This documentation is for WSO2 ESB version 4.5.1. View documentation for the latest release.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Objective: Connecting to endpoints with WS-Security for outgoing messages

<definitions xmlns="http://ws.apache.org/ns/synapse">
    <localEntry key="sec_policy" src="file:repository/samples/resources/policy/policy_3.xml"/>
    <in>
        <send>
            <endpoint name="secure">
                <address uri="http://localhost:9000/services/SecureStockQuoteService">
                    <enableSec policy="sec_policy"/>
                    <enableAddressing/>
                </address>
            </endpoint>
        </send>
    </in>
    <out>
        <header name="wsse:Security" action="remove"
                xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
        <send/>
    </out>
</definitions>

Prerequisites:

  • Start the Synapse configuration numbered 100: i.e. wso2esb-samples.sh -sn 100
  • Start the Axis2 server and deploy the SecureStockQuoteService if not already done.
  • You may also need to download and install the unlimited strength policy files for your JDK before using Apache Rampart (e.g. seehttp://java.sun.com/javase/downloads/index_jdk5.jsp)

Use the stock quote client to send a request without WS-Security. ESB is configured to enable WS-Security as per the policy specified by 'policy_3.xml' for the outgoing messages to the SecureStockQuoteService endpoint hosted on the Axis2 instance. The debug log messages on ESB shows the encrypted message flowing to the service and the encrypted response being received by ESB. The wsse:Security header is then removed from the decrypted message and the response is delivered back to the client, as expected. You may execute the client as follows:

ant stockquote -Dtrpurl=http://localhost:8280/

The message sent by ESB to the secure service can be seen as follows, when TCPMon is used.

POST http://localhost:9001/services/SecureStockQuoteService HTTP/1.1
Host: 127.0.0.1
SOAPAction: urn:getQuote
Content-Type: text/xml; charset=UTF-8
Transfer-Encoding: chunked
Connection: Keep-Alive
User-Agent: Synapse-HttpComponents-NIO

800
<?xml version='1.0' encoding='UTF-8'?>
   <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsa="http://www.w3.org/2005/08/addressing" ..>
      <soapenv:Header>
         <wsse:Security ..>
            <wsu:Timestamp ..>
               ...
            </wsu:Timestamp>
            <xenc:EncryptedKey..>
               ...
            </xenc:EncryptedKey>
            <wsse:BinarySecurityToken ...>
               <ds:SignedInfo>
               ...
               </ds:SignedInfo>
               <ds:SignatureValue>
               ...
               </ds:SignatureValue>
               <ds:KeyInfo Id="KeyId-29551621">
                  ...
               </ds:KeyInfo>
            </ds:Signature>
         </wsse:Security>
         <wsa:To>http://localhost:9001/services/SecureStockQuoteService</wsa:To>
         <wsa:MessageID>urn:uuid:1C4CE88B8A1A9C09D91177500753443</wsa:MessageID>
         <wsa:Action>urn:getQuote</wsa:Action>
      </soapenv:Header>
      <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-3789605">
         <xenc:EncryptedData Id="EncDataId-3789605" Type="http://www.w3.org/2001/04/xmlenc#Content">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
            <xenc:CipherData>
                <xenc:CipherValue>Layg0xQcnH....6UKm5nKU6Qqr</xenc:CipherValue>
            </xenc:CipherData>
         </xenc:EncryptedData>
      </soapenv:Body>
   </soapenv:Envelope>0


  • No labels