Securing Web Services with WSO2 ESB – Securing a proxy service with basic authentication (Username Token)

Web Services Security, or to be more precise, SOAP message security, identifies and provides solutions for general computer security threats as well as threats unique to Web services.

WSO2 Carbon supports WS Security, WS-Policy and WS-Security Policy specifications. These specifications define a behavioral model for Web services. A requirement for one Web service may not be valid for another. Thus, defining service-specific requirements might be necessary.

The WSO2 SOA platform provides important security features to your service. By default the security features are disabled.

Securing a proxy service with basic authentication (Username Token)

Pre-requisites – Download the latest stable release of WSO2 ESB from here.

Step 1 – Start WSO2 ESB server

Step 2 – Create a Proxy Service. (We will use the Echo service shipped with WSO2 ESB here)

<proxy xmlns=”; name=”PoxSecurityProxy” transports=”https” statistics=”disable” trace=”disable” startOnLoad=”true”>






<address uri=”http://localhost:8280/services/echo”/&gt;



<publishWSDL uri=”http://localhost:8280/services/echo?wsdl”/&gt;


Step 3 – Once the proxy service is deployed, access the dashboard and click on the created proxy service and apply security scenario 1 (UsernameToken) as below.











Enable security by clicking the Security option












Select the Username Token security option








Click next button and go to the next step.

Step 4 – Select the user group(ex:admin) which you expect to be given permission to access the Proxy service and click Finish button.









Step 5 – Once security is applied to the service, access the dashboard and you will see only the HTTPS endpoint available as below.


Step 6 – Now you can access this web service with the following curl command.

curl -k –basic -u admin:admin https://localhost:8243/services/PoxSecurityProxy.POXSecurityProxyHttpsSoap11Endpoint/echoString?in=Chanaka

You will get the response from the echo service as “Chanaka”

One thought on “Securing Web Services with WSO2 ESB – Securing a proxy service with basic authentication (Username Token)

  1. Pingback: Review: Enterprise Integration with WSO2 ESB | Antonio Musarra's Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s