Security is one of the major concern when we developing API base integrations or application developments. WSO2 supports WS Security, WS-Policy and WS-Security Policy specifications. These specifications define a behavior model for web services. Proxy service security requirements are different from each others.
WSO2 ESB providing pre-define commonly used twenty security scenarios to choose based on the security requirements. This functionality is provided by the security management feature which is bundled by default in service management feature in ESB. This configuration can be done via the web console until ESB 4.8.1 release, but this has been removed from the ESB 4.9.0. Even though this feature isn't provided by the ESB web console itself same functionality can be achieved by the new WSO2 Dev Studio. WSO2 always motivate to use dev studio to prepare required artifacts to the ESB rather than the web console. Better way to explain this scenario is by example. Following example provides guides to the way you need to enable security for the proxy service in newly released ESB 4.9.0.
Note: Understanding the actual security requirement is the first step you need to follow before starting the implementation of the secure proxy service. In this example, I'm selecting basic auth as the security scenario.
- Create ESB config project from the Developer Studio dashboard.
- Create Proxy service which named SimpleProxy.
2. We need to define security policy file to enable security for the proxy service. Registry resource project needs to create for storing policy file.
- Create Registry resource artifact(SecurityPolicy - Resource type should be WS-Policy)
- Select design view of the SecurityPolicy.xml file. You can see all pre-defined security scenarios listed in this view. In this example, I'm selecting UserNameToken scenario. Under this scenario, we need to select user rolls which allow to access the service. This option allow you to select rolls inline and select available rolls from the ESB.
3. Now we have both proxy service and security policy file. Next step is to enable security using defined policy file. Proxy service properties has separate section for the security. It contains two properties which required for enabling security.
- Security Enabled – This property should be True for enabling security
- Service Policy – You need to select defined security policy file as a value of this field.
4. Now Security configurations has been finished. Next step is to create CAR file to deploy into the ESB. We have two options to deploy artifacts into the EBS.
- Export artifacts as a CAR file from Developer Studio and upload file to the ESB as a carbon application.
- Configure ESB as a server inside the Developer Studio and deploy directly.
We are going to use first option in this example. Since we need to export both ESB config and registry project to the single car file, we need to add “Composite Application Project” to the Dev Studio and need to associate previous setup applications (ESB Config , Registry resource). You can export CAR file easily by selecting “Export Composite Application Project” option from the menu which pop up for the right click.
5. WO2 ESB providing very simple way to install car file by just select and upload way.
You can find this option(“Carbon Applications") in the bottom of the right-hand side menu.
When you click on the Service List menu you can see the deployed proxy service(“SimpleProxy”)
with enable security.
6. You can simple Test this proxy service by “Try this service” feature which provided by th ESB itself. You have to fill the userName and password fields before sending the request.
Likewise, you can try other predefined scenarios or your own security implementation with the custom policy.
Comments
Web Development