RSS

WSO2 ESB talk to WSO2 Identity Server and get the authentication decision to invoke the proxy service

27 Jun

This is very good and simple example. let me explain the exact requirement.

If we need to secure the proxy service with UT (Username Token) in WSO2 ESB but all users and roles are maintained in the WSO2 Identity Server so when the users are going to invoke this service it should talk to WSO2 IS and get authenticated. In order to do this we have to implement Password Callback handler as follows.You can checkout total source here

package org.wso2.is.callback;


import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.axis2.transport.http.HttpTransportProperties;
import org.apache.ws.security.WSPasswordCallback;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.um.ws.api.WSUserStoreManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;


public class ISCallBackHandler implements CallbackHandler {
    private static final Log log = LogFactory.getLog(ISCallBackHandler.class);
    private String serverUrl = "https://localhost:9443/services/";

    private AuthenticationAdminStub authstub = null;
    private ConfigurationContext ctx;
    private String authCookie = null;
    private WSUserStoreManager remoteUserStoreManager = null;
    @Override
    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        try {
            for (int i = 0; i < callbacks.length; i++) {
                if (callbacks[i] instanceof WSPasswordCallback) {
                    WSPasswordCallback passwordCallback = (WSPasswordCallback) callbacks[i];
                    String username = passwordCallback.getIdentifer();
                    String receivedPasswd = passwordCallback.getPassword();

                    ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
                    String authEPR = serverUrl + "AuthenticationAdmin";
                    authstub = new AuthenticationAdminStub(ctx, authEPR);
                    ServiceClient client = authstub._getServiceClient();
                    Options options = client.getOptions();
                    HttpTransportProperties.Authenticator authenticator = new HttpTransportProperties.Authenticator();
                    authenticator.setUsername("admin");
                    authenticator.setPassword("admin");
                    authenticator.setPreemptiveAuthentication(true);
                    options.setProperty(HTTPConstants.AUTHENTICATE, authenticator);
                    client.setOptions(options);

                   boolean status =  authstub.login(username,receivedPasswd,"localhost");
                   if(status){
                     //Login Successful
                   } else{
                       throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
                   }

                }
            }

        }catch (UnsupportedCallbackException e){
            if(log.isDebugEnabled()){
                log.debug(e.getMessage(), e); //logging invlaid passwords and attempts
                throw e;
            }
            throw e;
        } catch (Exception e){
            log.error(e.getMessage(), e);
            //can't build an unsupported exception.
            throw new UnsupportedCallbackException(null, e.getMessage());
        }

    }
}

1. First of all you have to build the above project and place the created jar file in to $ESB_HOME/repository/components/lib
2. Create the proxy service as follows and secured by UT
esb

esb1

esb2

esb3

2. Now you have to engage the created Password Call back handler. This is simply do with the policy configuration.
Go to policy configuration and insert the following line into the rampart configuration as follows.
“org.wso2.is.callback.ISCallBackHandler”

esb

esb1

esb2

esb3

3. Now you can invoke the service with username and password which is located in WSO2 Identity server.
(If you are going to run ESB and IS on same machine please consider the port offset as well as change the call back handler server url)

About these ads
 
1 Comment

Posted by on June 27, 2013 in Identity Server, java, wso2

 

Tags: , , ,

One response to “WSO2 ESB talk to WSO2 Identity Server and get the authentication decision to invoke the proxy service

  1. SutoCom

    June 27, 2013 at 9:58 am

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: