Learning Spring Integration security and although I think I'm understanding how to lock down channels, make them secure and enforce authentication/authorization, that's only the "channel-side" integration. For instance:
@Bean
@GlobalChannelInterceptor(patterns = "secured*")
AuthorizationChannelInterceptor authorizationChannelInterceptor() {
return new AuthorizationChannelInterceptor(AuthorityAuthorizationManager.hasAnyRole("ADMIN", "PRESIDENT"));
}
That's wonderful! It locks the channel down so that the channel will only receives messages from users with the right permissions.
But what about the "client-side" (the sending side)?
Let's say I have the following code to create an IntegrationFlow that polls an FTP server every 5 seconds for some new file:
@Bean
public IntegrationFlow ftpInboundFlow() {
return IntegrationFlow
.from(Ftp.inboundAdapter(this.ftpSessionFactory)
.preserveTimestamp(true)
.remoteDirectory("foo")
.regexFilter(".*\\.txt$")
.localFilename(f -> f.toUpperCase() + ".a")
.localDirectory(new File("d:\\ftp_files")),
e -> e.id("ftpInboundAdapter")
.autoStartup(true)
.poller(Pollers.fixedDelay(5000)))
.handle(...)
.get();
}
Where does authentication take place? How does the file on the FTP server "authenticate" itself with the integration flow? What if a regular (non-admin) user places a file on that FTP server that should only be placed + executed by, say, an admin user? In other words: what user/principal is actually be evaluated for ADMIN/PRESIDENT roles here? When the files are read from the FTP server, what user is being used here, and how does that authentication work?
I think I'm fundamentally misunderstanding something...I just don't know what that is! Thanks for any help/clarification.
It does not work that way: you got an FTP dedicated user for your system and you use its credentials when you configure that ftpSessionFactory. This specific user is treated by the FTP server as a principal. It has nothing to do with roles and users in your system. And for better security boundaries it must not know about user service in your application. This is fully similar what you got when you connect to database: you use some connection URL and some user & password. What "ADMIN/PRESIDENT roles here" ?
"When the tables are read from the DB, what user is being used here, and how does that authentication work?"
You can initiate some artificial principal in your application for this polling operation. The point is that source polling channel adapters are initiated by your application scheduling system. There is just no any end-user to associate with principal in your security config.