src/site/xdoc/userguide/samples/sample153.xml - synapse - Git at Google

 <?xml version="1.0" encoding="ISO-8859-1" ?>
 <!--
   ~  Licensed to the Apache Software Foundation (ASF) under one
   ~  or more contributor license agreements.  See the NOTICE file
   ~  distributed with this work for additional information
   ~  regarding copyright ownership.  The ASF licenses this file
   ~  to you under the Apache License, Version 2.0 (the
   ~  "License"); you may not use this file except in compliance
   ~  with the License.  You may obtain a copy of the License at
   ~
   ~   http://www.apache.org/licenses/LICENSE-2.0
   ~
   ~  Unless required by applicable law or agreed to in writing,
   ~  software distributed under the License is distributed on an
   ~   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   ~  KIND, either express or implied.  See the License for the
   ~  specific language governing permissions and limitations
   ~  under the License.
   -->

 <document>
     <properties>
         <title>Apache Synapse - Sample 153</title>
     </properties>
     <body>
         <section name="Sample 153: Routing the Messages without Processing the Security Headers">
             <div class="xmlConf">&lt;definitions xmlns="http://ws.apache.org/ns/synapse"&gt;

     &lt;proxy name="StockQuoteProxy"&gt;
         &lt;target&gt;
             &lt;inSequence&gt;
                 &lt;property name="preserveProcessedHeaders" value="true"/&gt;
                 &lt;send&gt;
                     &lt;endpoint&gt;
                         &lt;address uri="http://localhost:9000/services/SecureStockQuoteService"/&gt;
                     &lt;/endpoint&gt;
                 &lt;/send&gt;
             &lt;/inSequence&gt;
             &lt;outSequence&gt;
                 &lt;send/&gt;
             &lt;/outSequence&gt;
         &lt;/target&gt;
         &lt;publishWSDL uri="file:repository/conf/sample/resources/proxy/sample_proxy_1.wsdl"/&gt;
     &lt;/proxy&gt;

 &lt;/definitions&gt;</div>
             <subsection name="Objective">
                 <p>
                     Demonstrate the ability of Synapse to pass SOAP messages through without removing
                     already processed headers
                 </p>
             </subsection>
             <subsection name="Pre-requisites">
                 <p>
                     <ul>
                         <li>
                             Download and install the Java Cryptography Extension (JCE) unlimited
                             strength policy files for your JDK
                         </li>
                         <li>
                             Deploy the SecureStockQuoteService in the sample Axis2 server and start Axis2
                         </li>
                         <li>
                             Start Synapse using the configuration numbered 153 (repository/conf/sample/synapse_sample_153.xml)
                             <div class="command">
                                 Unix/Linux: sh synapse.sh -sample 153<br/>
                                 Windows: synapse.bat -sample 153
                             </div>
                         </li>
                     </ul>
                 </p>
             </subsection>
             <subsection name="Executing the Client">
                 <p>
                     In this sample the proxy service will receive secured messages with security
                     headers which are flagged 'MustUnderstand'. But since the element 'enableSec'
                     is not present in the proxy configuration, Synapse will not engage Apache Rampart
                     on this proxy service. It is expected that a MustUnderstand failure exception
                     on the AxisEngine would occur before the message arrives at mediation engine.
                     But Synapse handles this message and gets it through by setting all the
                     MustUnderstand headers which are not processed as processed. This will enable
                     Synapse to route the messages without reading the Security headers (just routing
                     the messages from client to service, both of which are secured). To execute the
                     client, send a stock quote request to the proxy service, and sign and encrypt
                     the request by specifying the client side security policy as follows:
                 </p>
                 <div class="command">ant stockquote -Dtrpurl=http://localhost:8280/services/StockQuoteProxy -Dpolicy=./../../repository/conf/sample/resources/policy/client_policy_3.xml</div>
                 <p>
                     By following through the debug logs or TCPMon output, you can see that the
                     request received by the proxy service was signed and encrypted. Also, looking
                     up the WSDL of the proxy service by requesting the URL http://localhost:8280/services/StockQuoteProxy?wsdl
                     reveals that the security policy attachments are not there and security is not engaged.
                     When sending the message to the backend service, you can verify that the security
                     headers were there as in the original message to Synapse from client, and that
                     the response received does use WS-Security, and forwarded back to the client
                     without any modification. You should note that this won't be a security hole
                     because the message inside Synapse is signed and encrypted and can only be
                     forwarded to a secure service.
                 </p>
             </subsection>
         </section>
         <p><a href="../samples.html">Back to Catalog</a></p>
     </body>
 </document>
	<?xml version="1.0" encoding="ISO-8859-1" ?>
	<!--
	~ Licensed to the Apache Software Foundation (ASF) under one
	~ or more contributor license agreements. See the NOTICE file
	~ distributed with this work for additional information
	~ regarding copyright ownership. The ASF licenses this file
	~ to you under the Apache License, Version 2.0 (the
	~ "License"); you may not use this file except in compliance
	~ with the License. You may obtain a copy of the License at
	~
	~ http://www.apache.org/licenses/LICENSE-2.0
	~
	~ Unless required by applicable law or agreed to in writing,
	~ software distributed under the License is distributed on an
	~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	~ KIND, either express or implied. See the License for the
	~ specific language governing permissions and limitations
	~ under the License.
	-->

	<document>
	<properties>
	<title>Apache Synapse - Sample 153</title>
	</properties>
	<body>
	<section name="Sample 153: Routing the Messages without Processing the Security Headers">
	<div class="xmlConf"><definitions xmlns="http://ws.apache.org/ns/synapse">

	<proxy name="StockQuoteProxy">
	<target>
	<inSequence>
	<property name="preserveProcessedHeaders" value="true"/>
	<send>
	<endpoint>
	<address uri="http://localhost:9000/services/SecureStockQuoteService"/>
	</endpoint>
	</send>
	</inSequence>
	<outSequence>
	<send/>
	</outSequence>
	</target>
	<publishWSDL uri="file:repository/conf/sample/resources/proxy/sample_proxy_1.wsdl"/>
	</proxy>

	</definitions></div>
	<subsection name="Objective">
	<p>
	Demonstrate the ability of Synapse to pass SOAP messages through without removing
	already processed headers
	</p>
	</subsection>
	<subsection name="Pre-requisites">
	<p>
	<ul>
	<li>
	Download and install the Java Cryptography Extension (JCE) unlimited
	strength policy files for your JDK
	</li>
	<li>
	Deploy the SecureStockQuoteService in the sample Axis2 server and start Axis2
	</li>
	<li>
	Start Synapse using the configuration numbered 153 (repository/conf/sample/synapse_sample_153.xml)
	<div class="command">
	Unix/Linux: sh synapse.sh -sample 153<br/>
	Windows: synapse.bat -sample 153
	</div>
	</li>
	</ul>
	</p>
	</subsection>
	<subsection name="Executing the Client">
	<p>
	In this sample the proxy service will receive secured messages with security
	headers which are flagged 'MustUnderstand'. But since the element 'enableSec'
	is not present in the proxy configuration, Synapse will not engage Apache Rampart
	on this proxy service. It is expected that a MustUnderstand failure exception
	on the AxisEngine would occur before the message arrives at mediation engine.
	But Synapse handles this message and gets it through by setting all the
	MustUnderstand headers which are not processed as processed. This will enable
	Synapse to route the messages without reading the Security headers (just routing
	the messages from client to service, both of which are secured). To execute the
	client, send a stock quote request to the proxy service, and sign and encrypt
	the request by specifying the client side security policy as follows:
	</p>
	<div class="command">ant stockquote -Dtrpurl=http://localhost:8280/services/StockQuoteProxy -Dpolicy=./../../repository/conf/sample/resources/policy/client_policy_3.xml</div>
	<p>
	By following through the debug logs or TCPMon output, you can see that the
	request received by the proxy service was signed and encrypted. Also, looking
	up the WSDL of the proxy service by requesting the URL http://localhost:8280/services/StockQuoteProxy?wsdl
	reveals that the security policy attachments are not there and security is not engaged.
	When sending the message to the backend service, you can verify that the security
	headers were there as in the original message to Synapse from client, and that
	the response received does use WS-Security, and forwarded back to the client
	without any modification. You should note that this won't be a security hole
	because the message inside Synapse is signed and encrypted and can only be
	forwarded to a secure service.
	</p>
	</subsection>
	</section>
	<p><a href="../samples.html">Back to Catalog</a></p>
	</body>
	</document>