Securing the data service
1. If not already created, add a new collection to /_system/config as security, i.e., /_system/config/security
2. Then add this policy file[1] (if you want you can rename the policy file, say policy1.xml) to /_system/config/security/ using Add Resource | Upload content from file | choose file
3. Next you have to add this policy to your data service. Go to data service xml editor view.
Add following to Data Service configuration at the end just before </data> closing tag.
<policy key="conf:security/policy1.xml"/>
<enableSec/>
Wait for few seconds and go to Deployed Services page and view the available data services. Now you can see the updated data service is as secured.
Go to request level of your SOAP UI project created in the previous article and add Header as follows.
Header Name : Authorization
Value : Basic YWRtaW46YWRtaW4=
We are using admin:admin default credentials here.
YWRtaW46YWRtaW4= is the base64 encoded value of admin:admin
You can calculate the base64 encoded value online [2].
If a WSO2 ESB is invoking the service simply add following configuration in the synapse config
before sending message to the endpoint.
<property xmlns:ns="http://org.apache.synapse/xsd"
name="Authorization"
expression="fn:concat('Basic ', base64Encode('username:password'))"
scope="transport"/>
If you are using jaggery to call DSS endpoints you can send the headers with the request as follows.
var POST_HEADERS = { "Content-Type": "application/json", "Authorization": "Basic YWRtaW46YWRtaW4="};
var resp = put(dssLDAPUserDSURL + "/employee/status", stringify(dataPost), POST_HEADERS);
You can find the sample data service, policy file, SOAP UI project and the relevant MySQL database scripts here [3].
var POST_HEADERS = { "Content-Type": "application/json", "Authorization": "Basic YWRtaW46YWRtaW4="};
var resp = put(dssLDAPUserDSURL + "/employee/status", stringify(dataPost), POST_HEADERS);
You can find the sample data service, policy file, SOAP UI project and the relevant MySQL database scripts here [3].
Reference:
[1] https://svn.wso2.org/repos/wso2/people/suhan/BasicAuthSecuredBackendService/UT_policy.xml
[2] https://www.base64encode.org/
[3] https://svn.wso2.org/repos/wso2/people/suhan/BasicAuthSecuredBackendService/
Thanks for covering that topic. It is really helpful and full of content. For the base64 encoding, there is another great alternative
ReplyDeleteurl-decode.com/tool/base64-encode
You must check it out.