Applying Security to a Proxy Service
The steps below demonstrate how you can apply security to a proxy service via WSO2 Integration Studio.
Prerequisites
- Install WSO2 Integration Studio.
- Click this link to download the sample proxy service (StockQuoteProxy.xml). We will use this proxy service to apply security.
Step 1: Creating a registry resource project
First, create a registry resource project. We will use this project to store the security policy (which is a registry resource).
Open WSO2 Integration Studio and click Miscelleneous → Create New Registry Project in the Getting Started tab as shown below.
- Enter a name for the project and click Next.
- Enter the Maven information about the project and click Finish.
- The new project will be listed in the project explorer.
Step 2: Creating the security policy file
Follow the instructions given below to create a WS-Policy resource in your registry project. This will be your security policy file.
- Right-click the registry resource project in the left navigation panel, click New, and then click Registry Resource. This will open the New Registry Resource window.
- Select the From existing template option as shown below and click Next.
- Enter a resource name and select the WS-Policy template along with the preferred registry path.
- Click Finish. The policy file is now listed in the project explorer as shown below
Double-click the policy file to open the file. Note that you get a Design View and Source View of the policy.
Let's use the Design View to enable the required security scenario. For example, enable the Sign and Encyrpt security scenario as shown below.
Click the icon next to the scenario to get details of the scenario.
You can provide also provide encryption properties, signature properties, and advanced rampart configurations as shown below.
Specifying role-based access?
For certain scenarios, you can specify user roles. After you select the scenario, scroll to the right to see the User Roles button.
Either define the user roles inline or retrieve the user roles from the server.
By default, the role names are not case sensitive. If you want to make them case sensitive, add the following property under the <AuthorizationManager>
configuration in the user-mgt.xml
file:
<Property name= "CaseSensitiveAuthorizationRules"> true </Property>
Step 3: Add a proxy service
You can either create a new proxy service, or import an already created proxy service to your workspace.
Follow the steps given below.
- Right-click the ESB Solution project in the navigator and go to New → Proxy Service to open the New Proxy Service dialog.
Let's import the proxy service you downloaded previously. Click Import Poxy Service and Next. Enter values for the following fields:
Alternatively, you can create a new proxy service.
Proxy Service Configuration File Browse for the proxy service file that you downloaded previously. Save in The file you import should be saved in an ESB project in your Tooling workspace. To create a new ESB project:
- Click Create New ESB Project.
- Select New ESB Config Project.
- Enter a project name. For example, enter 'ESB_Project' as the project name.
- Click Finish. The new ESB_Project is added to the Save in field.
- Click Finish. You will now see a new ESB_Project folder (with the proxy service) in your project explorer.
Step 4: Add the security policy to the proxy service
You can now apply the security policy to the proxy service. Follow the steps given below.
- Double-click the proxy service on the project explorer to open the file and click on the service on design view.
- In the Properties tab shown below and tick on Security Enabled property.
- Select the Browse icon for the Service Policies field. In the dialog box that opens, create a new record and click the Browse icon to open the Resource Key dialog as shown below.
- Click workspace, to add the security policy from the current workspace. You can select the path to the
sample_policy.
xml file that you created in the previous steps. - Save the proxy service file.
Step 5: Deploying the artifacts in the ESB server
Once you have added the security policy to your proxy service as explained in the previous topics, you need to create a Composite Application project with a CAR file. You can then deploy the CAR file in the ESB server:
- Right-click the Project Explorer and click New > Project.
- From the window that opens, click Composite Application Project.
Give a name to the Composite Application project and select the projects that you need to group into your C-App from the list of available projects. You need to select the ESB project and the registry resource project, which contains the proxy service and security policy file respectively.
- Next, deploy the CAR file in the ESB server.
Testing the service
Secured proxy services (not including user name token) cannot be tested using the management console. For this, we need to create a Soap UI project with the relevant security settings and then send the request to the hosted service.