Skip to main content

Securing Web Services with WSO2 ESB - Securing a proxy service with basic authentication (Username Token)

Web Services Security, or to be more precise, SOAP message security, identifies and provides solutions for general computer security threats as well as threats unique to Web services.
WSO2 Carbon supports WS Security, WS-Policy and WS-Security Policy specifications. These specifications define a behavioral model for Web services. A requirement for one Web service may not be valid for another. Thus, defining service-specific requirements might be necessary.
The WSO2 SOA platform provides important security features to your service. By default the security features are disabled.
Securing a proxy service with basic authentication (Username Token)
Pre-requisites – Download the latest stable release of WSO2 ESB from here.
Step 1 – Start WSO2 ESB server
Step 2 – Create a Proxy Service. (We will use the Echo service shipped with WSO2 ESB here)
<proxy xmlns=”http://ws.apache.org/ns/synapse&#8221; name=”PoxSecurityProxy” transports=”https” statistics=”disable” trace=”disable” startOnLoad=”true”>
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
</endpoint>
</target>
</proxy>
Step 3 – Once the proxy service is deployed, access the dashboard and click on the created proxy service and apply security scenario 1 (UsernameToken) as below.
1






 Enable security by clicking the Security option
2





3




Select the Username Token security option
4






Click next button and go to the next step.
Step 4 – Select the user group(ex:admin) which you expect to be given permission to access the Proxy service and click Finish button.
5







Step 5 – Once security is applied to the service, access the dashboard and you will see only the HTTPS endpoint available as below.
Step 6 – Now you can access this web service with the following curl command.
You will get the response from the echo service as “Chanaka”
Labels:

Comments

  1. UnknownNovember 13, 2018 at 2:46 AM

    Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updating mulesoft online training Hyderabad

    ReplyDelete

Post a Comment

Popular posts from this blog

WSO2 ESB tuning performance with threads

I have written several blog posts explaining the internal behavior of the ESB and the threads created inside ESB. With this post, I am talking about the effect of threads in the WSO2 ESB and how to tune up threads for optimal performance. You can refer [1] and [2] to understand the threads created within the ESB. [1] http://soatutorials.blogspot.com/2015/05/understanding-threads-created-in-wso2.html [2] http://wso2.com/library/articles/2012/03/importance-performance-wso2-esb-handles-nonobvious/ Within this blog post, I am discussing about the "worker threads" which are used for processing the data within the WSO2 ESB. There are 2 types of worker threads created when you start sending the requests to the server 1) Server Worker/Client Worker Threads 2) Mediator Worker (Synapse-Worker) Threads Server Worker/Client Worker Threads These set of threads will be used to process all the requests/responses coming to the ESB server. ServerWorker Threads will be used to pr
4 comments
Read more

How puppet works in your IT infrstructure

What is Puppet? Puppet is IT automation software that helps system administrators manage infrastructure throughout its lifecycle, from provisioning and configuration to orchestration and reporting. Using Puppet, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change, scaling from 10s of servers to 1000s, on-premise or in the cloud. How the puppet works? It works like this..Puppet agent is a daemon that runs on all the client servers(the servers where you require some configuration, or the servers which are going to be managed using puppet.) All the clients which are to be managed will have puppet agent installed on them, and are called nodes in puppet. Puppet Master: This machine contains all the configuration for different hosts. Puppet master will run as a daemon on this master server. Puppet Agent: This is the daemon that will run on all the servers, which are to be managed using p
7 comments
Read more

How to configure timeouts in WSO2 ESB to get rid of client timeout errors

WSO2 ESB has defined some configuration parameters which controls the timeout of a particular request which is going out of ESB. In a particular  scneario, your client sends a request to ESB, and then ESB sends a request to another endpoint to serve the request. CLIENT->WSO2 ESB->BACKEND The reason for clients getting timeout is that ESB timeout is larger than client's timeout. This can be solved by either increasing the timeout at client side or by decreasing the timeout in ESB side. In any of the case, you can control the timeout in ESB using the below properties. 1) Global timeout defined in synapse.properties (ESB_HOME\repository\conf\) file. This will decide the maximum time that a callback is waiting in the ESB for a response for a particular request. If ESB does not get any response from Back End, it will drop the message and clears out the call back. This is a global level parameter which affects all the endpoints configured in ESB. synapse.global_timeout_inte
3 comments
Read more