This documentation is for WSO2 Enterprise Service Bus version 4.9.0 . View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

This section describes how you can apply security to a proxy service via WSO2 Developer Studio. The following topics walk you through the the process of applying security to a proxy service by creating the proxy service in WSO2 Developer Studio, creating a security policy, and then deploying it in the server. 

Creating the proxy service in WSO2 Developer Studio

You can create a new proxy service or import an existing proxy service from an XML file, such as a Synapse Configuration file.

Creating a new proxy service

Follow the steps below to create a proxy service. Alternatively, you can import an existing proxy service.

  1. Open the Developer Studio Dashboard (click Developer Studio > Open Dashboard) and click Proxy Service in the Enterprise Service Bus area.
  2. Select Create a New Proxy Service and click Next.
  3. Type a unique name for the proxy service and specify the proxy type (see below).
  4. Do one of the following:
    • To save the proxy service in an existing ESB Config project in your workspace, click Browse and select that project.
    • To save the proxy service in a new ESB Config project, click Create new ESB Project and create the new project.
  5. If you specified a proxy type that requires that you enter the target endpoint (the endpoint that represents the actual service), do one of the following:
    • If you know the URL of the endpoint, select Enter URL and type it in the text box.
    • If you want to use an endpoint you've already defined in this workspace, select Predefined Endpoint and select it from the list.  
    • If you want to use an endpoint in the registry, select Pick from Registry, and then either type the endpoint's registry key or click Browse, click Registry, and navigate to the endpoint in the registry.
  6. Fill in the advanced configuration based on the proxy service type you specified:
    • Transformer Proxy: Transforms all the incoming requests using XSLT and then forwards them to a given target endpoint. Specify the target endpoint as described in the previous step, and then specify the location of the XSLT you want to use to transform requests, either by typing the path or by clicking Browse and navigating to the XSLT, which can be a file in the workspace or registry or can be a local entry. If you also want to transform the responses from the backend service, click Transform Responses.
    • Log Forward Proxy: Logs all the incoming requests and forwards them to a given endpoint. It can also log responses from the backend service before routing them to the client. Specify the log level for requests and responses, where Simple logs To, From, WSAction, SOAPAction, ReplyTo, MessageID, and any properties, and Full logs all attributes of the message plus the SOAP envelope information.
    • Pass Through Proxy: Forwards messages to the endpoint without performing any processing on them. This proxy service is useful as a catch-all, so that messages that do not meet the criteria to be handled by other proxy services are simply forwarded to the endpoint. When you select this proxy service type, you just specify the target endpoint as described in the previous step.
    • WSDL Based Proxy: A proxy service that is created from the remotely hosted WSDL of an existing web service. The endpoint information is extracted from the WSDL. In the URI field, enter the URL and URN of the WSDL. The URL defines the host address of the network resource (can be omitted if resources are not network homed), and the URN defines the resource name in local namespaces. For example, if the URL is ftp://ftp.dlink.ru and the URN is /pub/ADSL/, you would enter ftp://ftp.dlink.ru/pub/ADSL/ for the URI. To ensure that the URI is valid, click Test URI. You then enter the service name and port of the WSDL. Lastly, if you want to publish this WSDL, click Publish Same Service Contract.
    • Secure Proxy: Uses WS-Security to process incoming requests and forward them to an unsecured backend service. Specify the target endpoint as described in the previous step, and then specify the key of the security policy or click Browse and select it from the registry.
    • Custom Proxy: A custom proxy service in which you customize all the sequences, endpoints, transports, and other QoS settings by adding them to the mediation workflow after the proxy service is created.
  7. Click Finish. You will see that the proxy service is created in the src/main/synapse-config/proxy-service folder under the ESB Config Project you specified, and you will also see that the proxy service appears in the editor. Click the icon on the editor to view its properties.

Importing a proxy service

Follow these steps to import an existing proxy service from an XML file (such as a Synapse configuration file) into an ESB Config project, which is an alternative to creating a new proxy service.

  1. Open the Developer Studio Dashboard (click Developer Studio > Open Dashboard) and click Proxy Service in the Enterprise Service Bus area.
  2. Select Import Proxy Service and click Next.
  3. Specify the proxy service file by providing the full pathname or clicking Browse and navigating to the required file.
  4. In the Save Proxy Service In field, specify an existing ESB Config project in your workspace that you want to save the proxy service, or click Create new ESB Project to create a new ESB Config project and save the proxy service there.  
  5. If there are multiple proxy services in the file, select the proxy services you want to import from the Advanced Configuration section.
  6. Click Finish. You will see that the proxy services you selected are created in the src/main/synapse-config/proxy-service folder under the ESB Config project you specified, and you will also see that the first proxy service appears in the editor.

Creating the security policy

Follow the steps below to create a security policy to define the required security configurations.

  1. Open the Developer Studio Dashboard (click Developer Studio > Open Dashboard) and click Registry Resource Project.

    If you already have a Registry Resource Project created, follow the steps below to create a Registry Resource in it.

    • Right-click on the Registry Resource Project it in the left navigation panel and click New, and then select Registry Resource.
      create new registry resource
    • Select the From existing template option and click Next
      create from existing template
    • Continue from step 5 below.
  2. Enter a name for the project and click Next.
    enter details of the new project
  3. Enter the Maven information about the project and click Finish.
    enter maven information about the project 
  4. Right-click on the Registry Resource Project in the left navigation panel and click New, and then select Registry Resource.
    right click and create registry resource
  5. Enter a resource name and select the WS-Policy template along with the preferred registry path.
  6. Click Finish
  7. Open the created policy by double-clicking on the created policy file.
  8. The policy file opens in a multi page editor with a Security Form Editor as the design view and an XML editor as the source view.
    Design View

    Source View
  9. Enable security by specifying the required scenario in the Security Form Editor. Click the icon next to each scenario for more information.
  10. You can provide service information as private store and advanced configuration information as rampart configuration.
  11. For certain scenarios, you can specify user roles. After you select the scenario, scroll to the right to see the User Roles button. Alternatively, maximize the window. 
  12. Either define the user roles inline or retrieve the user roles from the server.
    Define Inline
    Get from the server

Applying security to a proxy service

Follow the steps below to apply security to a proxy service.

  1. Once you have configured the policy file, you can apply security for a proxy service by setting the Security Enabled property to true and pointing to the policy key under Service Policies in the proxy properties.
  2. Specify the policy path inline or browse from the registry or workspace. You can also create and point to a new resource.

By default, the role names are not case sensitive. If you want to make them case sensitive, add the following property under the <AuthorizationManager> configuration in the user-mgt.xml file:

<Property name="CaseSensitiveAuthorizationRules">true</Property>

Deploying the secured proxy service in WSO2 ESB

Create a Composite Application project including the secured proxy service and then create a CAR file to deploy in the WSO2 ESB server. For instructions on creating and deploying the Composite Application, see Creating and Deploying a Carbon Application.

If the security policy registry resource is deployed in WSO2 ESB, at the time of creating the Composite Application Project, ensure the server role selected for the registry resource in the Composite Application Project POM Editor is changed to EnterpriseServiceBus.



  • No labels