Thursday, January 16, 2014

Accessing a non secured backend from a secured client with the help of WSO2 ESB

Assume that you have a backend that is not secured and you need to invoke this with a secured client. The below configuration is of a Proxy service which talks to a non secured backend. The client used to invoke this proxy service is secured. In this particular scenario, the Proxy service is secured.

Pre-requisites

Download WSO2 ESB 4.8.0 from here. Extract it to a folder of your choice and start the server.
Download the StockPurchasingService.aar from here and deploy it in a application server of your choice.

Testing out the scenario

When the message sent from the client is secured and the backend service is not, you need to ensure that the security headers are removed from the message before it is being sent from ESB to the backend. By using the header mediator as below, we can remove the security headers.




Step 1

Deploy the following proxy service in WSO2 ESB. <?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="secClientNonSecService"
       transports="https,http"
       statistics="disable"
       trace="disable"
       startOnLoad="true">
   <target>
      <inSequence>
         <header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                 name="wsse:Security"
                 action="remove"/>
      </inSequence>
      <outSequence>
         <send/>
      </outSequence>
      <endpoint>
         <address uri="http://localhost:9773/services/PuchasingService"/>
      </endpoint>
   </target>
   <publishWSDL uri="http://localhost:9773/services/PuchasingService?wsdl"/>
</proxy>

We will test our scenario with security scenario 2 (Non-repudiation). Once the above proxy service is deployed, apply security scenario 2 from the wizard.  View the ?wsdl of the proxy service and verify whether the relevant policy is attached to the proxy service.
 
One the security policy is applied, the complete proxy service configuration will look like what is available here.

Step 2

Create a Java project from your favourite IDE and place the SecurityClient.java & client.properties files in the below structure.

.
└── src
    ├── client.properties
    └── SecurityClient.java
 
Note: Download the resources.zip folder and extract the content to the src level. Then set the paths of following fields of the client.properties file accordingly.
  • clientRepo
  • clientKey
  • securityPolicyLocation
  • trustStore

Step 3

Invoke the SecurityClient.java code and you will get the expected response message as below.



Result :1000
Scenario No :2

Result : >ns:purchaseresponse xmlns:ns="http://service.purchasing.wso2.com"<>ns:return<1000>/ns:return<>/ns:purchaseresponse<

No comments: