Self-Managed Micro-Integration Security

You can secure your Micro-Integration by managing web endpoints, configuring user authentication and authorization, and setting up Transport Layer Security (TLS) as described in the following sections.

Exposed Management Web Endpoints

There are many endpoints that are automatically enabled for this Micro-Integration. For a comprehensive list, see Monitoring the Self-Managed Micro-Integration's State.

For early versions of some Micro-Integrations, only the health and  leaderelection management endpoints are enabled.

The health endpoint only returns the root status by default–basically there no health details provided.

To enable other management endpoints, see Spring Actuator Endpoints.

Authentication & Authorization

This release of the Micro-Integration only supports basic HTTP authentication.

By default, no users are created unless the operator configures them in their configuration file. The configuration parameters responsible for security are as follows:

solace:
  connector:
    security:
      enabled: true
      users:
      - name: user1
        password: pass
      - name: admin1
        password: admin
        roles:
        - admin

In the above example, we have created two users:

  • user1: Has access to perform GET (Read) requests.

  • admin1: Has access to perform GET and POST (Read & Write) requests.

To fully disable security and permit anyone to access the Micro-Integration’s web endpoints, operators can configure the solace.connector.security.enabled parameter to false.

While these properties can be defined in an application.yml file, we recommend that you use environment variables to set secret values.

The following example shows you how to define users using environment variables:

# Create user with no role (i.e., read-only)
SOLACE_CONNECTOR_SECURITY_USERS_0_NAME=user1
SOLACE_CONNECTOR_SECURITY_USERS_0_PASSWORD=pass
# Create user with admin role
SOLACE_CONNECTOR_SECURITY_USERS_1_NAME=admin1
SOLACE_CONNECTOR_SECURITY_USERS_1_PASSWORD=admin
SOLACE_CONNECTOR_SECURITY_USERS_1_ROLES_0=admin

In the above example, we have created two users:

  • user1 has access to perform GET (Read) requests.

  • admin1 has access to perform GET and POST (Read & Write) requests.

solace.connector.security.users is a list. When users are defined in multiple sources (different application.yml files, environment variables, and so on), overriding works by replacing the entire list. In other words, you must pick one place to define all your users, whether in a single application properties file or as environment variables. For more information, see Spring Boot - Merging Complex Types.

TLS

Transport Layer Security (TLS) is disabled by default.

To configure TLS, see Spring Boot - Configure SSL and TLS Setup in Spring.