Announcement Announcement Module
Collapse
No announcement yet.
Security and Integration Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security and Integration

    I've been drawing up an architecture for that involves the use of Spring Integration as a services bus, and I've been asked to include a section on security.

    What are the best practices for securely sending and receiving messages? Should messages be encrypted if that is a concern? The message header would have routing information in it and I think it would be inefficient to encrypt the entire message, but the payload could be encrypted. I saw an article describing how to use Spring Security to validate the sender and receiver. Would that be a good security scheme, to encrypt messages and validate the sender and receiver?

    Thanks for any input.

    On a separate note, when is the new book Spring Integration in Action coming out? I've been holding out for this instead of buying Pro Spring Integration.

    Scott

  • #2
    Encrypting a payload is the functionality of the application. We don't provide anything for it.
    However, we do provide support for securing Message Channels http://static.springsource.org/sprin...ngle/#security

    As far as SI in Action I am sure Mark wil follow up

    Comment


    • #3
      Oleg,

      OK, that makes sense. I think my assumption was correct then, that if I am interested in preventing a snoop from reading a message I've sent, I have to encrypt the message. From an access control perspective, Spring Security integrates with SI to provide this simply enough.

      Thanks,
      Scott

      Comment


      • #4
        Scott,

        First, Spring Integration in Action is in the final review stage so it won't be long!

        Second, please create a JIRA issue for adding an encryption transformer. This has been on my mind for a while, but I don't think we have an issue open yet. We would most likely build upon Spring Security's "crypto" module: http://static.springsource.org/sprin...le.html#crypto

        Any chance you'd be interested in contributing?

        Regards,
        Mark

        Comment


        • #5
          Mark,

          Sure, I'll contribute. I've often thought about it as I am a frequent benefactor of Spring and other open source products. Point me in the right direction and I'll get started.

          Looking forward to that book.

          Scott

          Comment


          • #6
            Scott, the first step is to sign the contributor agreement here: https://support.springsource.com/spr...mmitter_signup

            Then, we simply rely on Pull Requests issued on the github repo.

            Thanks!
            -Mark

            Comment

            Working...
            X