Objective: Routing the messages arrived to a Proxy Service without processing the
MustUnderstand headers (Security header).
- You may also need to download and install the unlimited strength policy files for your JDK before using Apache Rampart (e.g. see http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html)
- Start the Synapse configuration numbered 153: i.e.
wso2esb-samples.sh -sn 153
- Start the Axis2 server and deploy the
SecureStockQuoteServiceif not already done.
The Proxy Service will receive secure messages with security headers which are
MustUnderstand. But hence element "enableSec" is not present in the proxy configuration ESB will not engage that Apache Rampart on this Proxy Service. It is expected that an
MustUnderstand failure exception on the
AxisEngine would occur before the message arrives ESB. But ESB handles this message and gets it in by setting all the headers which are
MustUnderstand and not processed to processed state. This will enable ESB to route the messages without reading the Security headers (just routing the messages from client to service, both of which are secure). To execute the client, send a stock quote request to the Proxy Service, sign and encrypt the request by specifying the client side security policy as follows:
By following through the debug logs or TCPMon output you could see that the request received by the Proxy Service was signed and encrypted. Also looking up the WSDL of the Proxy Service by requesting the URL http://localhost:8280/services/StockQuoteProxy?wsdl reveals the security policy attachments are not there and security is not engaged. When sending the message to the backend service, you could verify that the security headers were there as in the original message to ESB from client and that the response received does use WS-Security, and forwarded back to the client without any modification. You should note that this won't be a security hole because the message inside ESB is signed and encrypted and can only be forwarded to a secure service to be useful.