Securing Your Service with OAuth2 Using WSO2 API Manager
If you host a service, You may need some access control on that service. Otherwise any one can access that service. In such case you can use WSO2 API Manager to achieve this easily. API Manager can secure your service with OAuth2.
I have a backend service host on apache tomcat server. It can be invoked both http GET and POST method.
if I send a bellow request, It will receive a response
http://localhost:8080/stockquote/getQuote?symbol=wso2
Response:
<getQuoteResponse>
<symbol>wso2</symbol>
<lastPrice>67.73111720684315</lastPrice>
<company>wso2 Company</company>
<timeStamp>Wed Mar 26 17:49:25 IST 2014</timeStamp></getQuoteResponse>
Then I am going to create an api on WSO API Manager (wso2am-1.6.0) and keep my actual backend service behind the API Manager.
Steps to create an api
1) First I start a wso2am-1.6.0
2) Login to Publisher using user credential admin
https://localhost:9443/publisher/
3) Add a api with below parameters.
Name : stockQuoteApi
Context : stockquote
Version : 1.0.0
Tier Availability : Gold
Production Endpoint : http://localhost:8080/stockquote/getQuote
With the above parameters, We can create an api successfully.
4) Publish the created api
Select the created api and change LifeCycle to Publish
Then We have to subscribe for the created api.
5) Login to Store using user credential admin then you can see the api cretaed
https://10.100.1.107:9443/store/
6) Then select the api. You can see the access URL of the created api "http://10.100.1.107:8280/stockQuote/1.0.0"
Then choose DefaultApplication in Applications drop down box lay on right corner.
7) Then Click On Subscribe button.
8) Then click On Generate button in Keys - Production. Then you can see the Access Token.
Now API Creation is completed.
Then Try to access the api. You can use any http client to access the service. Inv this case I am going to use curl.
Now I am trying to invoke the api with below command.
curl http://localhost:8280/stockQuote/1.0.0?symbol=wso2
Then I will receive a below response.
<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
<ams:code>900902</ams:code>
<ams:message>Missing Credentials</ams:message>
<ams:description>Required OAuth credentials not provided</ams:description>
</ams:fault>
That means Your api is secured. So you need to provide the access token to invoke the service. You can find the access token in subscription page.
Then invoke the service with below command.
curl -H "Authorization :Bearer gQsoJqhYv15f_JiEVg46y44olcUa" http://localhost:8280/stockQuote/1.0.0?symbol=wso2
Now I get the correct response which is provided by my actual backend service running on tomcat server.
<getQuoteResponse>
<symbol>wso2</symbol>
<lastPrice>147.95183566530514</lastPrice>
<company>wso2 Company</company>
<timeStamp>Wed Mar 26 18:32:30 IST 2014</timeStamp></getQuoteResponse>
As the below api, You can create any number of api to secure your services. It is very easy and useful.
Wednesday, March 26, 2014
Wednesday, March 12, 2014
How to add HTTP Basic Authentication header to the outgoing message of WSO2 ESB Proxy service
Here I am going to discuss how to access the web service secured by HTTP Basic Authentication via a proxy service deployed on WSO2 ESB.
The scenario is client invoke the proxy service without the Authorization header and WSO2 ESB proxy service add the Authorization to out going message and call the actual backend service.
Here You need to set authorization header to HTTP request sent bu the ESB. You can achieve this by using property mediator with the propert name Authorization.
<property xmlns:ns="http://org.apache.synapse/xsd"
name="Authorization"
expression="fn:concat('Basic ', base64Encode('username:password'))"
scope="transport"/>Below is the header you need to send with the request.
authorization:Basic dXNlcm5hbWU6cGFzc3dvcmQ=
You can set this header within the proxy service by configuring property mediator as below.
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="stockQuote"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<property name="symbol1" value="2" scope="default" type="STRING"/>
<property xmlns:ns="http://org.apache.synapse/xsd"
name="Authorization"
expression="fn:concat('Basic ', base64Encode('username:password'))"
scope="transport"/>
<send>
<endpoint>
<address uri="http://localhost:8080/echo/echoheaders"/>
</endpoint>
</send>
</inSequence>
</target>
<description/>
</proxy>Then the outgoing request from the ESB will contains the authorization header and backend service can be accessed.
How to conver http POST request to http GET request using WSO2 ESB proxy service
In this blog, I am going to discuss how to send a HTTP GET request using WSO2 ESB proxy service. Here is the sample scenario.
Client sends a post request with a SOAP message to the proxy service and proxy service retrieve a parameter form the payload and make a HTTP get request with a URI parameter to get the response form the actual backend. Back end service is a rest service. Then Proxy service get the rest response and convert it in to SOAP message and send back to the client.
Below proxy configuration make above scenario worked.
Prerequisite
WSO2 ESB 4.7.0
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="stockQuote"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<property name="symbol1" value="2" scope="default" type="STRING"/>
<property xmlns:m1="http://services.samples/xsd"
xmlns:m0="http://services.samples"
name="symbol"
expression="//m0:getQuote/m0:request/m1:symbol"
scope="default"
type="STRING"/>
<property xmlns:ns="http://org.apache.synapse/xsd"
name="REST_URL_POSTFIX"
expression="fn:concat('?symbol=',get-property('symbol1'))"
scope="axis2"
type="STRING"/>
<log level="custom">
<property name="url" expression="get-property('axis2','REST_URL_POSTFIX')"/>
</log>
<property name="HTTP_METHOD" value="GET" scope="axis2" type="STRING"/>
<send>
<endpoint>
<address uri="http://localhost:8080/stockquote/getQuote" format="rest"/>
</endpoint>
</send>
</inSequence>
<outSequence>
<property name="messageType" value="text/xml" scope="axis2"/>
<send/>
</outSequence>
</target>
<description/>
</proxy>
Once you send a request with below payload to the stockquote proxy
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://services.samples" xmlns:xsd="http://services.samples/xsd">
<soapenv:Header/>
<soapenv:Body>
<ser:getQuote>
<!--Optional:-->
<ser:request>
<!--Optional:-->
<xsd:symbol>wso2</xsd:symbol>
</ser:request>
</ser:getQuote>
</soapenv:Body>
</soapenv:Envelope>
It will make a HTTP GET call to the URL and get back the response
http://localhost:8080/stockquote/getQuote?symbol=wso2Then proxy service send response back to the client
Tuesday, March 11, 2014
How to enable WSO2 Carbon Management Console via HTTP Transport
WSO2 carbon product management console is only exposed in HTTPS by default due to the security aspects. Anyway if someone want to access the management console via HTTP, It also possible. You can just configure it and access.
To enable admin console via HTTP,
1) Go to the $WSO2_HOME/repository/conf and open carbon.xml
2) Uncomment the EnableHTTPAdminConsole property.
<EnableHTTPAdminConsole>true</EnableHTTPAdminConsole>
Then start the server. You can access the management console from http://127.0.0.1:9763/carbon/
To enable admin console via HTTP,
1) Go to the $WSO2_HOME/repository/conf and open carbon.xml
2) Uncomment the EnableHTTPAdminConsole property.
<EnableHTTPAdminConsole>true</EnableHTTPAdminConsole>
Then start the server. You can access the management console from http://127.0.0.1:9763/carbon/
Wednesday, March 5, 2014
How to increase the WSO2 carbon management console session timeout
In WSO2 carbon products, The default value of the management console session timeout is 15 minutes. if user is idle for more than 15 min, It expire the user session, Then user need to provide the credential again to access the management console. if you need to increase the session time out you can just change it through the configuration
1) Go to repository/conf/tomcat/carbon/WEB-INF
2) Change the session-timeout value in web.xml file
<session-config>
<session-timeout>15</session-timeout>
</session-config>
Please note that timeout is defined in minutes.
3) Restart the server
Then, Once you log into the web console, It keeps the user session as you configured.
1) Go to repository/conf/tomcat/carbon/WEB-INF
2) Change the session-timeout value in web.xml file
<session-config>
<session-timeout>15</session-timeout>
</session-config>
Please note that timeout is defined in minutes.
3) Restart the server
Then, Once you log into the web console, It keeps the user session as you configured.
Subscribe to:
Posts (Atom)