Security Policy with WSO2 WSAS - UsernameToken

WSO2 WSAS is an enterprise ready Web services engine powered by Apache Axis2. It is a lightweight, high performing platform for Service Oriented Architectures, enabling business logic and applications. Bringing together a number of Apache Web services projects, WSO2 WSAS provides a secure, transactional and reliable runtime for deploying and managing Web services.

From version 3.0 onwards, WSO2 WSAS is powered by Carbon.

This post takes you through all the steps required in setting up UsernameToken security policy with WSAS to secure a given service.

First you need to download WSAS 3.0 from here.

Log into WSO2 WSAS administration console with admin/admin

1. Go to Service --> List --> Select "HelloService" service --> Security --> setup security scenario "UsernameToken" on it.

2. Select 'admin' as the user group who has access to the service.

3. To view the applied policy, go to Service --> List --> Select "HelloService" service --> Policy

4. Select 'Edit Policy' against 'Binding HelloServiceSOAP11Binding'. You can modify the applied policy here.

5. Now - let's see how we can try this service having secured with UsernameToken.

6. Go to Service --> List and select 'Try this service' against 'HelloService'. Provide a username/password of a user belongs to the 'admin' role and try the service.