0

I'm new in wso2 esb. I am trying to make a secure proxy to protect a non secure web service. I follow different tutorials and I do the following configuration for my proxy:

`<proxy xmlns="http://ws.apache.org/ns/synapse"
   name="ProxyStockeSecure"
   transports="https,http,local"
   statistics="disable"
   trace="disable"
   startOnLoad="true"><target inSequence="LogAndRemoveHeader" outSequence="LogSeqResponse">
  <endpoint>
     <address uri="http://localhost:9000/services/SimpleStockQuoteService"/>
  </endpoint></target><publishWSDL uri="http://localhost:9000/services/SimpleStockQuoteService?wsdl"/><enableSec/><policy key="sec_policy"/><description/></proxy>

The LogAndRemoveHeader sequence removes the security Header and log the flow.

<sequence xmlns="http://ws.apache.org/ns/synapse" name="LogAndRemoveHeader"><log level="full"></log><header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" name="wsse:Security" scope="default" action="remove"></header><log level="full"></log></sequence>

When I send a signed request to the secure proxy I can see that the proxy validates it well (thanks to rampart). But when I look at the log on the back end server, I see that the Security header is still present while I remove it in the "LogAndRemoveHeader" sequence.

In the WSO2 server, I can see that the Security is correctly removed:

TID: [0] [ESB] [2015-03-19 01:20:31,508]  INFO {org.apache.synapse.mediators.builtin.LogMediator} -  To: /services/ProxyStockeSecure, WSAction: urn:getSimpleQuote, SOAPAction: urn:getSimpleQuote, MessageID: urn:uuid:7d951378-9a98-4b60-bcba-cded778ee977, Direction: request, Envelope: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://services.samples"><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1150340834">
  <ser:getSimpleQuote>
     <!--Optional:-->
     <ser:symbol>1</ser:symbol>
  </ser:getSimpleQuote></soap:Body></soap:Envelope>

But, on the back end server, the security header is back and I feel that wso2 has re-signed the request. Indeed, the DigestValue or SignatureValue differs from the original request...

Jeffrey Bosboom
  • 13,313
  • 16
  • 79
  • 92
Shod
  • 1

1 Answers1

0

Use send mediator to send your request to backend service inside your LogAndRemoveHeader sequence. Here is the sample send mediator code.

<send>
  <endpoint>
     <address uri="http://localhost:9000/services/SimpleStockQuoteService"></address>
  </endpoint>
</send>
Eranda
  • 1,439
  • 1
  • 17
  • 30
  • Thanks for your reply. But the request sent to the back end stills contains the Security header. Do you have another idea ? – Shod Mar 19 '15 at 10:53