Ws security with mule
Download as PPTX, PDF0 likes1,613 views
WS-Security is an extension to SOAP that applies security measures to web services. It describes mechanisms for signing and encrypting SOAP messages to ensure integrity and confidentiality, and for attaching security tokens to authenticate the sender. In Mule, WS-Security can be implemented by configuring spring security and adding security headers to the SOAP request and response. This allows the web service to require a username and password for authentication.
Ws security with mule
- 1. By Anirban Sen Chowdhary
- 2. Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. If a web service is exposed to external world, the data it carries can comes under the threat to several potential security vulnerabilities. So, in order to protect our web service we require Web Services Security
- 3. WS-Security describes 3 main mechanisms: • How to sign SOAP messages to assure integrity. Signed messages also provide non-repudiation. • How to encrypt SOAP messages to assure confidentiality. • How to attach security tokens to ascertain the sender's identity.
- 4. WS-Security incorporates security features in the header of a SOAP message. It works in application layer. In this example we will be implementing a simple username and password in the WS Security format.
- 5. So, we will expose a SOAP web service that will implement WS Security :-
- 6. To expose a web service with security in Mule we need spring security in our flow :- <mule-ss:security-manager> <mule-ss:delegate-security-provider name="memory-provider" delegate- ref="authenticationManager" /> </mule-ss:security-manager> <spring:beans> <ss:authentication-manager alias="authenticationManager"> <ss:authentication-provider> <ss:user-service id="userService"> <ss:user name=“anirban" password=“password authorities="ROLE_ADMIN" /> </ss:user-service> </ss:authentication-provider> </ss:authentication-manager> </spring:beans> <cxf:ws-security name="inboundSecurityConfig"> <cxf:mule-security-manager /> <cxf:ws-config> <cxf:property key="action" value="UsernameToken" /> </cxf:ws-config> </cxf:ws-security>
- 7. . And our Mule flow will be :- <flow name="securedSoapService"> <http:inbound-endpoint exchange-pattern="request-response" host="localhost" port="8090" path="designation" doc:name="HTTP"> <cxf:jaxws-service serviceClass="com.getdesignation.test.services.schema.maindata.v1.GetDesigna tion"> <cxf:ws-security ref="inboundSecurityConfig"/> </cxf:jaxws-service> </http:inbound-endpoint> <component class="com.getdesignation.test.services.schema.maindata.v1.Impl.GetDesignatio nImpl" /> </flow>
- 8. Following will be our flow in graphical mode ready with security :-
- 9. Now, we will be testing our secured web service in SOAPUI You can see here, we are testing the service by giving username and password in the header section of SOAP request and I am getting the response back from the service
- 10. So, you can see WS-Security offers confidentiality and integrity protection from the creation of the message to it's consumption. WS-Security offers more protection than HTTPS would, and SOAP offers a richer API than any other security . Thus we can say WS-Security has measures for authentication, integrity, confidentiality and non-repudiation
- 11. In my next slide I will bring some other techniques of implementing WS Security in Mule. Hope you have enjoyed this simpler version.