WSO2 ESB安全代理端点
[英]WSO2 ESB Secured Proxy Endpoint
问题描述
I use the ESB with many different proxies. 
我将ESB与许多不同的代理一起使用。
One of them is sending the messages to other proxy endpoints. 其中之一是将消息发送到其他代理端点。 All the proxies are in the ESB. 所有代理都在ESB中。
At the moment those Endpoint Proxies are not secured. 目前,这些Endpoint Proxies尚未得到保护。 I like to use scenario1 as security for them. 我喜欢使用scenario1作为它们的安全性。 But how can I send the message to those Endpoints. 但是我如何将消息发送到那些端点。 That means: How can I add a security header with username and password in my proxy configuration so that I can authenticate may be with user "admin" and password "admin"? 这意味着:如何在代理配置中添加带有用户名和密码的安全标头,以便可以使用用户“ admin”和密码“ admin”进行身份验证?
4 个解决方案
解决方案1
4 2013-08-20 20:06:47
As I understand, you need to secure the proxy and forward it to an unsecured back-end service. 据我了解,您需要保护代理并将其转发到不安全的后端服务。
For this, you can try following steps from the WSO2 ESB Management Console. 为此,您可以尝试从WSO2 ESB管理控制台执行以下步骤。 I tried this from WSO2 ESB 4.7.0 我在WSO2 ESB 4.7.0中尝试过
- Add a pass through proxy service . 添加直通代理服务 。
- View the proxy from Service Dashboard. 从服务仪表板查看代理。
- Click on "Security" for the service. 单击该服务的“安全性”。
- Select "Yes" for "Enable Security?" 为“启用安全性”选择“是”。
- Select "UsernameToken" and click Next. 选择“ UsernameToken”,然后单击“下一步”。 The Scenario 1 as you mentioned. 您提到的场景1。 This will be using WS-Security standard with Username Token. 这将使用带有用户名令牌的WS-Security标准。
- You can select "admin" group here and click on "Finish" 您可以在此处选择“管理员”组,然后单击“完成”
Now the security will be enabled for your service. 现在,将为您的服务启用安全性。
The proxy service now needs authentication and you can use "admin" user now. 代理服务现在需要身份验证,您现在可以使用“ admin”用户。 (Or any user you have added). (或您添加的任何用户)。
If you are using a Java client, it might be easier to use Axis2 with Rampart module engaged. 如果使用Java客户端,则在启用Rampart模块的情况下使用Axis2可能会更容易。 There are many examples of this. 有很多这样的例子。
See following links. 请参阅以下链接。
http://blog.facilelogin.com/2008/11/security-policy-with-rampart.html (This has a simple client) http://blog.facilelogin.com/2008/11/security-policy-with-rampart.html (这有一个简单的客户端)
http://blog.thilinamb.com/2009/08/securing-web-service-with-username.html http://blog.thilinamb.com/2009/08/securing-web-service-with-username.html
I tested this using SoapUI. 我使用SoapUI对此进行了测试。 You can pass username and password from request properties. 您可以从请求属性中传递用户名和密码。
Your request will be similar to following. 您的请求将类似于以下内容。
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "POST /services/SimpleStockQuoteService.SimpleStockQuoteServiceHttpsSoap12Endpoint HTTP/1.1[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Accept-Encoding: gzip,deflate[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Content-Type: application/soap+xml;charset=UTF-8;action="urn:getQuote"[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Content-Length: 1195[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Host: isurup-ThinkPad-T530:8243[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "Connection: Keep-Alive[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "[\r][\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "<soap:Envelope xmlns:ser="http://services.samples" xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://services.samples/xsd">[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> " <soap:Header><wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Timestamp wsu:Id="TS-63"><wsu:Created>2013-08-20T19:45:32Z</wsu:Created><wsu:Expires>2013-08-20T21:08:52Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-62"><wsse:Username>admin</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">WG8iV7vik8QqZkzlaIabWg==</wsse:Nonce><wsu:Created>2013-08-20T19:45:32.861Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> " <soap:Body>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> " <ser:getQuote>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> " <ser:request>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> " <xsd:symbol>WSO2</xsd:symbol>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> " </ser:request>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> " </ser:getQuote>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> " </soap:Body>[\n]"
Wed Aug 21 01:15:32 IST 2013:DEBUG:>> "</soap:Envelope>"
Update If the back-end service is also secured, you can refer following blog post. 更新如果还保护了后端服务,则可以参考以下博客文章。
http://soasecurity.org/2012/11/05/how-to-invoke-secured-backend-service-using-wso2-esb/ http://soasecurity.org/2012/11/05/how-to-invoke-secured-backend-service-using-wso2-esb/
解决方案2
2 2013-10-28 09:54:44
In the calling proxy service you can configure a property as follows, 在呼叫代理服务中,您可以按如下方式配置属性,
<property name="Authorization"
expression="fn:concat('Basic ', base64Encode('admin:admin'))"
scope="transport"
type="STRING"/>
With this, the basicAuth header will be set, in the request to the called proxy service. 这样,将在对被调用代理服务的请求中设置basicAuth标头。 Hope this helps. 希望这可以帮助。
解决方案3
0 2013-08-21 07:36:42
In your scenario, you need to invoke a secured backend ( another proxy service) using a proxy service. 在您的方案中,您需要使用代理服务调用受保护的后端(另一个代理服务)。 To do this you will need to write security policies. 为此,您将需要编写安全策略。 Refer [1] blog post. 请参阅[1]博客文章。
[1] http://soasecurity.org/2012/11/05/how-to-invoke-secured-backend-service-using-wso2-esb/ [1] http://soasecurity.org/2012/11/05/how-to-invoke-secured-backend-service-using-wso2-esb/
解决方案4
0 2013-11-22 18:44:27
您可以简单地使用curl来调用安全的代理服务,如下所示。
curl -k --basic -u admin:admin https://localhost:8243/services/PoxSecurityProxy.POXSecurityProxyHttpsSoap11Endpoint/echoString?in=Chanaka
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.