Web Services Security, or to be more precise, SOAP message security, identifies and provides solutions for general computer security threats as well as threats unique to Web services.
WSO2 Carbon supports WS Security, WS-Policy and WS-Security Policy specifications. These specifications define a behavioral model for Web services. A requirement for one Web service may not be valid for another. Thus, defining service-specific requirements might be necessary.
The WSO2 SOA platform provides important security features to your service. By default the security features are disabled.
Securing a proxy service with basic authentication (Username Token)
Pre-requisites – Download the latest stable release of WSO2 ESB from here.
Step 1 – Start WSO2 ESB server
Step 2 – Create a Proxy Service. (We will use the Echo service shipped with WSO2 ESB here)
<proxy xmlns=”http://ws.apache.org/ns/synapse” name=”PoxSecurityProxy” transports=”https” statistics=”disable” trace=”disable” startOnLoad=”true”>
Step 3 – Once the proxy service is deployed, access the dashboard and click on the created proxy service and apply security scenario 1 (UsernameToken) as below.
Enable security by clicking the Security option
Select the Username Token security option
Click next button and go to the next step.
Step 4 – Select the user group(ex:admin) which you expect to be given permission to access the Proxy service and click Finish button.
Step 5 – Once security is applied to the service, access the dashboard and you will see only the HTTPS endpoint available as below.
Step 6 – Now you can access this web service with the following curl command.
curl -k –basic -u admin:admin https://localhost:8243/services/PoxSecurityProxy.POXSecurityProxyHttpsSoap11Endpoint/echoString?in=Chanaka
You will get the response from the echo service as “Chanaka”