Objective: Connecting to endpoints with WS-Security for outgoing messages
<definitions xmlns="http://ws.apache.org/ns/synapse"> <localEntry key="sec_policy" src="file:repository/samples/resources/policy/policy_3.xml"/> <in> <send> <endpoint name="secure"> <address uri="http://localhost:9000/services/SecureStockQuoteService"> <enableSec policy="sec_policy"/> <enableAddressing/> </address> </endpoint> </send> </in> <out> <header name="wsse:Security" action="remove" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/> <send/> </out> </definitions>
Prerequisites:
- Start the Synapse configuration numbered 100: i.e.
wso2esb-samples.sh -sn 100
- Start the Axis2 server and deploy the
SecureStockQuoteService
if not already done. - You may also need to download and install the unlimited strength policy files for your JDK before using Apache Rampart (e.g., see http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html).
Use the stock quote client to send a request without WS-Security. ESB is configured to enable WS-Security as per the policy specified by 'policy_3.xml' for the outgoing messages to the SecureStockQuoteService endpoint hosted on the Axis2 instance. The debug log messages on ESB shows the encrypted message flowing to the service and the encrypted response being received by ESB. The wsse:Security header is then removed from the decrypted message and the response is delivered back to the client, as expected. You may execute the client as follows:
ant stockquote -Dtrpurl=http://localhost:8280/
The message sent by ESB to the secure service can be seen as follows, when TCPMon is used.
POST http://localhost:9001/services/SecureStockQuoteService HTTP/1.1 Host: 127.0.0.1 SOAPAction: urn:getQuote Content-Type: text/xml; charset=UTF-8 Transfer-Encoding: chunked Connection: Keep-Alive User-Agent: Synapse-HttpComponents-NIO 800 <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsa="http://www.w3.org/2005/08/addressing" ..> <soapenv:Header> <wsse:Security ..> <wsu:Timestamp ..> ... </wsu:Timestamp> <xenc:EncryptedKey..> ... </xenc:EncryptedKey> <wsse:BinarySecurityToken ...> <ds:SignedInfo> ... </ds:SignedInfo> <ds:SignatureValue> ... </ds:SignatureValue> <ds:KeyInfo Id="KeyId-29551621"> ... </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To>http://localhost:9001/services/SecureStockQuoteService</wsa:To> <wsa:MessageID>urn:uuid:1C4CE88B8A1A9C09D91177500753443</wsa:MessageID> <wsa:Action>urn:getQuote</wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-3789605"> <xenc:EncryptedData Id="EncDataId-3789605" Type="http://www.w3.org/2001/04/xmlenc#Content"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> <xenc:CipherData> <xenc:CipherValue>Layg0xQcnH....6UKm5nKU6Qqr</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope>0