I am trying to enable UsernameToken security on a service within WSO2 Dev Studio. I can do this through the WSO2 web GUI easily. My desire to do this through the dev studio is to produce a .car file that can easily be deployed.
I see that the web gui creates a policy file and can include that in the exported .car file. The problem, I believe, is that when you use the web gui to enable usernametoken security, the second screen asks for a list of user groups to be selected. I don't see where that data ends up. It's not defined in the policy. It appears that it is stored internally by WSO2. If that is accurate, is there anyway to interact with that via the deployment of a .car file?
Ultimately, I just want to authenticate using the username and password and any user group is fine since I'm going to use an entitlement mediator after authentication to control access.
Edit: It looks like it ends up in the UM_ROLE_PERMISSION table in the WSO2CARBON database. I guess what I need is a way to put some piece of code in my .car file that will get executed upon deployment in order to write into that table. (Or a less terrible solution where I can just describe the authentication scheme in whole without having to manipulate the database.)
The list of user roles is stored in the user management db. By default, it will be stored in the default h2 database.
You can configure the roles allowed by setting a parameter named allowRoles in the proxy configuration. Set comma separated roles that will be authorized to access the given service.
Eg:
<parameter name="allowRoles">role1,role2</parameter>
Sample proxy config:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse" name="test_ws_security" transports="http https" startOnLoad="true" trace="disable">
<target>
<inSequence>
<respond/>
</inSequence>
<outSequence/>
</target>
<parameter name="allowRoles">admin,myrole</parameter>
<policy key="conf:/custom/UsernameTokenPolicy_v1.xml"/>
<enableSec/>
</proxy>
Related
In wso2 esb what is the best practice for Endpoint maintenance. From some article I got to know that we can read from file So, if this the best approach how achieve this one.
In a scenario where the endpoint is saved as a file within the carbon registry (You can even upload the file via management console or can use WSO2 EI Tooling to create an endpoint template), we can read the content of the endpoint as follows.
Add the endpoint registry resource.
Log the endpoint content using the following synapse configuration. (Can even retrieve specific attributes within the endpoint using their xpath expressions)
<log level="custom">
<property name="Endpoint Content:" expression="$ctx:endpointFile//*"/>
<property name="Endpoint URL:" expression="$ctx:endpointFile//*[local-name() = 'address'][1]/#uri"/>
</log>
You can see the logged endpoint content as below.
There are 3 ways to Endpoint Maintenance.
Using ESB Tooling
From Command Line
Using a Script
More details can be found in WSO2 Documentation.
I am trying to configure wso2 esb5.0.0 with esb analytics. I used default configs as given in the wso2 documentation. ESB is running on 9443 and esb analytics is running on 9444. I am invoking my test proxy but there is not entry in analytics dashboard. Below are the configs and proxy.
Synapse.properties
# Configuration to enable mediation flow analytics
mediation.flow.statistics.enable=true
mediation.flow.statistics.tracer.collect.payloads=true
mediation.flow.statistics.tracer.collect.properties=true
mediation.flow.statistics.event.consume.interval=1000
mediation.flow.statistics.event.clean.interval=15000
# Configuration to enable statistics globally irrespective of the individual artifact level setting
mediation.flow.statistics.collect.all=true
Proxy:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="test"
startOnLoad="true"
statistics="enable"
trace="enable"
transports="http,https">
<target>
<inSequence>
<log level="full" separator="*****"/>
</inSequence>
<outSequence>
<respond/>
</outSequence>
</target>
<description/>
</proxy>
Can anyone help what I am missing?
You configured publishing analytics correctly and didn't miss anything. As analytics server retrieving data, you may have to wait around few minutes while publishing data.
And you can verify whether your events are publishing to analytics node via Data explorer in management console.
You have to navigate to management console (https://localhost:9444/carbon) and then to data explorer (Home > Manage > Interactive Analytics > Data Explorer). And check for table values.
Tested sample scenario as you indicated in the question and it works properly.
Is there a way for distributing services requests among different servers? The ideia is high avaiability for a webservice, controlled by wso2 esb. I'll have same service deployed in more then one server(jboss) and I intend wso2 handle this.
The option 'pinned servers', when creating custom proxy, can do this?
The "Pinned server" attribute controls the Proxy service deployment in Several servers. Sometimes We need to use a one CAPP file to deploy artifacts in several servers, but may require to deploy a proxy service artifact in Selected servers. So in this case "Pinned server" attribute can be used.
You can give a list of Synapse server names, where this Proxy Service should be deployed using pinnedServers attribute. It takes the server names separated by comma or space character. If there is no pinned server list, then the Proxy Service will be started in all server instances.
If a pinned server names list is given, it will only start in the given named Synapse server instances.
For your question "Is there a way for distributing services reuests among different servers?"
You can achieve this using a cluster setup with a Loadbalancers like nginex, httpd.
httpd
nginx
If you need to use pinned server option, you can add a property called pinnedServers property in proxy like below
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="myproxy"
transports="https,http"
pinnedServers="server1"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
<address uri="http://www.google.com"/>
</endpoint>
</target>
<description/>
</proxy>
In here "server1" is synapse server name where this Proxy Service should be deployed using pinnedServers attribute.
Next you need to add synapse server instance name as following in axis2.xml according to above proxy
<parameter name="SynapseConfig.ServerName" locked="false">server1</parameter>
You need to restart the ESB to get the effect from the pinnedServers property.
Then you need to give the name to a Synapse server instance by specifying -DSynapseServerName= property when you execute the startup script, wso2server.bat or wso2server.sh
Please refer [1] as a reference of setting the pinnedServers property in proxy.
[1] https://docs.wso2.com/display/ESB403/Proxy+Services
Is it possible to use an Indirect Enpoint inside the definition of a Failover Group endpoint?
I mean something like this:
<endpoint xmlns="http://ws.apache.org/ns/synapse" name="failOver2">
<failover>
<endpoint key="LBEndpoint" />
</failover>
</endpoint>
Where LBEndpoint is a load balance endpoint defined and saved previously in the registry.
When i click on the Save button... all my configuration is lost and the fail over group comes back into this form:
<endpoint xmlns="http://ws.apache.org/ns/synapse" name="failOver2">
<failover/>
</endpoint>
Is this a bug? Inside the WSO2 ESB documentation it says that all this is possible.
Can you try editing synapse configuration directly? That is, not using sequence editor UI. Go to sourceview and manually edit and point the endpoint key in failoverendpoint.
How do I configure WSO2ESB such that I can proxy a service that I currently have hosted on Windows Azure?
On my local development machine I have an instance of WSO2ESB, I can use this to proxy WCF services also on my local development machine, but now I need to take this proof of concept work further and show how WSO2ESB could be used to proxy for WCF services hosted externally, in this instance on Windows Azure.
I have tried to add a new Proxy Service for my Azure service selecting Specify source URL for the Publishing WSDL and then entering the .svc address for my Azure service, but when I Test URI (which takes about a minute) it returns
Invalid WSDL URI (Unable to establish a connection)
I believe this to be caused by our corporate proxy and my machine needing to supply basic information in order to punch a hole out but I cannot see how / where to do this.
I am using WSO2ESB 4.5.1 and my Proxy Service source is:
<proxy xmlns="http://ws.apache.org/ns/synapse" name="Azure"
transports="https,http"
statistics="disable" trace="disable" startOnLoad="true">
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
<address uri="http://myazureservice.cloudapp.net/Service.svc"/>
</endpoint>
</target>
<description></description>
</proxy>
Update
I have also tried importing the WSDL the service generates by copying it to the clipboard and pasting it into WSO2 but this is rejected.
You can download the wsdl to your local filesystem with the extension of *.wsdl, and provide its link to the "publishWSDL" option