Search This Blog

Thursday, January 17, 2013

WSO2 ESB class mediator to check the SSL Certificate Properties

You need to start ESB with Mutual SSL Enabled with the configuration change in axis2.xml

Use the following class mediator inside a proxy service.

When the proxy service is invoked with the SSL Client you will see the ssl.client.auth.cert.X509 object id will be logged.

Debug through it so that you can find the SSL properties in the message context.

Code:
 package org.wso2.carbon.mediator;  
 import org.apache.synapse.MessageContext;  
 import org.apache.synapse.core.axis2.Axis2MessageContext;  
 import org.apache.synapse.mediators.AbstractMediator;  
 public class SynapseMessageContextMediator extends AbstractMediator {  
  public boolean mediate(MessageContext msgCtx) {  
    org.apache.axis2.context.MessageContext axis2MessageCtx =  
               ((Axis2MessageContext) msgCtx).getAxis2MessageContext();  
    if (axis2MessageCtx.getMessageID() != null) {  
      log.info("Cert: " + axis2MessageCtx.getProperty("ssl.client.auth.cert.X509"));  
    }  
    return true;  
  }  
 }

The IntelliJ IDEA project for this class mediator can be found here.

https://svn.wso2.org/repos/wso2/people/chamaraa/SynapseMessageContextMediator

A sample proxy service that uses this class mediator will be like;

 <?xml version="1.0" encoding="UTF-8"?>  
 <proxy xmlns="http://ws.apache.org/ns/synapse"  
     name="echoProxy"  
     transports="https http"  
     startOnLoad="true"  
     trace="disable">  
   <description/>  
   <target>  
    <endpoint>  
      <address uri="http://192.168.71.1:8280/services/echo/"/>  
    </endpoint>  
    <inSequence>  
      <class name="org.wso2.carbon.mediator.SynapseMessageContextMediator"/>  
    </inSequence>  
    <outSequence>  
      <send/>  
    </outSequence>  
   </target>  
 </proxy>

To invoke the proxy service you have to use a Mutual SSL java client.
Posted by at 1 comment:

Friday, January 11, 2013

How to use WSO2 IS SCIM service through WSO2 ESB

1. WSO2 IS has the SCIM protocol support which is an Open Standard for Identity Provisioning.
More info in: http://hasini-gunasinghe.blogspot.com/2012/11/wso2-identity-server-as-scim-service.html

2. The service endpoint is
https://localhost:9443/wso2/scim/Users 
when IS is started with default ports.

3. This service can be used through an API through WSO2 ESB
ESB configuration:
<api xmlns="http://ws.apache.org/ns/synapse" name="scim" context="/scim">
   <resource methods="POST GET DELETE PUT">
      <inSequence>
         <send>
            <endpoint>
               <address uri="https://localhost:9443/wso2/scim/Users"/>
            </endpoint>
         </send>
      </inSequence>
      <outSequence>
         <send/>
      </outSequence>
   </resource>
</api>

4. The service can then be used with following curl usage commands:

Add user:
curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"Anthony","givenName":"Mark"},"userName":"mark","password":"mark123","email":"paul@home.com"}" --header "Content-Type:application/json" http://192.168.71.1:8281/scim

Response is:
* About to connect() to 192.168.71.1 port 8281 (#0)
*   Trying 192.168.71.1... connected
* Connected to 192.168.71.1 (192.168.71.1) port 8281 (#0)
* Server auth using Basic with user 'admin'
> POST /scim HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 192.168.71.1:8281
> Accept: */*
> Content-Type:application/json
> Content-Length: 104
>
< HTTP/1.1 201 Created
< Content-Type: application/json; charset=UTF-8
< Location: https://chamaraa-TECRA-WSO2.local:8281/wso2/scim/Users/629d21a3-f0b4-4536-a11f-d5f906c8e327
< Server: WSO2 Carbon Server
< Date: Fri, 11 Jan 2013 09:22:09 GMT
< Transfer-Encoding: chunked
<
* Connection #0 to host 192.168.71.1 left intact
* Closing connection #0
{"id":"629d21a3-f0b4-4536-a11f-d5f906c8e327","schemas":"urn:scim:schemas:core:1.0","name":{"familyName":"Anthony","givenName":"Mark"},"userName":"mark","meta":{"lastModified":"2013-01-11T14:52:09","location":"https:\/\/localhost:9443\/wso2\/scim\/Users\/629d21a3-f0b4-4536-a11f-d5f906c8e327","created":"2013-01-11T14:52:09"}}

This id can then be used to retrieve the user:
curl -v -k --user admin:admin http://192.168.71.1:8281/scim/629d21a3-f0b4-4536-a11f-d5f906c8e327

The result again is:

* About to connect() to 192.168.71.1 port 8281 (#0)
*   Trying 192.168.71.1... connected
* Connected to 192.168.71.1 (192.168.71.1) port 8281 (#0)
* Server auth using Basic with user 'admin'
> GET /scim/629d21a3-f0b4-4536-a11f-d5f906c8e327 HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: 192.168.71.1:8281
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Cache-Control: private
< Expires: Thu, 01 Jan 1970 05:30:00 IST
< Server: WSO2 Carbon Server
< Date: Fri, 11 Jan 2013 09:24:02 GMT
< Transfer-Encoding: chunked
<
* Connection #0 to host 192.168.71.1 left intact
* Closing connection #0
{"id":"629d21a3-f0b4-4536-a11f-d5f906c8e327","schemas":"urn:scim:schemas:core:1.0","name":{"familyName":"Anthony","givenName":"Mark"},"userName":"mark","meta":{"lastModified":"2013-01-11T14:52:09","created":"2013-01-11T14:52:09","location":"https:\/\/localhost:9443\/wso2\/scim\/Users\/629d21a3-f0b4-4536-a11f-d5f906c8e327"}}
Posted by at No comments:
Subscribe to: Posts (Atom)