stackoom
  简体   繁体   中英

WSO2 ESB Secure proxy : The request send to back end is signed

 原文  2015-03-19 00:52:16       security/ proxy/ wso2/ esb

Question

I'm new in wso2 esb. I am trying to make a secure proxy to protect a non secure web service. I follow different tutorials and I do the following configuration for my proxy: 

`<proxy xmlns="http://ws.apache.org/ns/synapse"
   name="ProxyStockeSecure"
   transports="https,http,local"
   statistics="disable"
   trace="disable"
   startOnLoad="true"><target inSequence="LogAndRemoveHeader" outSequence="LogSeqResponse">
  <endpoint>
     <address uri="http://localhost:9000/services/SimpleStockQuoteService"/>
  </endpoint></target><publishWSDL uri="http://localhost:9000/services/SimpleStockQuoteService?wsdl"/><enableSec/><policy key="sec_policy"/><description/></proxy>

The LogAndRemoveHeader sequence removes the security Header and log the flow. 

<sequence xmlns="http://ws.apache.org/ns/synapse" name="LogAndRemoveHeader"><log level="full"></log><header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" name="wsse:Security" scope="default" action="remove"></header><log level="full"></log></sequence>

When I send a signed request to the secure proxy I can see that the proxy validates it well (thanks to rampart). But when I look at the log on the back end server, I see that the Security header is still present while I remove it in the "LogAndRemoveHeader" sequence.

In the WSO2 server, I can see that the Security is correctly removed: 

TID: [0] [ESB] [2015-03-19 01:20:31,508]  INFO {org.apache.synapse.mediators.builtin.LogMediator} -  To: /services/ProxyStockeSecure, WSAction: urn:getSimpleQuote, SOAPAction: urn:getSimpleQuote, MessageID: urn:uuid:7d951378-9a98-4b60-bcba-cded778ee977, Direction: request, Envelope: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://services.samples"><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1150340834">
  <ser:getSimpleQuote>
     <!--Optional:-->
     <ser:symbol>1</ser:symbol>
  </ser:getSimpleQuote></soap:Body></soap:Envelope>

But, on the back end server, the security header is back and I feel that wso2 has re-signed the request. Indeed, the DigestValue or SignatureValue differs from the original request...

1 answers

solution1
 0  2015-03-19 01:26:38

Use send mediator to send your request to backend service inside your LogAndRemoveHeader sequence. Here is the sample send mediator code. 

<send>
  <endpoint>
     <address uri="http://localhost:9000/services/SimpleStockQuoteService"></address>
  </endpoint>
</send>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WSO2 ESB Secure handler in proxy WSO2 ESB blocking address by proxy WSO2 ESB Secured Proxy Endpoint Secure WSO2 AS with WSO2 IS WSO2 ESB EntitlementMediator can not send message to Identity Server WSO2 ESB Get Username WSO2 ESB Get Authentification Name WSO2 SECURITY USERNAMETOKEN ESB AND DSS wso2 esb policy with user groups WSO2 ESB method based security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM