Monday, September 22, 2014

Expose secured backend service as a insecure service


Suppose we have a Secured Backend service, and from esb we want to access that. For this we may need to create the authentication headers. This can be done by using Header mediator, script mediator or class mediator (refer [1] http://sajithblogs.blogspot.com/2013/08/wso2-esb-adding-complex-soap-headers-to.html).  This blog (soasecurity[2] http://soasecurity.org/2014/03/25/how-to-esb-invoking-username-token-secured-backend-service/) describes how to do this via a class mediator. Another way to do this by using security policy in ESB. This is defined in the sagara's blog ([3] - http://ssagara.blogspot.com/2013/07/wso2-esb-set-ws-security-ut-user-names.html)



Here i'm going to describe a test setup for [3]

Implement a Secured backend using WSO2AS

Start wso2 AS

Create a role called aliceRole
Create a user called alice and password is "alicePW"
Assign alice to aliceRole

Secure the "Version" (service which comes by default in AS) by using management console.
Select yes in EnableSecurity dropdown
Select UsernameToken from Basic Scenarios and click next
Check on aliceRole (that we have created in previous step) and click finish.


ESB Configurations

Start ESB

Create a endpoint for the secured Version service in the AS

Create a proxy service that uses this endpoint
Create PasswordCallback handler
Refer the soasecurity blog ([4] http://soasecurity.org/2010/02/07/how-to-create-a-password-callback-class/)
Svn checkout https://svn.wso2.org/repos/wso2/people/asela/ws-security/password-callback/
Modify the logic as follows (since we need to add password set functionality for alice)

// Logic to get the password to build the username token
                if ("alice".equals(id)) {
                    pwcb.setPassword("alicePW");
                }
if ("bob".equals(id)) {
                    pwcb.setPassword("bobPW");
                }

Build using mvn clean install
Copy the output jar in to ESB/repository/components/lib

Add following policy to ESB registry (to gov:/repository/policy_1.xml)


 

    
        
            
                
                    
                        
                            
                        
                    
                    
                        
                            
                        
                    
                    
                        
                            
                        
                    
                    
                
            
            
                
                    
                
            

            
                alice
                org.wso2.samples.pwcb.PWCBHandler
Make the asEndpoint a secured endpoint
Goto endpoint view and select asEndpoint and click on edit,
Then under Advanced Options check on WS-Security and on Policy Key specify the path as gov:/repository/policy_1.xml (the path where we save the policy in registry)
Click on 'Save & Close'

Restart the ESB server (since we have put our jar in components/lib)

Try the versionProxy using ESBs tryit tool, If everything configured properly you should get the following response in tryit tool. 
 

   Application Server-5.2.1

References
[1] - http://sajithblogs.blogspot.com/2013/08/wso2-esb-adding-complex-soap-headers-to.html
[2] - http://soasecurity.org/2014/03/25/how-to-esb-invoking-username-token-secured-backend-service/
[3] - http://ssagara.blogspot.com/2013/07/wso2-esb-set-ws-security-ut-user-names.html
[4] - http://soasecurity.org/2010/02/07/how-to-create-a-password-callback-class/
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)