Hi all,
In the Pre-Carbon version of the Mashup Server (1.5.1) we could have
invoked a secured service in the following fashion,
// Demonstrates calling the getVersion operation of the version service. This
client will work for most
// WS-Security scenarios (Works for all the scenarios the Mashup Server ships)
function invokeGetVersion(){
var request = new WSRequest();
var options = new Array();
options["username"] = "keith";
// Will be used if the service policy requires a Username Token. Assuming that
access has been granted to keith
options["password"] = "keith";
// Will be used if the service policy requires a Username Token. Assuming that
access has been granted to keith
options["encryptionUser"] = "versionCert";
// The alias of the certificate that will be used to encrypt the request.
// This is the public certificate of the Keystore that the version service is
secured with.
// If the security policy of the version service needs the request signed the
client will do so.
// But the keystore of the version service needs to have keith's (the clients)
public certificate
var service = new QName("http://services.mashup.wso2.org/version","version";);
request.openWSDL("http://localhost:7762/services/system/version?wsdl",false,
options,service,"SecureSOAP11Endpoint");
request.send("getVersion",null);
return request.responseXML;
}
We could have done it this way with minimal user properties because we
had a keystore per user. But obviously this model does will not work in
the 2.0 version of the Mashup Server. Hence I propose adding a few
options to allow users to reep these same benefits (invoking secured
services). These properties are keystore.type, keystore.file,
keystore.password, privateKeyPassword and privateKeyAlias. With these in
place a client to access a secured version service would be as follows,
function invokeGetVersion(){
var request = new WSRequest();
var options = new Array();
options["username"] = "admin";
// Will be used if the service policy requires a Username Token.
Assuming that access has been granted to keith
options["password"] = "admin";
// Will be used if the service policy requires a Username Token.
Assuming that access has been granted to keith
options["encryptionUser"] = "wso2carbon";
options["keystore.type"] = "JKS";
options["keystore.file"] =
"/opt/svn/2.0/modules/distribution/target/wso2mashup-2.0.0.SNAPSHOT/resources/security/wso2carbon.jks";
options["keystore.password"] = "wso2carbon";
// This is not needed if the keystore has a single private key
options["privateKeyAlias"] = "wso2carbon";
options["privateKeyPassword"] = "wso2carbon";
// The alias of the certificate that will be used to encrypt the request.
// This is the public certificate of the Keystore that the version
service is secured with.
// If the security policy of the version service needs the request
signed the client will do so.
// But the keystore of the version service needs to have keith's (the
clients) public certificate
var service = new
QName("http://services.mashup.wso2.org/version","version";);
request.openWSDL("http://localhost:9763/services/version?wsdl",false,
options,service,"SecureSOAP11Endpoint");
request.send("getVersion",null);
return request.responseXML;
}
WDYT?
Thanks,
Keith.
_______________________________________________
Mashup-dev mailing list
[email protected]
https://wso2.org/cgi-bin/mailman/listinfo/mashup-dev
