Wednesday, February 25, 2009

Adding Mediation to WSO2 WSAS

Sunday, February 22, 2009

Easy login plans gather pace

"Plans for a system that would allow people to use one username and password across the internet have moved closer with a number of popular sites agreeing to the scheme in recent weeks."

Read more here...

Tuesday, February 17, 2009

Security Policy with WSO2 WSAS - UsernameToken

WSO2 WSAS is an enterprise ready Web services engine powered by Apache Axis2. It is a lightweight, high performing platform for Service Oriented Architectures, enabling business logic and applications. Bringing together a number of Apache Web services projects, WSO2 WSAS provides a secure, transactional and reliable runtime for deploying and managing Web services.

From version 3.0 onwards, WSO2 WSAS is powered by Carbon.

This post takes you through all the steps required in setting up UsernameToken security policy with WSAS to secure a given service.

First you need to download WSAS 3.0 from here.

Log into WSO2 WSAS administration console with admin/admin

1. Go to Service --> List --> Select "HelloService" service --> Security --> setup security scenario "UsernameToken" on it.

2. Select 'admin' as the user group who has access to the service.

3. To view the applied policy, go to Service --> List --> Select "HelloService" service --> Policy

4. Select 'Edit Policy' against 'Binding HelloServiceSOAP11Binding'. You can modify the applied policy here.

5. Now - let's see how we can try this service having secured with UsernameToken.

6. Go to Service --> List and select 'Try this service' against 'HelloService'. Provide a username/password of a user belongs to the 'admin' role and try the service.

Monday, February 16, 2009

Secure Token Service with WSO2 WSAS 3.0

WSO2 WSAS is an enterprise ready Web services engine powered by Apache Axis2. It is a lightweight, high performing platform for Service Oriented Architectures, enabling business logic and applications. Bringing together a number of Apache Web services projects, WSO2 WSAS provides a secure, transactional and reliable runtime for deploying and managing Web services.

From version 3.0 onwards, WSO2 WSAS is powered by Carbon.

This post takes you through all the steps required in setting up the STS ships with WSAS to secure a given service.

First you need to download WSAS 3.0 from here.

WSAS distribution comes with an STS sample - and let's see how to set it up.

Go to [WSAS_HOME]/samples/sts-sample and type ant

Start WSO2 WSAS (If you haven't already started it)

Log into WSO2 WSAS administration console with admin/admin

Go to Service --> List --> Select "wso2carbon-sts" service --> Security --> setup security scenario "Sign and encrypt - X509 Authentication" on it.

Make sure wso2carbon.jks keystore (WSO2WSAS keystore) is used.

Go to Service --> List --> Select "HelloService" service and copy the http service address.

Once again select "wso2carbon-sts" service and navigate to "Configure STS". Paste/type the http endpoint address of "HelloService" service in "Add new trusted service"->"Endpoint Address". Select the WSO2WSAS private key's certificate alias (wso2carbon)

Go back to "HelloService" service and setup security scenario "SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt , X509 Authentication" on it.Makesure wso2carbon.jks keystore (WSO2WSAS keystore) is used.

Go to Key Stores --> Import Cert -- > Import [WSAS_HOME]/samples/sts-sample/conf/client.cert into the wso2carbon keystore.

Go to [WSAS_HOME]/samples/sts-sample and run the client.

run-client.bat <wso2carbon-sts-http-address> <hello-service-http-address>

Example :

run-client.bat http://10.100.1.97:9763/services/wso2carbon-sts http://10.100.1.97:9763/services/HelloService

Notes:

1. You need to download Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 from here and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar)to $JAVA_HOME/jre/lib/security.

2. Make sure is exactly the same as the url you added as a trusted service to the STS

Sunday, February 15, 2009

Fusion : Eventing with SOA - Introduction

This article by Asanka Abeysinghe is an overview of eventing and EDA (Event Driven Architecture) together with an illustration on how it can be used in an SOA environment. This is the first of a series on this topic.