Page Comparison

Objective: Connecting to endpoints with WS-Security for outgoing messages

Introduction

This sample demonstrates how you can use the ESB to connect to endpoints with WS-Security for outgoing messages.

In this sample the stock quote client sends a request without WS-Security. The ESB is configured to enable WS-Security as per the policy specified in the policy_3.xml file, for outgoing messages to the SecureStockQuoteService endpoint hosted on the Axis2 instance.

Prerequisites

• Download and install the unlimited strength policy files for your JDK before using Apache Rampart. To download the policy files,  go to  http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html.
• For a list of general prerequisites, see Prerequisites to Start the ESB Samples.

Building the sample

The XML configuration for this sample is as follows: 

<definitions xmlns="http://ws.apache.org/ns/synapse">
    <localEntry key="sec_policy" src="file:repository/samples/resources/policy/policy_3.xml"/>
    <sequence name="main">
        <in>
            <send>
                <endpoint name="secure">
                    <address uri="http://localhost:9000/services/SecureStockQuoteService">
                        <enableSec policy="sec_policy"/>
                        <enableAddressing/>
                    </address>
                </endpoint>
            </send>
        </in>
        <out>
            <header name="wsse:Security" action="remove"
                    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
            <send/>
        </out>
    </sequence>
</definitions>

Prerequisites:

• Start the Synapse configuration numbered 100: i.e. wso2esb-samples.sh -sn 100
• Start the Axis2 server and deploy the SecureStockQuoteService if not already done.
• You may also need to download and install the unlimited strength policy files for your JDK before using Apache Rampart (e.g., see http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html).

...

This configuration file  synapse_sample_100.xml is available in the <ESB_HOME>/repository/samples directory.

To build the sample

1. Start the ESB with the sample 100 configuration. For instructions on starting a sample ESB configuration, see Starting the ESB with a sample configuration.
   
   The operation log keeps running until the server starts, which usually takes several seconds. Wait until the server has fully booted up and displays a message similar to "WSO2 Carbon started in n seconds."

2. Start the Axis2 server. For instructions on starting the Axis2 server, see Starting the Axis2 server.

3. Deploy the back-end service  SecureStockQuoteService. For instructions on deploying sample back-end services, see Deploying sample back-end services.

Executing the sample

The sample client used here is the Stock Quote Client, which can operate in several modes. For further details on this sample client and its operation modes, see Stock Quote Client.

To execute the sample client

• Run the following command from the <ESB_HOME>/samples/axis2Client directory.

  Code Block
  language bash
  ant stockquote -Dtrpurl=http://localhost:8280/

Analyzing the output

When you analyze the debug log output on the ESB console, you will see the encrypted message flowing to the service and the encrypted response being received by the ESB. The You will also see that the wsse:Security header is then removed from the decrypted message and the response is delivered back to the client, as expected. You may execute the client as follows:

ant stockquote -Dtrpurl=http://localhost:8280/

The message sent by  

If you use TCPMon and send the message through it, you will see the message sent by the ESB to the secure service can be seen as follows, when TCPMon is used.:

POST http://localhost:9001/services/SecureStockQuoteService HTTP/1.1
Host: 127.0.0.1
SOAPAction: urn:getQuote
Content-Type: text/xml; charset=UTF-8
Transfer-Encoding: chunked
Connection: Keep-Alive
User-Agent: Synapse-HttpComponents-NIO

800
<?xml version='1.0' encoding='UTF-8'?>
   <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsa="http://www.w3.org/2005/08/addressing" ..>
      <soapenv:Header>
         <wsse:Security ..>
            <wsu:Timestamp ..>
               ...
            </wsu:Timestamp>
            <xenc:EncryptedKey..>
               ...
            </xenc:EncryptedKey>
            <wsse:BinarySecurityToken ...>
               <ds:SignedInfo>
               ...
               </ds:SignedInfo>
               <ds:SignatureValue>
               ...
               </ds:SignatureValue>
               <ds:KeyInfo Id="KeyId-29551621">
                  ...
               </ds:KeyInfo>
            </ds:Signature>
         </wsse:Security>
         <wsa:To>http://localhost:9001/services/SecureStockQuoteService</wsa:To>
         <wsa:MessageID>urn:uuid:1C4CE88B8A1A9C09D91177500753443</wsa:MessageID>
         <wsa:Action>urn:getQuote</wsa:Action>
      </soapenv:Header>
      <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-3789605">
         <xenc:EncryptedData Id="EncDataId-3789605" Type="http://www.w3.org/2001/04/xmlenc#Content">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
            <xenc:CipherData>
                <xenc:CipherValue>Layg0xQcnH....6UKm5nKU6Qqr</xenc:CipherValue>
            </xenc:CipherData>
         </xenc:EncryptedData>
      </soapenv:Body>
   </soapenv:Envelope>0

...