paf.goncalves
Reputation: 488
Secure web service in WSO2 Application Server 5.3.0
I'm trying to secure a axis2 web service in WSO2 Application Server 5.3.0 but the Unsecured/Secured link is disabled.
In version 5.0.0 i can click the Unsecured link in the services list or the Security link in the Service Dashboard > Quality of Service Configuration.
Do i need to install some feature/module to make security work in 5.3.0?
(the Quality of Service Configuration also doesn't appear in 5.3.0).
Upvotes: 0
Views: 317
Answers (2)
Thusitha Thilina Dayaratne
Reputation: 5712
QoS Features are been removed from all the carbon kernel 4.4.x based products. Therefore you have to use the wso2 Developer studio or manually edit the services.xml file as @Jorge mentioned in order to apply the security for your axis2 service.
Sample service.xml with username policy would be like below
<service name="echo">
<schema elementFormDefaultQualified="false"/>
<description>
This service echos the input provided to it.
</description>
<transports>
<transport>https</transport>
<transport>http</transport>
</transports>
<parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
<sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
<sec:Authorization>
<sec:property name="org.wso2.carbon.security.allowedroles">admin</sec:property>
</sec:Authorization>
</sec:CarbonSecConfig>
</wsp:Policy>
<module ref="rampart"/>
</service>
Upvotes: 0
Jorge Infante Osorio
Reputation: 2153
goncalvez. This config work for me, using WSO2 AS 5.3.0.
You need to go inside echo.aar/META-INF/service.xml and put this xml:
<service name="echo" serviceDocumentation="echo" exposedAllTransports="false" serviceDeployedTime="1386978405019" successfullyAdded="true" serviceActive="true" utEnabled="true">
<operation name="echoStringArrays">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<operation name="echoOMElement">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<operation name="echoInt">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<operation name="throwAxisFault">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<operation name="echoString">
<module name="addressing" version="4.4.1" type="engagedModules"/>
<module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
</operation>
<bindings>
<binding name="echoHttpBinding">
<operation name="echoStringArrays"/>
<operation name="echoOMElement"/>
<operation name="echoInt"/>
<operation name="throwAxisFault"/>
<operation name="echoString"/>
<policyUUID>UTOverTransport</policyUUID>
</binding>
<binding name="echoSoap11Binding">
<operation name="echoStringArrays"/>
<operation name="echoOMElement"/>
<operation name="echoInt"/>
<operation name="throwAxisFault"/>
<operation name="echoString"/>
<policyUUID>UTOverTransport</policyUUID>
</binding>
<binding name="echoSoap12Binding">
<operation name="echoStringArrays"/>
<operation name="echoOMElement"/>
<operation name="echoInt"/>
<operation name="throwAxisFault"/>
<operation name="echoString"/>
<policyUUID>UTOverTransport</policyUUID>
</binding>
</bindings>
<wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:AppliesTo>
<policy-subject identifier="binding:soap11"/>
<policy-subject identifier="binding:soap12"/>
</wsp:AppliesTo>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
<sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
<sec:Authorization>
<sec:property name="org.wso2.carbon.security.allowedroles">admin,sys-admin
</sec:property>
</sec:Authorization>
</sec:CarbonSecConfig>
</wsp:Policy>
</wsp:PolicyAttachment>
<transports>
<transport>https</transport>
</transports>
<parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
<module ref="rampart"/>
</service>
Upvotes: 0
Related Questions
- WSO2 Identity Server
- How to securing Axis2 WebService on WSO2 ESB 5.0.0?
- Securing Rest API in WSO2 ESB
- WSO2 Enterprise Store 1.0.0: security
- Spring boot Spring ws security for soap based web service
- Secure WSO2 AS with WSO2 IS
- Creating a secure SOAP service proxy with WSO2 API Manager
- Invoke Secured web service in wso2esb
- Invoking secured web services using wso2 esb
- Secured authentication in web service