Secure WSO2 ESB proxy service with HTTP Basic Authentication.

Lets how we can secure a WSO2ESB proxy service using HTTP Basic Authentication.

Step 1.  Creates a simple proxy service in WSO2ESB.

Here i am using the same  “echo”  service in same WSO2ESB as the BE service.  If not, you can start new WSO2ESB instance and use “echo”  service as your BE service.

Simple flow would be

Client -------- HTTP Basic Auth -------> WSO2ESB ------------>  BE service (echo Service in ESB)

Sample proxy configuration would be as following.

<proxy name="BasicAuthProxy"
 transports="https"
 startOnLoad="true"
 trace="disable">
 <description/>
 <target>
 <inSequence>
 <send>
 <endpoint>
 <address uri="https://localhost:8243/services/echo"/>
 </endpoint>
 </send>
 </inSequence>
 <outSequence>
 <send/>
 </outSequence>
 </target>
 <publishWSDL uri="http://localhost:8280/services/echo?wsdl"/>
 </proxy>

 

Step 2.  Secure proxy service with  security scenario 01  (which is usename toke).

Note :   Please do not confuse here.  We are using WS-Security Username token to secure the proxy.  But;  you do not need to send Username token request and you can even send HTTP Basic Auth.

 

Step 3. Select Authorized group which you are allowing to access this proxy service. (This is RBAC which build into the Basic Authentication)  If you want to allow this service for all users just check on “Internal/everyone” role.

 

Step 4.  We have secured the service,  Now let sends a message with Basic Auth.

I am using SOAPUI for it.

If you send message without  HTTP Basic Auth,  you will be hit with  401.

If you send with HTTP Basic Auth,  you will receive the correct message.

 

 

What is happening.. ?

You are securing the proxy service with WS-Security.  But when Basic authentication request is hit with the ESB,  Basic authentication header would be converted to WS-Security headers inside the WSO2ESB.

Thanks for reading…!!!