CODEWITHSUNDEEP
securitywso2esbendpoint
muetze
muetze

Reputation: 161

WSO2 ESB Secured Proxy Endpoint

I use the ESB with many different proxies.

One of them is sending the messages to other proxy endpoints. All the proxies are in the ESB.

At the moment those Endpoint Proxies are not secured. I like to use scenario1 as security for them. But how can I send the message to those Endpoints. That means: How can I add a security header with username and password in my proxy configuration so that I can authenticate may be with user "admin" and password "admin"?

Upvotes: 2

Views: 2108

Answers (4)

Isuru Perera
Isuru Perera

Reputation: 1905

As I understand, you need to secure the proxy and forward it to an unsecured back-end service.

For this, you can try following steps from the WSO2 ESB Management Console. I tried this from WSO2 ESB 4.7.0

  1. Add a pass through proxy service.
  2. View the proxy from Service Dashboard.
  3. Click on "Security" for the service.
  4. Select "Yes" for "Enable Security?"
  5. Select "UsernameToken" and click Next. The Scenario 1 as you mentioned. This will be using WS-Security standard with Username Token.
  6. You can select "admin" group here and click on "Finish"

Now the security will be enabled for your service.

The proxy service now needs authentication and you can use "admin" user now. (Or any user you have added).

If you are using a Java client, it might be easier to use Axis2 with Rampart module engaged. There are many examples of this.

See following links.

http://blog.facilelogin.com/2008/11/security-policy-with-rampart.html (This has a simple client)

http://blog.thilinamb.com/2009/08/securing-web-service-with-username.html

I tested this using SoapUI. You can pass username and password from request properties.

SoapUI Request Properties

Your request will be similar to following.

Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "POST /services/SimpleStockQuoteService.SimpleStockQuoteServiceHttpsSoap12Endpoint HTTP/1.1[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Content-Type: application/soap+xml;charset=UTF-8;action="urn:getQuote"[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Content-Length: 1195[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Host: isurup-ThinkPad-T530:8243[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Connection: Keep-Alive[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "<soap:Envelope xmlns:ser="http://services.samples" xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://services.samples/xsd">[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "   <soap:Header><wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Timestamp wsu:Id="TS-63"><wsu:Created>2013-08-20T19:45:32Z</wsu:Created><wsu:Expires>2013-08-20T21:08:52Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-62"><wsse:Username>admin</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">WG8iV7vik8QqZkzlaIabWg==</wsse:Nonce><wsu:Created>2013-08-20T19:45:32.861Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "   <soap:Body>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "      <ser:getQuote>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "         <ser:request>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "            <xsd:symbol>WSO2</xsd:symbol>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "         </ser:request>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "      </ser:getQuote>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "   </soap:Body>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "</soap:Envelope>"

Update If the back-end service is also secured, you can refer following blog post.

http://soasecurity.org/2012/11/05/how-to-invoke-secured-backend-service-using-wso2-esb/

Upvotes: 4

Hasitha Aravinda
Hasitha Aravinda

Reputation: 481

In your scenario, you need to invoke a secured backend ( another proxy service) using a proxy service. To do this you will need to write security policies. Refer [1] blog post.

[1] http://soasecurity.org/2012/11/05/how-to-invoke-secured-backend-service-using-wso2-esb/

Upvotes: 0

Chanaka udaya
Chanaka udaya

Reputation: 5316

You can simply use curl to invoke the secured proxy service like below.

curl -k --basic -u admin:admin https://localhost:8243/services/PoxSecurityProxy.POXSecurityProxyHttpsSoap11Endpoint/echoString?in=Chanaka

Upvotes: 0

Pushpalanka
Pushpalanka

Reputation: 877

In the calling proxy service you can configure a property as follows,

<property name="Authorization"
               expression="fn:concat('Basic ', base64Encode('admin:admin'))"
               scope="transport"
               type="STRING"/>

With this, the basicAuth header will be set, in the request to the called proxy service. Hope this helps.

Upvotes: 2

Related Questions