Skip to main content

Securing Web Services with WSO2 ESB - Securing a proxy service with basic authentication (Username Token)

Web Services Security, or to be more precise, SOAP message security, identifies and provides solutions for general computer security threats as well as threats unique to Web services.
WSO2 Carbon supports WS Security, WS-Policy and WS-Security Policy specifications. These specifications define a behavioral model for Web services. A requirement for one Web service may not be valid for another. Thus, defining service-specific requirements might be necessary.
The WSO2 SOA platform provides important security features to your service. By default the security features are disabled.
Securing a proxy service with basic authentication (Username Token)
Pre-requisites – Download the latest stable release of WSO2 ESB from here.
Step 1 – Start WSO2 ESB server
Step 2 – Create a Proxy Service. (We will use the Echo service shipped with WSO2 ESB here)
<proxy xmlns=”http://ws.apache.org/ns/synapse&#8221; name=”PoxSecurityProxy” transports=”https” statistics=”disable” trace=”disable” startOnLoad=”true”>
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
</endpoint>
</target>
</proxy>
Step 3 – Once the proxy service is deployed, access the dashboard and click on the created proxy service and apply security scenario 1 (UsernameToken) as below.
1






 Enable security by clicking the Security option
2





3




Select the Username Token security option
4






Click next button and go to the next step.
Step 4 – Select the user group(ex:admin) which you expect to be given permission to access the Proxy service and click Finish button.
5







Step 5 – Once security is applied to the service, access the dashboard and you will see only the HTTPS endpoint available as below.
Step 6 – Now you can access this web service with the following curl command.
You will get the response from the echo service as “Chanaka”

Comments

  1. Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updating mulesoft online training Hyderabad

    ReplyDelete

Post a Comment

Popular posts from this blog

WSO2 ESB tuning performance with threads

I have written several blog posts explaining the internal behavior of the ESB and the threads created inside ESB. With this post, I am talking about the effect of threads in the WSO2 ESB and how to tune up threads for optimal performance. You can refer [1] and [2] to understand the threads created within the ESB. [1] http://soatutorials.blogspot.com/2015/05/understanding-threads-created-in-wso2.html [2] http://wso2.com/library/articles/2012/03/importance-performance-wso2-esb-handles-nonobvious/ Within this blog post, I am discussing about the "worker threads" which are used for processing the data within the WSO2 ESB. There are 2 types of worker threads created when you start sending the requests to the server 1) Server Worker/Client Worker Threads 2) Mediator Worker (Synapse-Worker) Threads Server Worker/Client Worker Threads These set of threads will be used to process all the requests/responses coming to the ESB server. ServerWorker Threads will be used to pr...

How puppet works in your IT infrstructure

What is Puppet? Puppet is IT automation software that helps system administrators manage infrastructure throughout its lifecycle, from provisioning and configuration to orchestration and reporting. Using Puppet, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change, scaling from 10s of servers to 1000s, on-premise or in the cloud. How the puppet works? It works like this..Puppet agent is a daemon that runs on all the client servers(the servers where you require some configuration, or the servers which are going to be managed using puppet.) All the clients which are to be managed will have puppet agent installed on them, and are called nodes in puppet. Puppet Master: This machine contains all the configuration for different hosts. Puppet master will run as a daemon on this master server. Puppet Agent: This is the daemon that will run on all the servers, which are to be managed using p...

Understanding Threads created in WSO2 ESB

WSO2 ESB is an asynchronous high performing messaging engine which uses Java NIO technology for its internal implementations. You can find more information about the implementation details about the WSO2 ESB’s high performing http transport known as Pass-Through Transport (PTT) from the links given below. [1] http://soatutorials.blogspot.com/2015/05/understanding-wso2-esb-pass-through.html [2] http://wso2.com/library/articles/2013/12/demystifying-wso2-esb-pass-through-transport-part-i/ From this tutorial, I am going to discuss about various threads created when you start the ESB and start processing requests with that. This would help you to troubleshoot critical ESB server issues with the usage of a thread dump. You can monitor the threads created by using a monitoring tool like Jconsole or java mission control (java 1.7.40 upwards). Given below is a list of important threads and their stack traces from an active ESB server.  PassThroughHTTPSSender ( 1 Thread ...