基于WSO2 ESB方法的安全性
[英]WSO2 ESB method based security
问题描述
Currently we have web-services built up so that everyone (with valid service account) can turn to their methods and request sensible information from our internal network through public web. 
当前,我们已经建立了Web服务,因此每个人(具有有效的服务帐户)都可以求助于他们的方法,并通过公共Web向我们的内部网络请求敏感信息。 How can we apply method based security for our web services so that the methods are protected? 我们如何为我们的Web服务应用基于方法的安全性,以便保护这些方法? Some of our web services contain up to 20 methods in them and they should be protected individually. 我们的某些Web服务中最多包含20种方法,因此应分别对其进行保护。
1 个解决方案
解决方案1
1 已采纳 2012-06-30 11:41:01
WSO2 ESB utilizes Apache Rampart as the web service security engine. WSO2 ESB将Apache Rampart用作Web服务安全引擎。 Rampart doesn't support method level security policies. Rampart不支持方法级别的安全策略。 Therefor you cannot define such a policy for a single service. 因此,您不能为单个服务定义这样的策略。 The possible approach is to create a proxy service at ESB for every method at the backend service. 可能的方法是在ESB处为后端服务处的每种方法创建代理服务。 Then you will ended up with 20 proxy services in the ESB for 20 methods in the backend service. 然后,您将在ESB中获得20种代理服务,以实现后端服务中的20种方法。 Now you can secure each proxy services with different security policies. 现在,您可以使用不同的安全策略来保护每个代理服务。 Then your 20 methods are protected individually at another layer. 然后,将您的20种方法分别保护在另一层。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.