This documentation is for WSO2 Enterprise Service Bus version 4.9.0 . View documentation for the latest release.

All docs This doc
Skip to end of metadata
Go to start of metadata

Introduction

This sample demonstrates how you can route messages that arrive to a proxy service without processing the MustUnderstand headers.

In this sample the proxy service will receive a secure message with the MustUnderstand header. Since the element enableSec is not present in the proxy configuration, the ESB will not engage Apache Rampart on this proxy service. It is expected that a MustUnderstand failure exception should occur at the AxisEngine before the message reaches the ESB, but here since the ESB handles this message and gets it in by setting all the headers that are MustUnderstand and not processed to the processed state, this will enable the ESB to route the messages without processing the security headers.

Prerequisites

Building the sample

The XML configuration for this sample is as follows: 

<definitions xmlns="http://ws.apache.org/ns/synapse">
    <proxy name="StockQuoteProxy">
        <target>
            <inSequence>
		      <property name="preserveProcessedHeaders" value="true"/>
                <send>
                    <endpoint>
                        <address uri="http://localhost:9000/services/SecureStockQuoteService"/>
                    </endpoint>
                </send>
            </inSequence>
            <outSequence>
                <send/>
            </outSequence>
        </target>
        <publishWSDL uri="file:repository/samples/resources/proxy/sample_proxy_1.wsdl"/>
    </proxy>
</definitions>

This configuration file  synapse_sample_153.xml is available in the <ESB_HOME>/repository/samples directory.

To build the sample

  1. Start the ESB with the sample 153 configuration. For instructions on starting a sample ESB configuration, see Starting the ESB with a sample configuration.

    The operation log keeps running until the server starts, which usually takes several seconds. Wait until the server has fully booted up and displays a message similar to "WSO2 Carbon started in n seconds."

  2. Start the Axis2 server. For instructions on starting the Axis2 server, see Starting the Axis2 server.

  3. Deploy the back-end service  SecureStockQuoteService. For instructions on deploying sample back-end services, see Deploying sample back-end services.

 

Note

When you run this sample, the bouncyCastle jar file that is used for encryption does not load into the axis2 client. This is due to an issue with the axis2Client shipped with ESB 4.8.1. Therefore, before running the client, you need to copy the bcprov-jdk15.jar file from the <ESB_HOME>/repository/axis2/client/lib directory to the <ESB_HOME>/repository/components/plugins directory.

 

Executing the sample

The sample client used here is the Stock Quote Client, which can operate in several modes. For further details on this sample client and its operation modes, see Stock Quote Client.

To execute the sample client

  • Run the following command from the <ESB_HOME>/samples/axis2Client directory. 

    ant stockquote -Dtrpurl=http://localhost:8280/services/StockQuoteProxy -Dpolicy=./../../repository/samples/resources/policy/client_policy_3.xml

    This sends a stock quote request to the proxy service and also signs and encrypts the request by specifying the client side security policy.

Analyzing the output

By analyzing the debug log output or the TCPMon output, you will see that the request received by the proxy service is signed and encrypted.

You can look up the WSDL of the proxy service by requesting the URL http://localhost:8280/services/StockQuoteProxy?wsdl , in order to confirm that the security policy attachments are not available and that security is not engaged.

When sending the message to the backend service, you can verify that the security headers were present as in the original message to the ESB from the client, and that the response received does use WS-Security and forwards the message back to the client without any modification. Since the message inside the ESB is signed and encrypted and can only be forwarded to a secure service, you will see that this is not a security loophole.

  • No labels