| <?xml version="1.0" encoding="ISO-8859-1" ?> |
| <!-- |
| ~ Licensed to the Apache Software Foundation (ASF) under one |
| ~ or more contributor license agreements. See the NOTICE file |
| ~ distributed with this work for additional information |
| ~ regarding copyright ownership. The ASF licenses this file |
| ~ to you under the Apache License, Version 2.0 (the |
| ~ "License"); you may not use this file except in compliance |
| ~ with the License. You may obtain a copy of the License at |
| ~ |
| ~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~ |
| ~ Unless required by applicable law or agreed to in writing, |
| ~ software distributed under the License is distributed on an |
| ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~ KIND, either express or implied. See the License for the |
| ~ specific language governing permissions and limitations |
| ~ under the License. |
| --> |
| |
| <document> |
| <properties> |
| <title>Apache Synapse - Sample 100</title> |
| </properties> |
| <body> |
| <section name="Sample 100: Using WS-Security for Outgoing Messages"> |
| <div class="xmlConf"><definitions xmlns="http://ws.apache.org/ns/synapse"> |
| |
| <localEntry key="sec_policy" src="file:repository/conf/sample/resources/policy/policy_3.xml"/> |
| |
| <sequence name="main"> |
| <in> |
| <send> |
| <endpoint name="secure"> |
| <address uri="http://localhost:9000/services/SecureStockQuoteService"> |
| <enableSec policy="sec_policy"/> |
| </address> |
| </endpoint> |
| </send> |
| </in> |
| <out> |
| <send/> |
| </out> |
| </sequence> |
| |
| </definitions></div> |
| <subsection name="Objective"> |
| <p> |
| Showcase the ability of Synapse to connect to secured endpoints using WS-Security |
| standards |
| </p> |
| </subsection> |
| <subsection name="Pre-requisites"> |
| <p> |
| <ul> |
| <li> |
| Download and install the Java Cryptography Extension (JCE) unlimited |
| strength policy files for your JDK |
| </li> |
| <li> |
| Deploy the SecureStockQuoteService in the sample Axis2 server and start Axis2 |
| </li> |
| <li> |
| Start Synapse using the configuration numbered 100 (repository/conf/sample/synapse_sample_100.xml) |
| <div class="command"> |
| Unix/Linux: sh synapse.sh -sample 100<br/> |
| Windows: synapse.bat -sample 100 |
| </div> |
| </li> |
| </ul> |
| </p> |
| </subsection> |
| <subsection name="Executing the Client"> |
| <p> |
| Use the stock quote client to send a request without WS-Security. Synapse is |
| configured to enable WS-Security as per the policy specified by 'policy_3.xml' |
| for the outgoing messages to the SecureStockQuoteService endpoint. |
| The debug log messages on Synapse shows the encrypted message flowing to the |
| service and the encrypted response being received by Synapse. The wsse:Security |
| header is then removed from the decrypted message and the response is delivered |
| back to the client, as expected. You may execute the client as follows: |
| </p> |
| <div class="command">ant stockquote -Dtrpurl=http://localhost:8280/</div> |
| <p> |
| The message sent by Synapse to the secure service can be seen as follows, when |
| TCPMon is used. |
| </p> |
| <div class="consoleOutput">POST http://localhost:9001/services/SecureStockQuoteService HTTP/1.1 |
| Host: 127.0.0.1 |
| SOAPAction: urn:getQuote |
| Content-Type: text/xml; charset=UTF-8 |
| Transfer-Encoding: chunked |
| Connection: Keep-Alive |
| User-Agent: Synapse-HttpComponents-NIO |
| |
| 800 |
| <?xml version='1.0' encoding='UTF-8'?> |
| <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsa="http://www.w3.org/2005/08/addressing" ..> |
| <soapenv:Header> |
| <wsse:Security ..> |
| <wsu:Timestamp ..> |
| ... |
| </wsu:Timestamp> |
| <xenc:EncryptedKey..> |
| ... |
| </xenc:EncryptedKey> |
| <wsse:BinarySecurityToken ...> |
| <ds:SignedInfo> |
| ... |
| </ds:SignedInfo> |
| <ds:SignatureValue> |
| ... |
| </ds:SignatureValue> |
| <ds:KeyInfo Id="KeyId-29551621"> |
| ... |
| </ds:KeyInfo> |
| </ds:Signature> |
| </wsse:Security> |
| <wsa:To>http://localhost:9001/services/SecureStockQuoteService</wsa:To> |
| <wsa:MessageID>urn:uuid:1C4CE88B8A1A9C09D91177500753443</wsa:MessageID> |
| <wsa:Action>urn:getQuote</wsa:Action> |
| </soapenv:Header> |
| <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-3789605"> |
| <xenc:EncryptedData Id="EncDataId-3789605" Type="http://www.w3.org/2001/04/xmlenc#Content"> |
| <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> |
| <xenc:CipherData> |
| <xenc:CipherValue>Layg0xQcnH....6UKm5nKU6Qqr</xenc:CipherValue> |
| </xenc:CipherData> |
| </xenc:EncryptedData> |
| </soapenv:Body> |
| </soapenv:Envelope>0</div> |
| <p> |
| Note the WS-Security headers and the encrypted payload added by Synapse. |
| </p> |
| </subsection> |
| </section> |
| <p><a href="../samples.html">Back to Catalog</a></p> |
| </body> |
| </document> |