Hi all;
Currently when user configure for secured backend(usernametoken/basicauth),
in the synapse configuration we set basic auth header before sending the
request to backend. In the API configuration username and password are
stored as plain text.
.
In ESB ,securevault concept is introduced for connectors and other synapse
artifacts. Secure vault allows us to store encrypted passwords that are
mapped to aliases. This approach allows us to use the aliases instead of
the actual passwords in the configuration files for better security.
For that a synapse xpath extension is introduced. Using that we can
introduce a lookup in registry for encrypted passwords.
Earlier our configuration was;
<property name="Authorization" expression="fn:concat('Basic ',
base64Encode('admin:admin'))" scope="transport"/>
The modified configuration will be like;
* <property name="password"
expression="wso2:vault-lookup('secured.endpoint.password')"/>*
<property name="unpw"
expression="fn:concat(get-property('username'),':',get-property('password'))"/>
<property name="Authorization" expression="fn:concat('Basic ',
base64Encode(get-property('unpw')))" scope="transport"/>
Any thoughts ?
Thanks.
--
-Ratha
mobile: (+94)755906608
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
