| <?xml version="1.0" encoding="ISO-8859-1" ?> |
| <!-- |
| ~ Licensed to the Apache Software Foundation (ASF) under one |
| ~ or more contributor license agreements. See the NOTICE file |
| ~ distributed with this work for additional information |
| ~ regarding copyright ownership. The ASF licenses this file |
| ~ to you under the Apache License, Version 2.0 (the |
| ~ "License"); you may not use this file except in compliance |
| ~ with the License. You may obtain a copy of the License at |
| ~ |
| ~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~ |
| ~ Unless required by applicable law or agreed to in writing, |
| ~ software distributed under the License is distributed on an |
| ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~ KIND, either express or implied. See the License for the |
| ~ specific language governing permissions and limitations |
| ~ under the License. |
| --> |
| |
| <document> |
| <properties> |
| <title>Apache Synapse - Sample 200</title> |
| </properties> |
| <body> |
| <section name="Sample 200: Engaging WS-Security on Proxy Services"> |
| <div class="xmlConf"><definitions xmlns="http://ws.apache.org/ns/synapse"> |
| |
| <localEntry key="sec_policy" src="file:repository/conf/sample/resources/policy/policy_3.xml"/> |
| |
| <proxy name="StockQuoteProxy"> |
| <target> |
| <inSequence> |
| <send> |
| <endpoint> |
| <address uri="http://localhost:9000/services/SimpleStockQuoteService"/> |
| </endpoint> |
| </send> |
| </inSequence> |
| <outSequence> |
| <send/> |
| </outSequence> |
| </target> |
| <publishWSDL uri="file:repository/conf/sample/resources/proxy/sample_proxy_1.wsdl"/> |
| <enableSec/> |
| <policy key="sec_policy"/> |
| </proxy> |
| |
| </definitions></div> |
| <subsection name="Objective"> |
| <p> |
| Demonstrates how to secure a proxy service using WS-Security and WS-Policy |
| standards |
| </p> |
| </subsection> |
| <subsection name="Pre-requisites"> |
| <p> |
| <ul> |
| <li> |
| Download and install the Java Cryptography Extension (JCE) unlimited |
| strength policy files for your JDK |
| </li> |
| <li> |
| Deploy the SimpleStockQuoteService in the sample Axis2 server and start Axis2 |
| </li> |
| <li> |
| Start Synapse using the configuration numbered 200 (repository/conf/sample/synapse_sample_200.xml) |
| <div class="command"> |
| Unix/Linux: sh synapse.sh -sample 200<br/> |
| Windows: synapse.bat -sample 200 |
| </div> |
| </li> |
| </ul> |
| </p> |
| </subsection> |
| <subsection name="Executing the Client"> |
| <p> |
| The proxy service expects to receive a signed and encrypted message as specified |
| by the security policy. Please see Apache Rampart and Axis2 documentation on the |
| format of the policy file. The element 'enableSec' specifies that Apache Rampart |
| should be engaged on this proxy service. Hence if Rampart rejects any request |
| messages that does not conform to the specified policy, those messages will |
| never reach the 'inSequence' to be processed. To execute the client, send a stock |
| quote request to the proxy service, and sign and encrypt the request by specifying |
| the client side security policy as follows: |
| </p> |
| <div class="command">ant stockquote -Dtrpurl=http://localhost:8280/services/StockQuoteProxy -Dpolicy=./../../repository/conf/sample/resources/policy/client_policy_3.xml</div> |
| <p> |
| By following through the debug logs or TCPMon output, you can see that the |
| request received by the proxy service is signed and encrypted. Also, looking up |
| the WSDL of the proxy service by requesting the URL http://localhost:8280/services/StockQuoteProxy?wsdl |
| reveals that the security policy is attached to the provided base WSDL. When |
| sending the message to the backend service, you can verify that the security |
| headers are removed. The response received from Axis2 does not use WS-Security, |
| but the response forwarded back to the client is signed and encrypted as |
| expected by the client. |
| </p> |
| </subsection> |
| </section> |
| <p><a href="../samples.html">Back to Catalog</a></p> |
| </body> |
| </document> |