Wednesday, March 12, 2014

How to add HTTP Basic Authentication header to the outgoing message of WSO2 ESB Proxy service


Here I am going to discuss how to access the web service secured by HTTP Basic Authentication via a proxy service deployed on WSO2 ESB.

The scenario is client invoke the proxy service without the Authorization header and WSO2 ESB proxy service add  the Authorization to out going message and call the actual backend service.


Here You need to set authorization header to HTTP request sent bu the ESB. You can achieve this by using property mediator  with the propert name Authorization.


<property xmlns:ns="http://org.apache.synapse/xsd"  
           name="Authorization"  
           expression="fn:concat('Basic ', base64Encode('username:password'))"  
           scope="transport"/>

Below is the header you need to send with the request.

authorization:Basic dXNlcm5hbWU6cGFzc3dvcmQ=


You can set this header within the proxy service by configuring property mediator as below.


<proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="stockQuote"  
     transports="https,http"  
     statistics="disable"  
     trace="disable"  
     startOnLoad="true">  
   <target>  
    <inSequence>  
      <property name="symbol1" value="2" scope="default" type="STRING"/>  
      <property xmlns:ns="http://org.apache.synapse/xsd"  
           name="Authorization"  
           expression="fn:concat('Basic ', base64Encode('username:password'))"  
           scope="transport"/>  
      <send>  
       <endpoint>  
         <address uri="http://localhost:8080/echo/echoheaders"/>  
       </endpoint>  
      </send>  
    </inSequence>  
   </target>  
   <description/>  
 </proxy>

Then the outgoing request from the ESB will contains the authorization header and backend service can be accessed.


Posted by at
Labels:

6 comments:

  1. FreeAtlastFebruary 19, 2016 at 7:27 AM

    Is there a way to externalize the password storage? In this case, password is stored along with the proxy and visible to everyone who has access to admin console or source control

    ReplyDelete
  2. UnknownFebruary 24, 2016 at 8:12 PM

    You can store password in wso2 registry and can refer the registry path from proxy service configuration

    [1] https://docs.wso2.com/display/ESB481/XPath+Extension+Functions#XPathExtensionFunctions-registryscope

    ReplyDelete
  3. UnknownDecember 23, 2016 at 10:38 AM

    Can I use call mediator instead of send mediator? I'm having problems with it. When I use call, ESB throws following exception:

    AxisEngine Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
    org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
    at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:104)

    ReplyDelete
    Replies
    1. UnknownDecember 24, 2016 at 12:40 AM

      Yes. You can use call mediator also.

      And one thing to clarify, is your backend secured by basic auth or ws security?

      Delete
  4. createJanuary 7, 2018 at 11:25 PM

    This comment has been removed by the author.

    ReplyDelete
  5. createJanuary 7, 2018 at 11:28 PM

    This comment has been removed by the author.

    ReplyDelete

Subscribe to: Post Comments (Atom)