Skip to main content

Securing Web Services with WSO2 ESB - Securing a proxy service with basic authentication (Username Token)

Web Services Security, or to be more precise, SOAP message security, identifies and provides solutions for general computer security threats as well as threats unique to Web services.
WSO2 Carbon supports WS Security, WS-Policy and WS-Security Policy specifications. These specifications define a behavioral model for Web services. A requirement for one Web service may not be valid for another. Thus, defining service-specific requirements might be necessary.
The WSO2 SOA platform provides important security features to your service. By default the security features are disabled.
Securing a proxy service with basic authentication (Username Token)
Pre-requisites – Download the latest stable release of WSO2 ESB from here.
Step 1 – Start WSO2 ESB server
Step 2 – Create a Proxy Service. (We will use the Echo service shipped with WSO2 ESB here)
<proxy xmlns=”http://ws.apache.org/ns/synapse&#8221; name=”PoxSecurityProxy” transports=”https” statistics=”disable” trace=”disable” startOnLoad=”true”>
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
</endpoint>
</target>
</proxy>
Step 3 – Once the proxy service is deployed, access the dashboard and click on the created proxy service and apply security scenario 1 (UsernameToken) as below.
1






 Enable security by clicking the Security option
2





3




Select the Username Token security option
4






Click next button and go to the next step.
Step 4 – Select the user group(ex:admin) which you expect to be given permission to access the Proxy service and click Finish button.
5







Step 5 – Once security is applied to the service, access the dashboard and you will see only the HTTPS endpoint available as below.
Step 6 – Now you can access this web service with the following curl command.
You will get the response from the echo service as “Chanaka”
Labels:

Comments

  1. UnknownNovember 13, 2018 at 2:46 AM

    Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updating mulesoft online training Hyderabad

    ReplyDelete

Post a Comment

Popular posts from this blog

How to setup an WSO2 API manager distributed setup with a clustered gateway with WSO2 ELB

In this blog post I am going to describe about how to configure a WSO2 API Manager in a distributed setup with a clustered gateway with WSO2 ELB and the WSO2 G-REG for a distributed deployment in your production environment. Before continuing with this post, you need to download the above mentioned products from the WSO2 website. WSO2 APIM - http://wso2.com/products/api-manager/ WSO2 ELB - http://wso2.com/products/elastic-load-balancer/ Understanding the API Manager architecture API Manager uses the following four main components: Publisher Creates and publishes APIs Store Provides a user interface to search, select, and subscribe to APIs Key Manager Used for authentication, security, and key-related operations Gateway Responsible for securing, protecting, managing, and scaling API calls Here is the deployment diagram that we are going to configure. In this setup, you have 5 APIM nodes with 2 gateway...
2 comments
Read more

WSO2 ESB tuning performance with threads

I have written several blog posts explaining the internal behavior of the ESB and the threads created inside ESB. With this post, I am talking about the effect of threads in the WSO2 ESB and how to tune up threads for optimal performance. You can refer [1] and [2] to understand the threads created within the ESB. [1] http://soatutorials.blogspot.com/2015/05/understanding-threads-created-in-wso2.html [2] http://wso2.com/library/articles/2012/03/importance-performance-wso2-esb-handles-nonobvious/ Within this blog post, I am discussing about the "worker threads" which are used for processing the data within the WSO2 ESB. There are 2 types of worker threads created when you start sending the requests to the server 1) Server Worker/Client Worker Threads 2) Mediator Worker (Synapse-Worker) Threads Server Worker/Client Worker Threads These set of threads will be used to process all the requests/responses coming to the ESB server. ServerWorker Threads will be used to pr...
5 comments
Read more

Performance Tuning WSO2 ESB with a practical example

WSO2 ESB is arguably the highest performing open source ESB available in the industry. With the default settings, it will provide a really good performance OOTB. You can find the official performance tuning guide in the below link. https://docs.wso2.com/display/ESB481/Performance+Tuning Above document includes lot of parameters and how to change them for best performance. Even though it provides some recommended values for the performance tuning, that is not straightforward. The values you put in the configuration files will highly reliant on your use case. Idea of this blog post is to provide a practical example of tuning these parameters with a sample use case. For the performance testing, I am using a simple proxy service which iterate through set of xml elements and send request to a sample server and aggregate the responses back to the client. <?xml version="1.0" encoding="UTF-8"?> <proxy xmlns="http://ws.apache.org/ns/synapse"     ...
3 comments
Read more