Skip to main content

How to enable proxy service security in ESB 4.9.0?

Security is  one of the major concern when we developing API base integrations or application developments. WSO2 supports WS Security, WS-Policy and WS-Security Policy specifications. These specifications define a behavior model for web services. Proxy service security requirements are different from each others.
WSO2 ESB providing pre-define commonly used twenty security scenarios to choose based on the security requirements. This functionality is provided by the security management feature which is bundled by default in service management feature in ESB. This configuration can be done via the web console until ESB 4.8.1 release, but this has been removed from the ESB 4.9.0. Even though this feature isn't provided by the ESB web console itself same functionality can be achieved by the new WSO2 Dev Studio. WSO2 always motivate to use dev studio to prepare required artifacts to the ESB rather than the web console. Better way to explain this scenario is by example. Following example provides guides to the way you need to enable security for the proxy service in newly released ESB 4.9.0.
                                                                                                                                                                                
Note: Understanding the actual security requirement is the first step you need to follow before starting the implementation of the secure proxy service. In this example, I'm selecting basic auth as the security scenario.

1. As the first step, we need to create proxy service to secure. I'm going to create simple proxy service which front the SimpleStockQuate service.
  •  Create ESB config project from the Developer Studio dashboard. 
  • Create Proxy service which named SimpleProxy.

















2. We need to define security policy file to enable security for the proxy service. Registry resource project needs to create for storing policy file.

  • Create Registry resource artifact(SecurityPolicy - Resource type should be WS-Policy)
  • Select design view of the SecurityPolicy.xml file. You can see all pre-defined security scenarios listed in this view. In this example, I'm selecting UserNameToken scenario. Under this scenario, we need to select user rolls which allow to access the service. This option allow you to select rolls inline and select available rolls from the ESB.

3. Now we have both proxy service and security policy file. Next step is to enable security using defined policy file. Proxy service properties has separate section for the security. It contains two properties which required for enabling security.
  • Security Enabled – This property should be True for enabling security
  • Service Policy – You need to select defined security policy file as a value of this field.










4. Now Security configurations has been finished. Next step is to create CAR file to deploy into the ESB. We have two options to deploy artifacts into the EBS.
  • Export artifacts as a CAR file from Developer Studio and upload file to the ESB as a carbon application.
  • Configure ESB as a server inside the Developer Studio and deploy directly.












We are going to use first option in this example. Since we need to export both ESB config and registry project to the single car file, we need to add “Composite Application Project” to the Dev Studio and need to associate previous setup applications (ESB Config , Registry resource). You can export CAR file easily by selecting “Export Composite Application Project” option from the menu which pop up for the right click.


5. WO2 ESB providing very simple way to install car file by just select and upload way.
You can find this option(“Carbon Applications") in the bottom of the right-hand side menu.
When you click on the Service List menu you can see the deployed proxy service(“SimpleProxy”)
with enable security.











6. You can simple Test this proxy service by “Try this service” feature which provided by th ESB itself. You have to fill the userName and password fields before sending the request.













Likewise, you can try other predefined scenarios or your own security implementation with the custom policy.



Comments

Javi said…
Template WS-Policy doesn't exist in Developer Studio 3.7.1
You can use WSO2 Developer Studio 3.8 which is compatible with ESB 4.9.0 release to enable security in a proxy.
Nina Athena said…
Thank you for sharing your thoughts and knowledge on this topic. This is really helpful and informative, as this gave me more insight to create more ideas and solutions for my plan. I would love to see more updates from you.

Web Development

Popular posts from this blog

How to preserving HTTP headers in WSO2 ESB 4.9.0 ?

Preserving HTTP headers are important when executing backend services via applications/middleware. This is because most of the time certain important headers are removed or modified by the applications/middleware which run the communication. The previous version of our WSO2 ESB, version 4.8.1, only supported “ server ” and “ user agent ” header fields to preserve with, but with the new ESB 4.9.0, we’ve introduced a new new property ( http.headers.preserve ) for the passthru ( repository/conf/ passthru-http.properties ) and Nhttp( repository/conf/ nhttp.properties ) transporters to preserve more HTTP headers. Passthru transporter – support header fields               Location Keep-Alive Content-Length Content-Type Date Server User-Agent Host Nhttp transport – support headers Server User-Agent Date You can specify header fields which should be preserved in a comma-separated list, as shown below. http.headers.p...

How to write a Synapse Handler for the WSO2 ESB ?

Synapse handler is new feature which come with the ESB 4.9.0. It provide abstract handler implementation to the users. User can create their own concrete handlers which is executing in the synapse layer. Main intention of this blog post is to explain how to write synapse handler and explain basic theoretical background. 1. What is the handler? Handlers are basically talking with the chain of responsibility pattern. Chain of responsibility allows a number of classes to attempt to handle a request independently of any other object along the chain. Once the request is handled, it completes it's journey through the chain. The Handler defines the interface which required to handle the request and concreteHandlers handle request in a specific manner that they are responsible for. 2. What is Synapse handler? Synapse handler is providing abstract handle implementation which executes in the following four scenarios. 1. Request in flow This is exe...