如何为 WSO2 EI 代理服务配置 HTTP 基本身份验证 [英] How to Configure HTTP Basic Auth for WSO2 EI proxy service

问题描述

我使用的是 WSO2 Enterprise Integrator 6.5.0(最新)

我需要通过代理服务(SOAP、REST)启用 HTTP 基本身份验证

我尝试过以下资源 -

解决方案

看来，您的要求是使用 Basic Auth 保护代理服务，该服务将作为 REST 调用.建议使用安全策略保护代理服务作为 SOAP [1].但是，如果您需要使用代理服务启用 HTTP 基本身份验证，则需要编写自定义实现来对用户进行身份验证，因为 ESB 默认不支持它.可以使用以下方法之一来满足您的要求.

1. 实施API 受基本身份验证保护，并从该 API 调用代理服务.API 处理程序实现可用于实现身份验证.请参阅 [2] 了解 API 处理程序实现.>

2. 使用突触处理程序在代理服务调用之前处理身份验证.有关突触处理程序的实现，请参阅 [3].handleRequestInFlow() 将在 ESB 代理服务之前调用突触处理程序的方法.因此，我们可以在处理程序的 handleRequestInFlow() 中实现自定义身份验证，并允许/限制代理调用.

1 - https://docs.wso2.com/display/EI650/Applying+Security+to+a+Proxy+Service

2 - https://docs.wso2.com/display/ESB481/Securing+APIs#SecuringAPIs-BasicAuthUsingaBasic一个>

3 - https://docs.wso2.com/display/EI6xx/Working+with+Synapse+Handlers

i am using WSO2 Enterprise Integrator 6.5.0 (lastest)

I need to enable HTTP Basic Authentication through a Proxy Service (SOAP, REST)

I have tried below resource - WSO2 EI and WSO2 Developer - Setup an ESB Proxy with http basic authentication

<?xml version="1.0" encoding="UTF-8"?>
<proxy name="ProxyWithBasicAuth" startOnLoad="true" trace="disable" transports="https" xmlns="http://ws.apache.org/ns/synapse">
    <target>
        <endpoint name="endpoint_urn_uuid_xxxxxxxx-yyyy-zzzz-1111-234567892345">
            <address trace="disable" uri="https://here.goes.the.uri.of.the.ws.endpoint"/>
        </endpoint>
        <inSequence>
            <property value="this_is_the_username" name="username" scope="default" type="STRING"/>
            <property value="this_is_the_password" name="password" scope="default" type="STRING"/>
            <property expression="fn:concat($ctx:username,':',$ctx:password)" name="credentials" scope="default" type="STRING"/>
            <property expression="fn:concat('Basic ', base64Encode($ctx:credentials))" name="Authorization" scope="transport" type="STRING" xmlns:ns="http://org.apache.synapse/xsd"/>
        </inSequence>
        <outSequence>
            <send/>
        </outSequence>
        <faultSequence/>
    </target>
</proxy>

But it does not work? i was expecting when i send wrong credentials,

The Proxy service would give me error?

below is the way i sending request :

解决方案

It seems, your requirement is to secure the proxy service, which will be invoked as REST, using Basic Auth. It is recommended to secure a proxy service using security policies when it is used as SOAP [1]. However, if you need to enable HTTP Basic Auth with a proxy service, you will need to write the custom implementation to authenticate the user, as it is not supported by default from the ESB. One of the following approaches can be used to achieve your requirement.

1. Implement an API which is secured with Basic Auth and call the proxy service from that API. API handler implementation can be used to implement the authentication. Please refer [2] for API handler implementation.

2. Use a synapse handler to process the authentication prior to the proxy service invocation. Refer [3] for synapse handler implementation. handleRequestInFlow() method of the synapse handler will be called prior to the ESB proxy service. Therefore, we can have the custom authentication implementation within handleRequestInFlow() of the handler and allow/restrict the proxy calls.

1 - https://docs.wso2.com/display/EI650/Applying+Security+to+a+Proxy+Service

2 - https://docs.wso2.com/display/ESB481/Securing+APIs#SecuringAPIs-BasicAuthUsingaBasicAuthhandler

3 - https://docs.wso2.com/display/EI6xx/Working+with+Synapse+Handlers

这篇关于如何为 WSO2 EI 代理服务配置 HTTP 基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！