Pre-requisites
Download WSO2 ESB 4.8.0 from here. Extract it to a folder of your choice and start the server.
Download the StockPurchasingService.aar from here and deploy it in a application server of your choice.
Testing out the scenario
When the message sent from the client is secured and the backend service is not, you need to ensure that the security headers are removed from the message before it is being sent from ESB to the backend. By using the header mediator as below, we can remove the security headers.
Deploy the following proxy service in WSO2 ESB. <?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="secClientNonSecService"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
name="wsse:Security"
action="remove"/>
</inSequence>
<outSequence>
<send/>
</outSequence>
<endpoint>
<address uri="http://localhost:9773/services/PuchasingService"/>
</endpoint>
</target>
<publishWSDL uri="http://localhost:9773/services/PuchasingService?wsdl"/>
</proxy>
We will test our scenario with security scenario 2 (Non-repudiation). Once the above proxy service is deployed, apply security scenario 2 from the wizard. View the ?wsdl of the proxy service and verify whether the relevant policy is attached to the proxy service.
Step 2
Create a Java project from your favourite IDE and place the SecurityClient.java & client.properties files in the below structure.
.
└── src
├── client.properties
└── SecurityClient.java
clientRepo clientKey securityPolicyLocation - trustStore
Step 3
Invoke the SecurityClient.java code and you will get the expected response message as below.
Result :1000
Scenario No :2
Result :
No comments:
Post a Comment