Wednesday, August 24, 2016

WSO2 DSS, Secure Data Service using Basic Auth

Hope you have read this article: Using WSO2 DSS retrieve data from multiple databases in a single Query. Lets use the same data service and secure it using Basic Auth. Then lets try to invoke the secured data service with SOAP UI or from a WSO2 ESB.

Securing the data service
1. If not already created, add a new collection to /_system/config as security, i.e., /_system/config/security
2. Then add this policy file[1] (if you want you can rename the policy file, say policy1.xml) to /_system/config/security/ using Add Resource | Upload content from file | choose file




3. Next you have to add this policy to your data service. Go to data service xml editor view.
Add following to Data Service configuration at the end just before </data> closing tag.

   <policy key="conf:security/policy1.xml"/>
   <enableSec/>


Wait for few seconds and go to Deployed Services page and view the available data services. Now you can see the updated data service is as secured.


When you are testing the data service from the SOAP UI, you need to send the Authorization header.
Go to request level of your SOAP UI project created in the previous article and add Header as follows.

Header Name : Authorization
Value : Basic YWRtaW46YWRtaW4=

We are using admin:admin default credentials here.
YWRtaW46YWRtaW4= is the base64 encoded value of admin:admin
You can calculate the base64 encoded value online [2].

If a WSO2 ESB is invoking the service simply add following configuration in the synapse config
before sending message to the endpoint.

<property xmlns:ns="http://org.apache.synapse/xsd"
 name="Authorization"
 expression="fn:concat('Basic ', base64Encode('username:password'))"
 scope="transport"/>

If you are using jaggery to call DSS endpoints you can send the headers with the request as follows.

var POST_HEADERS = { "Content-Type": "application/json", "Authorization": "Basic YWRtaW46YWRtaW4="};

var resp = put(dssLDAPUserDSURL + "/employee/status", stringify(dataPost), POST_HEADERS);

You can find the sample data service, policy file, SOAP UI project and the relevant MySQL database scripts here [3].

Reference:
[1] https://svn.wso2.org/repos/wso2/people/suhan/BasicAuthSecuredBackendService/UT_policy.xml
[2] https://www.base64encode.org/
[3] https://svn.wso2.org/repos/wso2/people/suhan/BasicAuthSecuredBackendService/