Then we do a simple mediation using WSSecBasicAuth mediator. What WSSecBasicAuth mediator does is
1.) extract the username/password from the Username token
2.) Set the the “Authorization” transport header using that username/password
3.) Remove the WS Security header from SOAP Message
and that's it.
So let's see how to do this using WSO2 ESB. First we need to define a proxy service that will have the WSSecBasicAuth mediator in in sequence. You can easily do this using WSO2 ESB web console.
First we define a new sequence with the WSSecBasicAuth mediator.
Then we define a new proxy service, using that sequence as the in sequence.
WSO2 ESB Documentation describes how to setup a proxy service in detail. Final configuration will look like this.
<syn:definitions xmlns:syn="http://ws.apache.org/ns/synapse">
...
<syn:proxy name="Version" startOnLoad="true">
<syn:target inSequence="WSSecBasicAuth">
<syn:endpoint>
<syn:address uri="http://127.0.0.1:9090/axis2/services/Version"/>
</syn:endpoint>
</syn:target>
</syn:proxy>
<syn:sequence name="WSSecBasicAuth">
<syn:class name="org.wso2.esb.mediators.WSSecBasicAuthMediator"/>
</syn:sequence>
...
</syn:definitions>
Final step would be to modify the WSDL of the original service to reflect the WS Security requirements. WSDL can be modified by simply attaching the following policy to the SOAP bindings of the WSDL.
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="username_token">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken/>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
An example of modified WSDL for the Axis2 version service can be found here.
Then we can attach the modified WSDL to the proxy service using the WSO2 WSB console.
Now we are all set. If we want to try this out using a Axis2 client, all we have to do is code generate against the proxy service. The security requirements will be automatically injected to the stub using the policies. So a client for the proxy service would look like this.
ConfigurationContext ctx = ConfigurationContextFactory
.createConfigurationContextFromFileSystem("client-repo");
VersionStub stub = new VersionStub(ctx);
ServiceClient sc = stub._getServiceClient();
sc.engageModule("rampart");
sc.getOptions().setUserName("nandana");
sc.getOptions().setPassword("nandana");
stub.getVersion();
Message from the client to proxy service
POST /soap/Version HTTP/1.1
Content-Type: application/soap+xml; charset=UTF-8; action="urn:getVersion"
User-Agent: Axis2
Host: 127.0.0.1:8280
Transfer-Encoding: chunked
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-6011238">
<wsse:Username>nandana</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">nandana</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body />
</soapenv:Envelope>
Message from from proxy service to the real service
POST http://127.0.0.1:9090/axis2/services/Version HTTP/1.1
Host: 127.0.0.1:9090
Authorization: Basic bmFuZGFuYTpuYW5kYW5h
Content-Type: application/soap+xml; charset=UTF-8; action="urn:getVersion"
Connection: Keep-Alive
User-Agent: Synapse-HttpComponents-NIO
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body />
</soapenv:Envelope>
Bookmark this post with:
0 comments:
Post a Comment