Apr 5, 2011

Axis2/Rampart - Access the authentication details within the service class

In certain cases, it is required to access the username of the authenticated service consumer or the alias of the certificate which was used for signature verification of the messages within the service class in Axis2/Rampart.

These information is available as properties in the Axis2 message context. You can get hold of the Axis2 message context in the following manner.


MessageContext msgCtx = MessageContext.getCurrentMessageContext();


To access the username of the authenticated user ;


msgCtx.getProperty(RampartMessageData.USERNAME);

(This is available since 1.5 release of Rampart.)


To access the certificate alias of the public key which was used to validate the signature of the message (In Asymmetric Binding case) ;


msgCtx.getProperty(RampartMessageData.SIGNATURE_CERT_ALIAS);

(This will be available from Rampart 1.6 release onwards which will be out soon)

Apr 3, 2011

How to access a web service using HTTP Basic Authentication with WSO2 ESB

In this post, we will take a look at how to access a web service which is secured with http basic authentication using WSO2 ESB.

This scenario is depicted by the following diagram.



There is a web service which is secured with HTTP Basic Authentication and it is required to be consumed by a client who does not send the required authentication credentials in the request. So a proxy service is created which will inject these basic authentication headers to incoming request and send it to the actual secured service.

If you want to know how to secure a web service with http basic authentication, this is a good reference written by Prabath.

The required authentication credentials are sent to the service in a HTTP header named 'Authorization'. So it will look similar to the following.
Authorization: Basic cHJhYmF0aDpwcmFiYXRo
This is the base64 encoded value of (username:password) pair. So this header will be created using a Property Mediator in ESB. Following is the corresponding entry in the Synapse configuration language.

 




This will concatenate the value of "Basic " (please mind the space after the word "Basic") and base64 encoded value of "username:password" and set it as the Authorization header at the transport level.

And this is how it looks like when it is configured through the UI.


And this is the complete Proxy configuration for your reference.