WSO2 ESB comprises of about 40+ mediators, using which you can perform several actions on the the SOAP messages being passed through. One such requirement would be to manipulate SOAP headers of a message.
What if you need to add a complex header structure to the message as follows,
A real use case of this kind of a requirement will be, you have a secured proxy service in ESB with UsernameToken Policy applied, but the backend service is not secured according to WSSE standards, but having its own way of authenticating, hence it requires messages coming to that endpoint having the structure of the headers as above, and username and password header values need to set with the username and password contains in the WSSE usernameToken of the original request.
That can be achieved using a class / custom mediator which involves writing some Java code, but if you need to avoid deploying / maintain a separate package for that you can chose either Header mediator, XSLT mediator or Script mediator.
Here I'm going to show how the script mediator can be used for the above use case.
Since you have enabled WS security in the proxy service, a valid SOAP request needs to contain the WSSE security headers, as follows.
As highlighted in the above request message, you have to extract the username and password values coming in the request and set those in the header structure which is expected by the backend service.
In order to do that your Script Mediator configuration will be as follows,
That's it..! If you do a full log in insequence you will see the message with added complex headers.. In a future post I Will show you how to use Header mediator and XSLT mediator to achieve the same task.
References
[1] http://docs.wso2.org/display/ESB470/Script+Mediator
[2] http://wso2.com/project/mashup/0.2/docs/e4xquickstart.html
4 comments:
Hi Sajith,
We have a scenario, the proxy service is secured using username token(wsse)where as in client side they are using a different header for authentication. So the input to proxy will not contain the wsse signature. Is there any possibility to transform the request coming to proxy to match wsse signature? Thanks in advance!
Yes it is possible
Try this link to see more info:
http://wso2.com/library/knowledge-base/convert-http-basic-authentication-ws-security-username-token/
But one way to implement it is like this:
Use header mediator to add the wsse username token.
I am working on a usecase where a rest call (basic authentication) will trigger a SOAP request (WS-Security) on the backend. I had to take the user and password from the REST Api call and make it part of the WS-Security block in the SOAP request. Well, the link I mentioned above got me going (note that the folders with the new version of WSO2 ESB is little different, but you can easily spot and fix those things.
Thanks ente karal! But our requirement is bit different! We want to add security for the SOAP service ala default username token, not as a mediator in the insequence.
As of now we have used DBLookup mediator for authenticating.
Hi Sajith,
Will you look on this.
http://stackoverflow.com/questions/24015281/how-to-write-the-custom-policy-in-wso2esb-for-simple-username-passward
Post a Comment