- Backend service is secured using Username token.
- Client invokes ESB proxy using http. ( no security between client and ESB)
- At the ESB, proxy adds username token to outgoing message and invokes secured backend.
- ESB sends back echo service's response back to client.
Backend ( WSO2 Application server 5.2.1)
- Start WSO2 AS 5.2.1 using ( Unix: sh wso2server.sh / Windows: wso2server.bat )
- Log in to management console. ( https://localhost:9443/carbon/ )
- Create two user called tom and bom
- Goto Configure -> Users and Roles -> Users
- Create an user called tom with password "tompass".
- Create another user called bob with password "bobpass"
- Assign both users to "admin" role.
- Goto Main -> Services -> List
- Click on "echo" service. This will open up "Service Dashboard (echo)" page.
- Under "Quality of Service Configuration", Select "security".
- In "Security for the service" page, Select Enable security.
- Under Security scenarios, select "Username token" ( First security policy) and click next.
- In next page, select "admin" under user group.
- Click Finish.
- Start WSO2 ESB with port offset =1 ( Unix: sh wso2server.sh -DportOffset=1 / Windows: wso2server.bat --DportOffset=1)
Rampart configuration for UsernameToken ( ESB )
- Create an ESB in-line xml local entry called "UTOverTransport.xml" with following content.
- Create a jar with following class, and drop it to
- Then restart ESB server.
- ( Maven Project is located here. )
Some useful References on Rampart password callback handler:
- Create a proxy called EchoUTProxy with following content.
- Enable Soap tracer on WSO2 AS.
- Invoke EchoUTProxy using SOAP UI.
You can see Username token in request message as follows.