如何在WSO2 ESB 5.0.0上保护Axis2 WebService的安全?
[英]How to securing Axis2 WebService on WSO2 ESB 5.0.0?
问题描述
我是WSO2 ESB 5.0.0的新手,但最近几年我正在研究WSO2 ESB 4.7.0。 有谁知道如何在WSO2 ESB 5.0.0上保护Axis2 WebService的安全?
在文档( https://docs.wso2.com/display/ESB500/WSO2+Enterprise+Service+Bus+Documentation )中,我仅找到了用于保护代理服务安全的描述,并且该描述适用于代理。
问题是,在WSB ESB 5.0.0的Web控制台中,无法保证服务的安全。 当我使用Axis2 Web Service部署CAR归档文件,或在WSO2 ESB 5.0.0上以不安全的方式部署AAR归档文件时,部署了Axis2服务。
在4.7.0版中,我可以从Web控制台保护Axis2 WebService的安全,而在5.0.0版中,我不能这样做。
对于5.0.0中的代理服务,确保安全非常简单:-在注册表中创建策略-在代理定义中添加两行,例如:
<enableSec/>
<policy key="gov:ws-policy/myPolicy.xml"/>*
对于axis2 web服务,如何在axis2 serwis的services.xml描述中添加这样的行不起作用? 有什么建议么 ?
谢谢雅库布
1 个解决方案
解决方案1
1 2016-10-16 17:04:02
如您所见,ESB 5.0.0不支持通过管理控制台为服务应用安全性。 但是您可以按照以下步骤在axis2服务上启用安全性。
- 转到位于/ META-INF的services.xml文件,然后手动添加策略配置。 请在
<service>标签内添加配置。 (您可以使用WSO2 Developer Studio生成策略配置。请遵循doc [1]中的步骤并转到源视图以获取策略配置) - 然后在策略配置之后添加rampart配置标签。请在
<service>标签内添加rampart配置。<module ref="rampart"/>
我附上样本services.xml供您参考。
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<service name="echo">
<schema elementFormDefaultQualified="false" />
<description>This service echos the input provided to it.</description>
<transports>
<transport>https</transport>
<transport>http</transport>
</transports>
<parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false" />
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:user>wso2carbon</rampart:user>
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
<sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
<sec:Authorization>
<sec:property name="org.wso2.carbon.security.allowedroles">admin</sec:property>
</sec:Authorization>
</sec:CarbonSecConfig>
</wsp:Policy>
<module ref="rampart"/>
</service>
WSO2 ESB获取用户名
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.