1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
Secure BigBank Demo
===================
This is a copy of the big-bank demo with modifications to demonstrate the use of policies to enforce
certain security aspects. We hope to evolve this further adding more flavours of security. Here
is an overview of how this copy of the big-bank demo differs from the original...
*) The AccountDataServiceComponent which used to return a customers savings, checkings and stock account
data has been replaced with three independent components for savings, checkings and stock accounts. These
components provide services related to obtaining a customer balance etc.
- Out of these three, the Checkings and Stock service components are bound to the big-bank
thro webservices while the Savings Account service component uses the SCA Binding.
- The Chekings Account webservice enforces authentication as a security reqiurement. Hence all
service requests between the bigbank and the Checkings Account service are authenticated
- Additionally the Checkings Account Implementation enforce authorization checks that ensure that
only the owner of accounts access their details.
- Here we demonstrate how the 'authenticated' user token credentials are passed from the CheckingsAccount
webservice over to the CheckingsAccount implementation for authorization checks.
*) The StockQuote webservice is adorned with 'integrity' i.e. all communications between the bigbank and
the StockQuote webservice and signed to ensure integrity of data exchanged. To honour this requirement the
StockQuote reference of the big-bank is also adorned with 'integrity' as a security requirement.
The overall picture is that when the Customer is requesting account details from the bigbank, the bigbank seeks
the services of the Savings, Checkings and Stock Account Components. In seeking the service of the Checkings
Account compoent the the big-bank compoent authenticates itself. The Checkings Account component further checks
if the athenticated user token passed by the bigbank is authorized to access the account in question. This is one
lap where security has been enforced. Another lap is when the bigbank component refers to the StockQuote webservice
to compute the stock value for a customer. Here all communications are signed to ensure integrity of data exchanged
between the bigbank and StockQuote webservice.
When you run this demo you will observe various console messages that reflect the enforcement of authentication
and authorization and integrity at varoius points of this application.
Bigbank - General Information
-----------------------------
The application is made of 3 modules that represent the different aspects
of a fictitious banking application. Please see bigbank.png in the secure-bigbank-account
directory for a diagram of this demo.
To run the secure-bigbank-account demo you need to first run secure-bigbank-calculator and
secure-bigbank-stockquote application. This will bring up Tuscany runtime and load the two
applications and make them available as services. Secure-bigbank-account is dependent on these
services.
This demo uses ant. This is just one way of running this demo.
Start secure-bigbank-calculator composite
-----------------------------------------
Secure-bigbank-calculator is a calculator application which handles add, subtract, multiply and
divide operations. Each of these operations is implemented in a different language,
including JavaScript, groovy, Ruby and Python.
To run the secure-bigbank-calculator composite and make it available as a service for this
demo do the following:
cd secure-bigbank-calculator
ant compile
ant run
.. Leave the server running
Note that 'ant compile' needs to be done the first time you run this demo out of the
binary distribution. No need to do 'ant compile' from there on.
Start secure-bigbank-stockquote
-------------------------------
A very simple web services based stock quote application which returns random
stock quotes on request. Please note that the stockquote service is not live and is
implemented instead to allow for this application to always run without dependency on the
availability of a webservice.
cd secure-bigbank-stockquote
ant compile
ant run
.. Leave the server running
Note that 'ant compile' needs to be done the first time you run this demo out of the
binary distribution. No need to do 'ant compile' from there on.
Start secure-bigbank-account
---------------------
Secure-bigbank-account is entry point to this application running on Tuscany.
Secure-bigbank-account composite calls into secure-bigbank-stockquote and
secure-bigbank-calculator services. Start secure-bigbank-account in the following way:
cd secure-bigbank-account
ant compile
ant run
.. Leave the server running
Note that 'ant compile' needs to be done the first time you run this demo out of the
binary distribution. No need to do 'ant compile' from there on.
Run the demo
-------------
The front end of this demo application is a web app which users Json/RPC to communicate
with the backend for retrieving account information.
To try the app out point you browser at:
http://localhost:8080/AccountJSON.html
This should display an interface with a single button that goes and retrieves
a single set of account details exercising services across the three running
SCA applications.
If you press on getAccountReport, you'll see a response posted, but the detail of the
data will be displayed in the screen where you started secure-bigbank-account.
Stop the demo
-------------
Go to each of the corresponding command line screens and hit 'enter'. This will stop each
of the applications.
|
