Securing the Message Forwarding Processor¶
This example demonstrates a use case where security policies are applied to the message forwarding processor.
Synapse configuration¶
Following are the artifact configurations that we can use to implement this scenario. See the instructions on how to build and run this example.
<proxy xmlns="http://ws.apache.org/ns/synapse" name="StockQuoteProxy" transports="https http" startOnLoad="true" trace="disable">
<description />
<target>
<inSequence>
<property name="OUT_ONLY" value="true" />
<store messageStore="MSG_STORE" />
</inSequence>
<outSequence>
<send />
</outSequence>
</target>
</proxy>
<localEntry xmlns="http://ws.apache.org/ns/synapse" key="sec_policy" src="file:/path/to/policy1.xml" />
<endpoint xmlns="http://ws.apache.org/ns/synapse" name="SecureStockQuoteService">
<address uri="http://localhost:9000/services/SecureStockQuoteService">
<enableSec policy="sec_policy" />
</address>
</endpoint>
<messageStore xmlns="http://ws.apache.org/ns/synapse" name="MSG_STORE" />
<messageProcessor xmlns="http://ws.apache.org/ns/synapse" class="org.apache.synapse.message.processor.impl.forwarder.ScheduledMessageForwardingProcessor" name="SecureForwardingProcessor" targetEndpoint="SecureStockQuoteService" messageStore="MSG_STORE">
<parameter name="client.retry.interval">1000</parameter>
<parameter name="interval">1000</parameter>
<parameter name="is.active">true</parameter>
</messageProcessor>
Build and run¶
Create the artifacts:
- Set up WSO2 Integration Studio.
- Create an integration project with an ESB Configs module and an Composite Exporter.
- Create the proxy service, registry resource, local entry, message store, and message processor with the configurations given above.
- Deploy the artifacts in your Micro Integrator.
The Micro Integrator is configured to enable WS-Security as per the policy specified by 'policy_3.xml' for the outgoing messages to the secured backend. The debug logs on the Micro Integrator shows the encrypted message flowing to the service and the encrypted response being received by the Micro Integrator.
The security policy file policy1.xml
can be downloaded from policy1.xml.
The security policy file URI needs to be updated with the path to the policy1.xml file.