如何在WSO2 ESB 5.0.0上保护Axis2 WebService的安全?
[英]How to securing Axis2 WebService on WSO2 ESB 5.0.0?
问题描述
I'm new in WSO2 ESB 5.0.0 but I'm working on WSO2 ESB 4.7.0 for last few years. 
我是WSO2 ESB 5.0.0的新手,但最近几年我正在研究WSO2 ESB 4.7.0。 Does anyone know, how to secure Axis2 WebService on WSO2 ESB 5.0.0 ? 有谁知道如何在WSO2 ESB 5.0.0上保护Axis2 WebService的安全?
In documentation ( https://docs.wso2.com/display/ESB500/WSO2+Enterprise+Service+Bus+Documentation ) i finded only description for securing proxy services and it works for proxy. 在文档( https://docs.wso2.com/display/ESB500/WSO2+Enterprise+Service+Bus+Documentation )中,我仅找到了用于保护代理服务安全的描述,并且该描述适用于代理。
Problem is that in web console of WSB ESB 5.0.0 there is no posibility to secure service. 问题是,在WSB ESB 5.0.0的Web控制台中,无法保证服务的安全。 When I am deploying CAR archive with Axis2 Web Service, or AAR archive on WSO2 ESB 5.0.0 axis2 service deployed unsecured. 当我使用Axis2 Web Service部署CAR归档文件,或在WSO2 ESB 5.0.0上以不安全的方式部署AAR归档文件时,部署了Axis2服务。
In version 4.7.0 I can secure Axis2 WebService from web console, in 5.0.0 I can't do this. 在4.7.0版中,我可以从Web控制台保护Axis2 WebService的安全,而在5.0.0版中,我不能这样做。
For proxy services in 5.0.0 securing it is very simple: - create policy in registry - add two lines in proxy definition like : 对于5.0.0中的代理服务,确保安全非常简单:-在注册表中创建策略-在代理定义中添加两行,例如:
<enableSec/>
<policy key="gov:ws-policy/myPolicy.xml"/>*
How do this for axis2 webservice, adding lines like this in services.xml description of axis2 serwis doesn't work ? 对于axis2 web服务,如何在axis2 serwis的services.xml描述中添加这样的行不起作用? Any suggestions ? 有什么建议么 ?
thanks Jakub 谢谢雅库布
1 个解决方案
解决方案1
1 2016-10-16 17:04:02
As you noticed, applying security for services via the management console is not supported in ESB 5.0.0. 如您所见,ESB 5.0.0不支持通过管理控制台为服务应用安全性。 But you can enable security on the axis2 services by following below steps. 但是您可以按照以下步骤在axis2服务上启用安全性。
- Go to the services.xml file resides at /META-INF and add the policy configuration manually. 转到位于/ META-INF的services.xml文件,然后手动添加策略配置。 Please add the configuration inside the
<service>tag.请在<service>标签内添加配置。 (You can generate policy configuration using WSO2 Developer studio. Follow the steps in doc[1] and go to the source view to get the policy configuration)(您可以使用WSO2 Developer Studio生成策略配置。请遵循doc [1]中的步骤并转到源视图以获取策略配置) - Then add the rampart configuration tag after the policy configuration, Please add the rampart configuration inside the
<service>tag.然后在策略配置之后添加rampart配置标签。请在<service>标签内添加rampart配置。<module ref="rampart"/>
I'm attaching a sample services.xml for your reference. 我附上样本services.xml供您参考。
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<service name="echo">
<schema elementFormDefaultQualified="false" />
<description>This service echos the input provided to it.</description>
<transports>
<transport>https</transport>
<transport>http</transport>
</transports>
<parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false" />
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:user>wso2carbon</rampart:user>
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
<sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
<sec:Authorization>
<sec:property name="org.wso2.carbon.security.allowedroles">admin</sec:property>
</sec:Authorization>
</sec:CarbonSecConfig>
</wsp:Policy>
<module ref="rampart"/>
</service>
[ 1 ] https://docs.wso2.com/display/DVS380/Applying+Security+for+a+Service#ApplyingSecurityforaService-Creatingthesecuritypolicy [1] https://docs.wso2.com/display/DVS380/Applying+Security+for+a+Service#ApplyingSecurityforaService-创建安全策略
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.