Tuesday, February 17, 2009

Security Policy with WSO2 WSAS - UsernameToken

WSO2 WSAS is an enterprise ready Web services engine powered by Apache Axis2. It is a lightweight, high performing platform for Service Oriented Architectures, enabling business logic and applications. Bringing together a number of Apache Web services projects, WSO2 WSAS provides a secure, transactional and reliable runtime for deploying and managing Web services.

From version 3.0 onwards, WSO2 WSAS is powered by Carbon.

This post takes you through all the steps required in setting up UsernameToken security policy with WSAS to secure a given service.

First you need to download WSAS 3.0 from here.

Log into WSO2 WSAS administration console with admin/admin

1. Go to Service --> List --> Select "HelloService" service --> Security --> setup security scenario "UsernameToken" on it.

2. Select 'admin' as the user group who has access to the service.

3. To view the applied policy, go to Service --> List --> Select "HelloService" service --> Policy

4. Select 'Edit Policy' against 'Binding HelloServiceSOAP11Binding'. You can modify the applied policy here.

5. Now - let's see how we can try this service having secured with UsernameToken.

6. Go to Service --> List and select 'Try this service' against 'HelloService'. Provide a username/password of a user belongs to the 'admin' role and try the service.


Yaron Naveh said...

This looks very good.

I had recently needed to design something similar (e.g. SOA security configuration UI) and also chose to use "scenarios", so let's hope that "great minds think alike".

However I'm wondering about a few points:

Where does transport level security comes in with WSAS? After all there is some dependency (at the scenario level) between message and transport level security - e.g. if one uses SSL then probably message level encryption is redundant.

Do you have a "custom" mode that enables a finer grained configuration (e.g. at tokens level)? While there are very few "common" scenarios I have found the number of "occasionally used" scenarios to be very big.

Prabath said...

You can apply the policy and then simply edit it further to suit your requirement.


crystal said...

Thank you so much!!polo shirt men'ssweate,Burberry Polo Shirts lacoste sweater, ralph lauren Columbia Jackets,ski clothing. Free Shipping, PayPal Payment. Enjoy your shopping experience on mensclothingus.com.You can find the father who desire fashionable, intellectual mens clothing simultaneously.

crystal said...

Awesome!!!Best wishes for you !!cheap polo shirts is the father of the summer should be prepared to most commonly used item, it has both style and shape of Ralph Lauren Polo, and vest with a random function polo ralph lauren, so that in the short-sleeved apply to both on many occasions, the pink and black color men's polo shirts brought into effect, lightweight cotton, linen texture to demonstrate masculine temperament and sense of fashion exhaustively.

venus said...

God bless you!I really agree with your opinions.Also,there are some new fashion things here,gillette razor blades.gillette mach3 razor bladesfor men.As for ladies,gillette venus razor blades must the best gift for you in summer,gillette fusion blades are all the best choice for you.

crystal said...

Perfect!!You are a outstanding person!Have you ever wore chaussures puma,Here are the most popular puma CAT,Puma shoes store gives some preview of puma speed cat,and casual but no sweat puma basket.

venus said...

Do not mean bad.Thank you so much!I just want to show some fashion things to all of you.I like puma speed, puma femmes and other puma shoes. These puma sport items are at store recently and available for anyone.

lj said...

Fantastic!God bless you!Meanwhile,you can visit my China Wholesale,we have the highest quality but the lowest price fashion products wholesale from China.Here are the most popular China Wholesale productsfor all of you.You can visit http://chinaclothes.net.Also the polo clothing is a great choice for you.