This sample demonstrates how you can use WS-Security signing and encryption with proxy services through WS-Policy.
In this sample the proxy service expects to receive a signed and encrypted message as specified by the security policy. To understand the format of the policy file, have a look at the Apache Rampart and Axis2 documentation. The element
engageSec specifies that Apache Rampart should be engaged on this proxy service. Hence if Rampart rejects any request message that does not conform to the specified policy, that message will never reach the
inSequence in order to be processed. Since the proxy service is forwarding the received request to the simple stock quote service that does not use WS-Security, you are instructing the ESB to remove the wsse:Security header from the outgoing message.
- For a list of prerequisites, see Prerequisites to Start the ESB Samples.
- Download and install the unlimited strength policy files for your JDK before using Apache Rampart. To download the policy files, go to http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html.
Building the sample
The XML configuration for this sample is as follows:
This configuration file
synapse_sample_200.xml is available in the
To build the sample
Start the ESB with the sample 200 configuration. For instructions on starting a sample ESB configuration, see Starting the ESB with a sample configuration.
The operation log keeps running until the server starts, which usually takes several seconds. Wait until the server has fully booted up and displays a message similar to "WSO2 Carbon started in n seconds."
Start the Axis2 server. For instructions on starting the Axis2 server, see Starting the Axis2 server.
Deploy the back-end service
SimpleStockQuoteService. For instructions on deploying sample back-end services, see Deploying sample back-end services.
When you run this sample, the
bouncyCastle jar file that is used for encryption does not load into the axis2 client. This is due to an issue with the axis2Client shipped with ESB 4.8.1. Therefore, before running the client, you need to copy the
bcprov-jdk15.jar file from the
<ESB_HOME>/repository/axis2/client/lib directory to the
Executing the sample
The sample client used here is the Stock Quote Client, which can operate in several modes. For further details on this sample client and its operation modes, see Stock Quote Client.
To execute the sample client
Run the following command from the
This sends a stock quote request to the proxy service and also signs and encrypts the request by specifying the client side security policy.
Analyzing the output
By analyzing the debug log output or the TCPMon output, you will see that the request received by the proxy service is signed and encrypted.
You can look up the WSDL of the proxy service by requesting the URL http://localhost:8280/services/StockQuoteProxy?wsdl , in order to confirm the security policy attachment to the supplied base WSDL.
When sending the message to the backend service, you can verify that the security headers were removed and that the response received does not use WS-Security, but that the response being forwarded back to the client is signed and encrypted as expected by the client.