Skip to main content

Securing Web Services with WSO2 ESB - Securing a proxy service with basic authentication (Username Token)

Web Services Security, or to be more precise, SOAP message security, identifies and provides solutions for general computer security threats as well as threats unique to Web services.
WSO2 Carbon supports WS Security, WS-Policy and WS-Security Policy specifications. These specifications define a behavioral model for Web services. A requirement for one Web service may not be valid for another. Thus, defining service-specific requirements might be necessary.
The WSO2 SOA platform provides important security features to your service. By default the security features are disabled.
Securing a proxy service with basic authentication (Username Token)
Pre-requisites – Download the latest stable release of WSO2 ESB from here.
Step 1 – Start WSO2 ESB server
Step 2 – Create a Proxy Service. (We will use the Echo service shipped with WSO2 ESB here)
<proxy xmlns=”http://ws.apache.org/ns/synapse&#8221; name=”PoxSecurityProxy” transports=”https” statistics=”disable” trace=”disable” startOnLoad=”true”>
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
</endpoint>
</target>
</proxy>
Step 3 – Once the proxy service is deployed, access the dashboard and click on the created proxy service and apply security scenario 1 (UsernameToken) as below.
1






 Enable security by clicking the Security option
2





3




Select the Username Token security option
4






Click next button and go to the next step.
Step 4 – Select the user group(ex:admin) which you expect to be given permission to access the Proxy service and click Finish button.
5







Step 5 – Once security is applied to the service, access the dashboard and you will see only the HTTPS endpoint available as below.
Step 6 – Now you can access this web service with the following curl command.
You will get the response from the echo service as “Chanaka”
Labels:

Comments

  1. UnknownNovember 13, 2018 at 2:46 AM

    Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updating mulesoft online training Hyderabad

    ReplyDelete

Post a Comment

Popular posts from this blog

Understanding Threads created in WSO2 ESB

WSO2 ESB is an asynchronous high performing messaging engine which uses Java NIO technology for its internal implementations. You can find more information about the implementation details about the WSO2 ESB’s high performing http transport known as Pass-Through Transport (PTT) from the links given below. [1] http://soatutorials.blogspot.com/2015/05/understanding-wso2-esb-pass-through.html [2] http://wso2.com/library/articles/2013/12/demystifying-wso2-esb-pass-through-transport-part-i/ From this tutorial, I am going to discuss about various threads created when you start the ESB and start processing requests with that. This would help you to troubleshoot critical ESB server issues with the usage of a thread dump. You can monitor the threads created by using a monitoring tool like Jconsole or java mission control (java 1.7.40 upwards). Given below is a list of important threads and their stack traces from an active ESB server.  PassThroughHTTPSSender ( 1 Thread )
2 comments
Read more

How to configure timeouts in WSO2 ESB to get rid of client timeout errors

WSO2 ESB has defined some configuration parameters which controls the timeout of a particular request which is going out of ESB. In a particular  scneario, your client sends a request to ESB, and then ESB sends a request to another endpoint to serve the request. CLIENT->WSO2 ESB->BACKEND The reason for clients getting timeout is that ESB timeout is larger than client's timeout. This can be solved by either increasing the timeout at client side or by decreasing the timeout in ESB side. In any of the case, you can control the timeout in ESB using the below properties. 1) Global timeout defined in synapse.properties (ESB_HOME\repository\conf\) file. This will decide the maximum time that a callback is waiting in the ESB for a response for a particular request. If ESB does not get any response from Back End, it will drop the message and clears out the call back. This is a global level parameter which affects all the endpoints configured in ESB. synapse.global_timeout_inte
1 comment
Read more

WSO2 ESB tuning performance with threads

I have written several blog posts explaining the internal behavior of the ESB and the threads created inside ESB. With this post, I am talking about the effect of threads in the WSO2 ESB and how to tune up threads for optimal performance. You can refer [1] and [2] to understand the threads created within the ESB. [1] http://soatutorials.blogspot.com/2015/05/understanding-threads-created-in-wso2.html [2] http://wso2.com/library/articles/2012/03/importance-performance-wso2-esb-handles-nonobvious/ Within this blog post, I am discussing about the "worker threads" which are used for processing the data within the WSO2 ESB. There are 2 types of worker threads created when you start sending the requests to the server 1) Server Worker/Client Worker Threads 2) Mediator Worker (Synapse-Worker) Threads Server Worker/Client Worker Threads These set of threads will be used to process all the requests/responses coming to the ESB server. ServerWorker Threads will be used to pr
3 comments
Read more