Security

Majordodo broker-to-broker and worker-to-broker communication can be secured by TLS.
With broker.ssl set to true a self signed certificate will be generated at every boot. You may change this behaviour using the properties in the broker.properties config file:

• **broker.ssl**: use TLS
  

• **broker.ssl.certificatefile**: PKCS8 private key file (PEM)
  

• **broker.ssl.certificatechainfile**: X.509 certificate chain file (PEM)
  

• **broker.ssl.certificatefilepassword**: the password for PKCS8 file
  

As default the system will ignore that a certificate is self signed and/or wrong.

Brokers/Workers authentication

Majordodo implement basic authentication between brokers and workers based on a shared secret. The shared secret is also used as password for bookeeper.

You may want to change it in production systems.

• **sharedSecred**: unique value (default to "dodo")
  

Clients authentication

Client authentication is applied only for the submission of new tasks. GET methods are not authenticated, POST methods (such as submitTask and submitTasks ) need authentication.

Client authentication is based on user permissions. There are only two type of users:

•  **Administrators** that can submit task for every user
  

•  **Simple Users** that can submit task only for themself
  

For stand alone usage only one authenticator is implemented, with administrator permissions.
You may want to change the default values in the broker.properties config file:

•  admin.username=admin
  

•  admin.password=password
  

Users of Embedded Mode can implement an AuthenticationManager that implements their own directory of users.