Wednesday, December 5, 2012

POX security with WSO2 ESB Proxy services

WSO2 ESB supports POX (Pure Old XML) security now. Let us see how we can test this with the latest version of WSO2 ESB .

Pre-requisites - Download the latest stable release of WSO2 ESB from here.

Step 1 - Start WSO2 ESB server

Step 2 - Create a Proxy Service. (We will use the Echo service shipped with WSO2 ESB here)


 <proxy xmlns="http://ws.apache.org/ns/synapse" name="PoxSecurityProxy" transports="https" statistics="disable" trace="disable" startOnLoad="true">
   <target>
      <outSequence>
         <send/>
      </outSequence>
      <endpoint>
         <address uri="http://localhost:8280/services/echo"/>
      </endpoint>
   </target>
   <publishWSDL uri="http://localhost:8280/services/echo?wsdl"/>
</proxy>



Step 3 - Once the proxy service is deployed, access the dashboard and apply security scenario 1 (UsernameToken)

Step 4 - Select the user group which you expect to be given permission to access the Proxy service


Step 5 - Once security is applied to the service, access the dashboard and you will see only the HTTPS endpoint available


Step 6 - Now let us access this Proxy service. There are two ways which you can access the service.

a) Through a preferred browser

b) By sending a curl command

Through a browser

Copy the above HTTPS Endpoint URL and paste it in the location bar and hit Enter.
https://localhost:8243/services/PoxSecurityProxy/echoString?in=Hi

It would prompt you to specify the user name and the password.
Provide admin as both and you should be given the correct response.

Using Curl
  curl -k --basic -u admin:admin https://localhost:8243/services/PoxSecurityProxy/echoString?in=Hi