Security Policy on Apache Dubbo

Class Check Mechanism

Mon, 01 Jan 0001 00:00:00 +0000

Feature Description

This mechanism ensures compatibility and security between service providers and consumers.

Use Cases

To prevent potential issues due to class version mismatches, incompatible method signatures, or missing classes.

Usage

Supported Versions Dubbo >= 3.1.6

Applicable Scope Currently, serialization checks support Hessian2, Fastjson2 serialization, and generic calls. Other serialization methods are not supported.

Check Modes

The check mode has three levels: STRICT, WARN, DISABLE. STRICT: Disallows deserialization of all classes not in the allowed serialization list (whitelist). WARN: Only disallows serialization of classes in the disallowed serialization list (blacklist) and logs a warning when deserializing classes not in the allowed serialization list (whitelist). DISABLE: No checks at all.

Permission Control

Mon, 01 Jan 0001 00:00:00 +0000

Feature Description

Control permissions in the registry through token verification to decide whether to issue a token to consumers, which can prevent consumers from bypassing the registry to access providers. Moreover, the authorization method can be flexibly changed through the registry without modifying or upgrading the provider.

Usage Scenarios

To a certain extent, achieve trusted authentication between the client and server, preventing any client from gaining access and reducing the risk of security issues.

TLS Support

Mon, 01 Jan 0001 00:00:00 +0000

Feature Description

The built-in Dubbo Netty Server and the newly introduced gRPC protocol provide TLS-based secure link transmission mechanisms.

TLS configuration has a unified entry point.

Use Cases

Users with encryption requirements for end-to-end links can use TLS.

Reference Use Case dubbo-samples-ssl

Usage

Provider Side

SslConfig sslConfig = new SslConfig();
sslConfig.setServerKeyCertChainPath("path to cert");
sslConfig.setServerPrivateKeyPath(args[1]);
// If mutual cert authentication is enabled
if (mutualTls) {
 sslConfig.setServerTrustCertCollectionPath(args[2]);
}

ProtocolConfig protocolConfig = new ProtocolConfig("dubbo/grpc");
protocolConfig.setSslEnabled(true);

If using the gRPC protocol, protocol negotiation will be used when enabling TLS, so a Provider supporting the ALPN mechanism must be used, with netty-tcnative recommended. See the gRPC Java community’s summary.

Service Authorization

Mon, 01 Jan 0001 00:00:00 +0000

Feature Description

Business scenarios that are sensitive to security, such as payment, may have limitations on anonymous calls. To enhance security, version 2.7.5 introduced an authentication and authorization mechanism based on the AK/SK model, along with an authorization service center. The main principle is that the consumer client generates the corresponding request signature using SK, request metadata, timestamp, parameters, etc., when requesting a service that requires authorization. This signature is carried to the other end via Dubbo’s Attachment mechanism for verification. Only after successful verification will business logic be processed. As shown in the figure below: