| <?xml version="1.0" encoding="ISO-8859-1" ?> |
| <!-- |
| ~ Licensed to the Apache Software Foundation (ASF) under one |
| ~ or more contributor license agreements. See the NOTICE file |
| ~ distributed with this work for additional information |
| ~ regarding copyright ownership. The ASF licenses this file |
| ~ to you under the Apache License, Version 2.0 (the |
| ~ "License"); you may not use this file except in compliance |
| ~ with the License. You may obtain a copy of the License at |
| ~ |
| ~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~ |
| ~ Unless required by applicable law or agreed to in writing, |
| ~ software distributed under the License is distributed on an |
| ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~ KIND, either express or implied. See the License for the |
| ~ specific language governing permissions and limitations |
| ~ under the License. |
| --> |
| |
| <document> |
| <properties> |
| <title>Apache Synapse - Sample 153</title> |
| </properties> |
| <body> |
| <section name="Sample 153: Routing the Messages without Processing the Security Headers"> |
| <div class="xmlConf"><definitions xmlns="http://ws.apache.org/ns/synapse"> |
| |
| <proxy name="StockQuoteProxy"> |
| <target> |
| <inSequence> |
| <property name="preserveProcessedHeaders" value="true"/> |
| <send> |
| <endpoint> |
| <address uri="http://localhost:9000/services/SecureStockQuoteService"/> |
| </endpoint> |
| </send> |
| </inSequence> |
| <outSequence> |
| <send/> |
| </outSequence> |
| </target> |
| <publishWSDL uri="file:repository/conf/sample/resources/proxy/sample_proxy_1.wsdl"/> |
| </proxy> |
| |
| </definitions></div> |
| <subsection name="Objective"> |
| <p> |
| Demonstrate the ability of Synapse to pass SOAP messages through without removing |
| already processed headers |
| </p> |
| </subsection> |
| <subsection name="Pre-requisites"> |
| <p> |
| <ul> |
| <li> |
| Download and install the Java Cryptography Extension (JCE) unlimited |
| strength policy files for your JDK |
| </li> |
| <li> |
| Deploy the SecureStockQuoteService in the sample Axis2 server and start Axis2 |
| </li> |
| <li> |
| Start Synapse using the configuration numbered 153 (repository/conf/sample/synapse_sample_153.xml) |
| <div class="command"> |
| Unix/Linux: sh synapse.sh -sample 153<br/> |
| Windows: synapse.bat -sample 153 |
| </div> |
| </li> |
| </ul> |
| </p> |
| </subsection> |
| <subsection name="Executing the Client"> |
| <p> |
| In this sample the proxy service will receive secured messages with security |
| headers which are flagged 'MustUnderstand'. But since the element 'enableSec' |
| is not present in the proxy configuration, Synapse will not engage Apache Rampart |
| on this proxy service. It is expected that a MustUnderstand failure exception |
| on the AxisEngine would occur before the message arrives at mediation engine. |
| But Synapse handles this message and gets it through by setting all the |
| MustUnderstand headers which are not processed as processed. This will enable |
| Synapse to route the messages without reading the Security headers (just routing |
| the messages from client to service, both of which are secured). To execute the |
| client, send a stock quote request to the proxy service, and sign and encrypt |
| the request by specifying the client side security policy as follows: |
| </p> |
| <div class="command">ant stockquote -Dtrpurl=http://localhost:8280/services/StockQuoteProxy -Dpolicy=./../../repository/conf/sample/resources/policy/client_policy_3.xml</div> |
| <p> |
| By following through the debug logs or TCPMon output, you can see that the |
| request received by the proxy service was signed and encrypted. Also, looking |
| up the WSDL of the proxy service by requesting the URL http://localhost:8280/services/StockQuoteProxy?wsdl |
| reveals that the security policy attachments are not there and security is not engaged. |
| When sending the message to the backend service, you can verify that the security |
| headers were there as in the original message to Synapse from client, and that |
| the response received does use WS-Security, and forwarded back to the client |
| without any modification. You should note that this won't be a security hole |
| because the message inside Synapse is signed and encrypted and can only be |
| forwarded to a secure service. |
| </p> |
| </subsection> |
| </section> |
| <p><a href="../samples.html">Back to Catalog</a></p> |
| </body> |
| </document> |