This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Objective: Connecting to endpoints with WS-Security for outgoing messages

<definitions xmlns="http://ws.apache.org/ns/synapse">
    <localEntry key="sec_policy" src="file:repository/samples/resources/policy/policy_3.xml"/>
    <in>
        <send>
            <endpoint name="secure">
                <address uri="http://localhost:9000/services/SecureStockQuoteService">
                    <enableSec policy="sec_policy"/>
                    <enableAddressing/>
                </address>
            </endpoint>
        </send>
    </in>
    <out>
        <header name="wsse:Security" action="remove"
                xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
        <send/>
    </out>
</definitions>

Prerequisites:

Use the stock quote client to send a request without WS-Security. ESB is configured to enable WS-Security as per the policy specified by 'policy_3.xml' for the outgoing messages to the SecureStockQuoteService endpoint hosted on the Axis2 instance. The debug log messages on ESB shows the encrypted message flowing to the service and the encrypted response being received by ESB. The wsse:Security header is then removed from the decrypted message and the response is delivered back to the client, as expected. You may execute the client as follows:

ant stockquote -Dtrpurl=http://localhost:8280/

The message sent by ESB to the secure service can be seen as follows, when TCPMon is used.

POST http://localhost:9001/services/SecureStockQuoteService HTTP/1.1
Host: 127.0.0.1
SOAPAction: urn:getQuote
Content-Type: text/xml; charset=UTF-8
Transfer-Encoding: chunked
Connection: Keep-Alive
User-Agent: Synapse-HttpComponents-NIO

800
<?xml version='1.0' encoding='UTF-8'?>
   <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsa="http://www.w3.org/2005/08/addressing" ..>
      <soapenv:Header>
         <wsse:Security ..>
            <wsu:Timestamp ..>
               ...
            </wsu:Timestamp>
            <xenc:EncryptedKey..>
               ...
            </xenc:EncryptedKey>
            <wsse:BinarySecurityToken ...>
               <ds:SignedInfo>
               ...
               </ds:SignedInfo>
               <ds:SignatureValue>
               ...
               </ds:SignatureValue>
               <ds:KeyInfo Id="KeyId-29551621">
                  ...
               </ds:KeyInfo>
            </ds:Signature>
         </wsse:Security>
         <wsa:To>http://localhost:9001/services/SecureStockQuoteService</wsa:To>
         <wsa:MessageID>urn:uuid:1C4CE88B8A1A9C09D91177500753443</wsa:MessageID>
         <wsa:Action>urn:getQuote</wsa:Action>
      </soapenv:Header>
      <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-3789605">
         <xenc:EncryptedData Id="EncDataId-3789605" Type="http://www.w3.org/2001/04/xmlenc#Content">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
            <xenc:CipherData>
                <xenc:CipherValue>Layg0xQcnH....6UKm5nKU6Qqr</xenc:CipherValue>
            </xenc:CipherData>
         </xenc:EncryptedData>
      </soapenv:Body>
   </soapenv:Envelope>0


  • No labels