Applying Security to a Proxy Service

The steps below demonstrate how you can apply security to a proxy service via WSO2 Integration Studio.

Prerequisites

Be sure to configure a user store for the Micro Integrator and add the required users and roles.

Step 1: Creating the security policy file

Follow the instructions given below to create a WS-Policy resource in your registry project. This will be your security policy file.

  1. Once you have created a registry resource project, right-click the roject in the left navigation panel, click New , and then click Registry Resource. This will open the New Registry Resource window.
  2. Select the From existing template option as shown below and click Next.
  3. Enter a resource name and select the WS-Policy template along with the preferred registry path.
  4. Click Finish . The policy file is now listed in the project explorer as shown below

  5. Double-click the policy file to open the file. Note that you get a Design View and Source View of the policy.

  6. Let's use the Design View to enable the required security scenario. For example, enable the Sign and Encyrpt security scenario as shown below.

    Tip

    Click the icon next to the scenario to get details of the scenario.

  7. You can provide also provide encryption properties, signature properties, and advanced rampart configurations as shown below.

    Encryption/Signature Properties

    Rampart Properties

    Info

    Change the tokenStoreClass in the policy file to 'org.wso2.micro.integrator.security.extensions.SecurityTokenStore'

Specifying role-based access?

For certain scenarios, you can specify user roles. After you select the scenario, scroll to the right to see the User Roles button.

Either define the user roles inline or retrieve the user roles from the server.

  • Define Inline

  • Get from the server

Info

By default, the role names are not case sensitive. If you want to make them case sensitive, add the following property in the <MI_HOME>/conf/deployment.yaml file.

[authorization_manager]
properties.CaseSensitiveAuthorizationRules = "true"

Step 2: Add the security policy to the proxy service

Follow the steps given below.

  1. You can either create a new proxy service, or import an existing proxy service to your workspace.
  2. Double-click the proxy service on the project explorer to open the file and click on the service on design view.
  3. In the Properties tab shown below and tick on Security Enabled property.

  4. Select the Browse icon for the Service Policies field. In the dialog box that opens, create a new record and click the Browse icon to open the Resource Key dialog as shown below.

  5. Click workspace, to add the security policy from the current workspace. You can select the path to the sample_policy.xml file that you created in the previous steps.

  6. Save the proxy service file.

Step 3: Package the artifacts

See the instructions on packaging the artifacts into a composite application project.

Step 4: Build and run the artifacts

See the instructions deploying the artifacts.

Step 5: Testing the service

Create a Soap UI project with the relevant security settings and then send the request to the hosted service.

Top