using Client JBoss A-MQ APIsUnderstanding and Using Client JBoss A-MQ APIs
Understanding and Using Client JBoss A-MQ APIsKenneth Peeples
 
Using Red Hat JBoss Fuse on OpenShift
Using Red Hat JBoss Fuse on OpenShiftUsing Red Hat JBoss Fuse on OpenShift
Using Red Hat JBoss Fuse on OpenShiftKenneth Peeples
 
Service Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service WorksService Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service WorksKenneth Peeples
 
Big Data and Data Virtualization
Big Data and Data VirtualizationBig Data and Data Virtualization
Big Data and Data VirtualizationKenneth Peeples
 
Simplify your integrations with Apache Camel
Simplify your integrations with Apache CamelSimplify your integrations with Apache Camel
Simplify your integrations with Apache CamelKenneth Peeples
 
Fuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMPFuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMPKenneth Peeples
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Kenneth Peeples
 
Sap webinar-briefing-sep-2013-final
Sap webinar-briefing-sep-2013-finalSap webinar-briefing-sep-2013-final
Sap webinar-briefing-sep-2013-finalKenneth Peeples
 

Más de Kenneth Peeples (19)

dvprimer-architecture
dvprimer-architecturedvprimer-architecture
dvprimer-architecture
 
dvprimer-concepts
dvprimer-conceptsdvprimer-concepts
dvprimer-concepts
 
Data Virtualization Primer -
Data Virtualization Primer -Data Virtualization Primer -
Data Virtualization Primer -
 
Data Virtualization Primer - Introduction
Data Virtualization Primer - IntroductionData Virtualization Primer - Introduction
Data Virtualization Primer - Introduction
 
Connect to the IoT with a lightweight protocol MQTT
Connect to the IoT with a lightweight protocol MQTTConnect to the IoT with a lightweight protocol MQTT
Connect to the IoT with a lightweight protocol MQTT
 
Maximize information exchange in your enterprise with AMQP
Maximize information exchange in your enterprise with AMQPMaximize information exchange in your enterprise with AMQP
Maximize information exchange in your enterprise with AMQP
 
Integration intervention: Get your apps and data up to speed
Integration intervention: Get your apps and data up to speedIntegration intervention: Get your apps and data up to speed
Integration intervention: Get your apps and data up to speed
 
Big data insights with Red Hat JBoss Data Virtualization
Big data insights with Red Hat JBoss Data VirtualizationBig data insights with Red Hat JBoss Data Virtualization
Big data insights with Red Hat JBoss Data Virtualization
 
Understanding and Using Client JBoss A-MQ APIs
Understanding and Using Client JBoss A-MQ APIsUnderstanding and Using Client JBoss A-MQ APIs
Understanding and Using Client JBoss A-MQ APIs
 
Using Red Hat JBoss Fuse on OpenShift
Using Red Hat JBoss Fuse on OpenShiftUsing Red Hat JBoss Fuse on OpenShift
Using Red Hat JBoss Fuse on OpenShift
 
Service Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service WorksService Lifecycle Management with Fuse Service Works
Service Lifecycle Management with Fuse Service Works
 
SOA Summit 2014
SOA Summit 2014SOA Summit 2014
SOA Summit 2014
 
Big Data and Data Virtualization
Big Data and Data VirtualizationBig Data and Data Virtualization
Big Data and Data Virtualization
 
Simplify your integrations with Apache Camel
Simplify your integrations with Apache CamelSimplify your integrations with Apache Camel
Simplify your integrations with Apache Camel
 
Fuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMPFuse Service Works Design Time Governance and S-RAMP
Fuse Service Works Design Time Governance and S-RAMP
 
JDV Big Data Webinar v2
JDV Big Data Webinar v2JDV Big Data Webinar v2
JDV Big Data Webinar v2
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
Sap webinar-briefing-sep-2013-final
Sap webinar-briefing-sep-2013-finalSap webinar-briefing-sep-2013-final
Sap webinar-briefing-sep-2013-final
 
Bitmoney Demonstration
Bitmoney DemonstrationBitmoney Demonstration
Bitmoney Demonstration
 

Último

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Último (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Apache Camel Middleware Security

  • 1. CamelOne 2013 1 Apache Karaf, ActiveMQ, Camel and CXF Security Kenny Peeples JBoss Technology Evangelist, Red Hat
  • 2. 2 CamelOne 2013 CamelOne Session Overview Middleware Security for Apache CXF, Camel, ActiveMQ and Karaf as well as others continue to be an ongoing concern especially around Authentication,Authorization, Data at Rest and Data in Transit.The session will include a presentation and demonstrations of implementing Authentication (AuthN) and Authorization (AuthZ) as well as other security topics.
  • 3. 3 CamelOne 2013 CamelOne Speaker Bio Kenneth has spent the last 7 years, with the last 3 being with Red Hat, working as a Consultant for the government for the Department of Defense, Department of Homeland Security and Intelligence Community. He designed, built and lead multiple projects including the Enterprise Security Federation Framework (ESF2), Information Assured Android Device (IA2D) and JBoss SCAP Content. During this time he has worked with Open Source Software with a focus on Red Hat and JBoss Products and Information Assurance. He also received his Security+ and Computer Hacking Forensic Investigator (CHFI) certifications. Kenneth works in the Red Hat Middleware Product Business Unit as a JBoss Technology Evangelist with a focus on Fuse, SOA and EDS products. Kenneth's Social Media Links Website: http://people.redhat.com/kpeeples Blogger: http://www.ossmentor.com
  • 5. 5 CamelOne 2013 CamelOne Middleware Security Concepts • Authentication • Authorization • Auditing • Encryption
  • 6. 6 CamelOne 2013 CamelOne 2-way SSL Mutual authentication or two-way authentication
  • 7. 7 CamelOne 2013 CamelOne Password Masking When securing a container or its components it is undesirable to use plain text passwords in configuration files. One way to avoid this problem is to use encrypted property placeholders when ever possible.This is done in Fuse with the Java Simplified Encryption. • http://www.jasypt.org/ • http://activemq.apache.org/encrypted-passwords.html • https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Secu rity_Guide/files/ESBSecurityEncryptProperties.html
  • 8. 8 CamelOne 2013 CamelOne What is JAAS? The Java Authentication and Authorization Service (JAAS) can be used for two purposes: • for authentication of users, to reliably and securely determine who is currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet; and • for authorization of users to ensure they have the access control rights (permissions) required to do the actions performed. http://docs.oracle.com/javase/7/docs/technotes/guides/secur ity/jaas/JAASRefGuide.html
  • 9. 9 CamelOne 2013 CamelOne Apache ActiveMQ Security SSL/TLS security Apache ActiveMQ supports the use of SSL/TLS to secure client- to-broker and broker-to-broker connections, where the underlying SSL/TLS implementation is provided by the Java Secure Socket Extension (JSSE). JAAS security Apache ActiveMQ also supports JAAS security, which typically requires clients to log on to the broker by providing username and password credentials. https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/ 6.0/html/Security_Guide/files/Arch-Architecture-ActiveMQ.html
  • 10. 10 CamelOne 2013 CamelOne Apache ActiveMQ Security (Continued) To enable JAAS security in a broker, you install one of the supported JAAS plug-ins. Each of the JAAS plug-ins supports a different kind of credentials or implements a somewhat different login procedure. The following JAAS plug-ins are currently supported by Apache ActiveMQ: • jaasAuthenticationPlugin • jaasCertificateAuthenticationPlugin • JaasDulAuthenticationPlugin
  • 11. 11 CamelOne 2013 CamelOne Apache ActiveMQ Security (Continued) Apache ActiveMQ provides a number of different JAAS login module implementations, which are used to define JAAS realms.The following JAAS login modules are currently implemented by Apache ActiveMQ: • PropertiesLoginModule • LDAPLoginModule • GuestLoginModule • TextFileCertificateLoginModule
  • 12. 12 CamelOne 2013 CamelOne Apache Camel Security Camel offers several forms & levels of security capabilities that can be utilized on camel routes.These various forms of security may be used in conjunction with each other or separately. The broad categories offered are • Route Security • Payload Security • Endpoint Security • Configuration Security http://camel.apache.org/security.html
  • 13. 13 CamelOne 2013 CamelOne Apache Camel Security (Continued) This figure shows an overview of the basic options for securely routing messages between Apache Camel endpoints. https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Security_Guide/files/Arch -Architecture-Camel.html
  • 14. 14 CamelOne 2013 CamelOne Apache Camel Security (Continued) As shown in the figure above, you have the following options for securing messages: Endpoint security—part (a) shows a message sent between two routes with secure endpoints. Payload security—part (b) shows a message sent between two routes where the endpoints are both insecure.
  • 15. 15 CamelOne 2013 CamelOne Apache Camel Security (Continued) Some of the Camel components that currently support security are, as follows: • JMS and ActiveMQ—SSL/TLS security and JAAS security for client-to-broker and broker-to-broker communication. • Jetty—HTTP Basic Authentication and SSL/TLS security. • CXF—SSL/TLS security andWS-Security. • Crypto—creates and verifies digital signatures in order to guarantee message integrity. • Netty—SSL/TLS security. • MINA—SSL/TLS security. • Cometd—SSL/TLS security. • glogin and gauth—authorization in the context of Google applications.
  • 16. 16 CamelOne 2013 CamelOne Apache Camel Security (Continued) Apache Camel provides the following payload security implementations, where the encryption and decryption steps are exposed as data formats on the marshal() and unmarshal() operations • XMLSecurity data format For more details, see http://camel.apache.org/xmlsecurity- dataformat.html. • Crypto data format For more details, see http://camel.apache.org/crypto.html
  • 17. 17 CamelOne 2013 CamelOne Apache Camel Security Example In order to explain how to secure a Camel CXF endpoint in OSGi, the tutorial below builds on an example available from the standalone distribution of Apache Camel, the Camel CXF proxy demonstration. The figure below gives an overview of how this demonstration works. https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Security_Guide/files/Cam elCXF-ProxyDemo.html
  • 18. 18 CamelOne 2013 CamelOne Karaf (OSGi) Container Security JAAS realms - Red Hat JBoss Fuse supports a special mechanism for defining JAAS login modules (in either a Spring or a blueprint file) karaf realm - The OSGi container has a predefined JAAS realm, the karaf realm. Red Hat JBoss Fuse uses the karaf realm to provide authentication for remote administration of the OSGi runtime, for the Web Console, and for JMX management. Console port - You can administer the OSGi container remotely either by connecting to the console port with a Karaf client or using the Karaf ssh:ssh command. JMX port - You can manage the OSGi container by connecting to the JMX port. The JMX port is also secured by a JAAS login feature that connects to the karaf realm. Application bundles and JAAS security - Any application bundles that you deploy into the OSGi container can access the container's JAAS realms. https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Se curity_Guide/files/Arch-Architecture-Camel.html .
  • 19. 19 CamelOne 2013 CamelOne Karaf Security Example This tutorial below explains how to set up an X.500 directory server and configure the OSGi container to use LDAP authentication. • install Apache Directory Server and Apache Directory Studio • add user entries into the LDAP server • add a group to manage security role • configure Red Hat JBoss Fuse to use LDAP authentication • configure JBoss Fuse to use roles for authorization • configure an instance of Apache ActiveMQ to use LDAP authentication • configure SSL/TLS connections to the LDAP server https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Security _Guide/files/ESBLDAPTutorialOverview.html
  • 20. 20 CamelOne 2013 CamelOne Apache CXF Security Securing CXF Services • Secure Transports • WS-* Security • WS-Trust, STS • SAML Web SSO • Oauth • Authentication with JAASLoginInterceptor and Kerberos • Authorization • Large Data Stream Caching http://cxf.apache.org/docs/security.html
  • 21. 21 CamelOne 2013 CamelOne Apache CXF Example An example of Apache CXF security is the same as the Camel Security example above https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/ht ml/Security_Guide/files/CamelCXF.html
  • 22. 22 CamelOne 2013 CamelOne Picketlink • IDM: Provide an object model for managing Identities (Users/Groups/Roles) and associated behavior using different identity store backends like LDAP and RDBMS. • Federated Identity: Support SAMLv2,WS-Trust and OpenID. • XACML: Oasis XACMLv2 implementation. • Negotiation: Provide SPNego/Kerberos based Desktop SSO. For latest information, please refer to http://www.picketlink.org
  • 23. 23 CamelOne 2013 CamelOne Picketlink - OASIS OASIS (Organization for the Advancement of Structured Information Standards) is a non-profit consortium that drives the development, convergence and adoption of open standards for the global information society. https://www.oasis-open.org/
  • 24. 24 CamelOne 2013 CamelOne Picketlink - SAML Security Assertion Markup Language (SAML) is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. https://www.oasis-open.org/committees/tc_home.ph p?wg_abbrev=security
  • 25. 25 CamelOne 2013 CamelOne Picketlink - Fed The following features are provided by the Fed component of PicketLink: • Federated Authentication and SSO using Oasis SAML v2.0. • Trusted Security System using a SecurityToken Server (STS) in an heterogeneous environment, using Oasis WS-Trust. • Decentralized user driven Identity support via OpenID.
  • 26. 26 CamelOne 2013 CamelOne Picketlink - XACML eXtensible Access Control Markup Language (XACML) is the standard that defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate authorization requests according to the rules defined in policies. https://www.oasis-open.org/committees/tc_home.p hp?wg_abbrev=xacml
  • 27. 27 CamelOne 2013 CamelOne Picketlink - XACML The following features are provided by the XACML component of PicketLink: • Oasis XACML v2.0 library • JAXB v2.0 based object model • Multiple Database Integration for storing/retrieving XACML Policies and Attributes • SAML v2.0 Profile of XACML v2.0 • RBAC Profile of XACML v2.0 • WSDL based SOAP PDP Service • Servlet that accepts SOAP/SAML/XACML Payload
  • 29. 29 CamelOne 2013 CamelOne Access Control Best Practices1. Know that you will need access control/authorization – spend time on it 2. Externalize the access control policy processing – do not hard code 3. Understand the difference between coarse grained and fine grained authorization – spend time during intitial design 4. Design for coarse grained authorization but keep the design flexible for fine grained authorization – loosely couple access control 5. Know the difference between Access Control Lists and Access Control standards – ACLS usually proprietary and not interoperable 6.Adopt Rule Based Access Control : view Access Control as Rules and Attributes – spend time on designing the rules and attributes 7.Adopt REST Style Architecture when your situation demands scale and thus REST authorization standards - Oauth or REST profile of XACML 8. Understand the difference between Enforcement versus Entitlement model – yes/no or what http://anil-identity.blogspot.com/
  • 30. 30 CamelOne 2013 CamelOne Picketlink Security Picketlink and Fuse Integration • Camel - Route Security PicketLink provided Camel Route Policy Security Interceptor • ActiveMQ PicketLink provided Security Classes
  • 31. 31 CamelOne 2013 CamelOne Spring Security The camel-spring-security component provides role- based authorization for Camel routes. It leverages the authentication and user services provided by Spring Security and adds a declarative, role-based policy system to control whether a route can be executed by a given principal. http://camel.apache.org/spring-security.html
  • 32. 32 CamelOne 2013 CamelOne Spring Security The camel-spring-security component provides role- based authorization for Camel routes. It leverages the authentication and user services provided by Spring Security and adds a declarative, role-based policy system to control whether a route can be executed by a given principal. http://camel.apache.org/spring-security.html
  • 33. 33 CamelOne 2013 CamelOne Shiro Security Apache Shiro is a security framework that handles authentication, authorization, enterprise session management and cryptography. The camel shiro-security component allows authentication and authorization support to be applied to different segments of a camel route. Shiro security is applied on a route using a Camel Policy. Security Examples on the security page: • Applying Shiro Authentication on a Camel Route • Applying Shiro Authorization on a Camel Route • Creating a ShiroSecurityToken and injecting it into a Message Exchange • Sending Messages to routes secured by a ShiroSecurityPolicy http://camel.apache.org/shiro-security.html
  • 34. 34 CamelOne 2013 CamelOne Demonstrations • Web Console Security • ActiveMQ Broker, Producer, Consumer with SSL and JBDS