You may want to secure a data service by requiring user authentication, encryption and the usage of signatures. This is facilitated in the WSO2 Data Services Server by applying security properties directly to the data service. This sample demonstrates how a service client is used to access a secured data service.
Building the sample
The sample data servic e
SecureDataService should be deployed using the instructions in Samples Setup section.
Securing the Data Service
Enable security for the data service SecureDataService . Select UsernameToken in the basic scenario. Here we are simply enabling username/password based authentication for the data service. Select everyone as the user group. For step-by-step instructions on service-level security setting, refer to .
Running the sample
The sample service can be run using the tool, which is bundled with the WSO2 Data Services Server, or a code-generated java client sample as discussed in the section.
This service contains a single query/operation named showAllOffices, which returns all the office branches in a company.
Secure service client
When using a service client to access a secured data service, it must follow special steps in creating a secured connection to the service. The following code snippet is taken from the Axis2 service client used to access our sample secure data service.
First, the client key store file path (CLIENT_JKS_PATH) is set as a Java system property. The next few lines are Axis2 specific code to initiate the Axis2 runtime and its security module, Rampart. You can see by the end the security policy path (SECURITY_POLICY_PATH) is given to be processed by Rampart. In the security policy, the runtime is notified that we are securing the service and using UsernameToken as the authentication method. After these steps are successfully carried out, we can use the service client to make secure service calls to our data service.
The command line application is used here to present the functionality of the secured data service. As shown in , run the command "ant secure_sample", to run the sample.
The above demonstration shows how a Java service client can be used in accessing a secured data service.