Hi Paul,
Here is my case.
Client-------->Reverse Proxy-------->WSO2ESB proxy service------->Backend
webservices
https https
https
I want my proxy service to decide whether let the request to access backed
web service according to certificate of the clients.
For now, I would put certificate in the HTTP Head when the request passes
the Reverse Proxy. Thus, my proxy service can make decision according to
the HTTP head variable.
Is it possible for WSO2? I had played with WSO2 AM but found that I need to
create a token. I didn't want that.
Thanks a lot.
Regards,
Bin
On Fri, Sep 7, 2012 at 6:03 AM, Paul Fremantle <[email protected]> wrote:
> Bin
>
> I wasn't clear what you are trying to solve. The API Manager is designed
> to allow applications to subscribe to services but we use OAuth2 Bearer
> tokens instead of client certs. So it doesn't solve the exact problem you
> asked.
>
> Paul
>
>
> On 6 September 2012 19:51, Maeglin Vardamir <[email protected]> wrote:
>
>> Hi Paul,
>>
>> I just went through quick Getting Started Guide, but had no idea how to
>> replace API key with Common Name of a certificate. And there is no way to
>> subscribe a Common Name with an Application. Any suggestion for that?
>>
>> Thanks,
>> Bin
>>
>>
>> On Thu, Sep 6, 2012 at 5:56 PM, Paul Fremantle <[email protected]> wrote:
>>
>>> Maeglin
>>>
>>> The ESB is a great product and very flexible. What the API Manager does
>>> is take a few capabilities of the ESB (routing, validation, throttling, SLA
>>> management), together with other components from WSO2 Carbon (OAuth
>>> handling, Registry/Repository, BAM) and a new model around an API store,
>>> and put together into a consistent product just for managing API access.
>>> Take a look. Of course many customers use both - the API Manager to handle
>>> the external facing aspects, and the ESB internally to do mediation,
>>> transformation and integration.
>>>
>>> Paul
>>>
>>>
>>> On 6 September 2012 07:39, Maeglin Vardamir <[email protected]> wrote:
>>>
>>>> Hi Paul,
>>>>
>>>> Thanks for your quick response. I would check that and response to this
>>>> mail if I found anything.
>>>> Since I am totally new to WSO2 even SOA, I would make many mistakes. It
>>>> is also possible that I picked ESB by mistake.
>>>>
>>>> Regards,
>>>> Bin
>>>>
>>>>
>>>> On Thu, Sep 6, 2012 at 2:27 PM, Paul Fremantle <[email protected]> wrote:
>>>>
>>>>> Maeglin
>>>>>
>>>>> The more you describe your scenario, the more I wonder if our API
>>>>> Manager wouldn't be more appropriate:
>>>>> http://wso2.com/products/api-manager/
>>>>>
>>>>> We don't use client certs in that case, but OAuth2 tokens.
>>>>>
>>>>> Take a look.
>>>>>
>>>>> To solve what you've asked you can simply to a dblookup call against
>>>>> the MySQL and then filter/drop based on the results.
>>>>>
>>>>> Paul
>>>>>
>>>>>
>>>>> On 6 September 2012 07:24, Maeglin Vardamir <[email protected]> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I also got another case. Now I have the Common Name from HTTP Header.
>>>>>> How can I set up rules to forward/reject the request to the backend web
>>>>>> service?
>>>>>> I means maybe I set the rules in the mysql like below
>>>>>>
>>>>>> CN Legal
>>>>>> Client1 False
>>>>>> Client2 True
>>>>>>
>>>>>> May I setup those rules via WSO2 ESB (Carbon Server?) and store them
>>>>>> into mysql? Or I need WSO2 IS? How to do that?
>>>>>>
>>>>>> Thanks,
>>>>>> Bin
>>>>>>
>>>>>>
>>>>>> On Thu, Sep 6, 2012 at 2:18 PM, Maeglin Vardamir <[email protected]>wrote:
>>>>>>
>>>>>>> Hi Paul,
>>>>>>>
>>>>>>> Thanks for you information. I also googled that page. It is helpful.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Bin
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Sep 3, 2012 at 7:47 PM, Paul Fremantle <[email protected]>wrote:
>>>>>>>
>>>>>>>> Bin
>>>>>>>>
>>>>>>>> In that case its really easy.
>>>>>>>>
>>>>>>>> This blog shows how to read those headers in the ESB and then you
>>>>>>>> can simply write a filter mediator or router to send the message to the
>>>>>>>> right place:
>>>>>>>>
>>>>>>>>
>>>>>>>> http://warunapw.blogspot.co.uk/2011/11/how-to-read-http-headers-through.html
>>>>>>>>
>>>>>>>> Paul
>>>>>>>>
>>>>>>>>
>>>>>>>> On 3 September 2012 08:27, Maeglin Vardamir <[email protected]>wrote:
>>>>>>>>
>>>>>>>>> Hi Paul,
>>>>>>>>>
>>>>>>>>> Yes. You are right. I did customize my reverse proxy to store CN
>>>>>>>>> in http header.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Bin
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Sep 3, 2012 at 2:26 PM, Paul Fremantle <[email protected]>wrote:
>>>>>>>>>
>>>>>>>>>> Hi
>>>>>>>>>>
>>>>>>>>>> Is the reverse proxy part of the WSO2 ESB config or a separate
>>>>>>>>>> server instance?
>>>>>>>>>>
>>>>>>>>>> I'm not sure this is possible to do if you have a reverse proxy
>>>>>>>>>> in the way, because the reverse proxy will terminate the SSL
>>>>>>>>>> connection and
>>>>>>>>>> the SSL connection coming into the WSO2 ESB will just be the reverse
>>>>>>>>>> proxies connection. If the client connects directly to the WSO2 ESB
>>>>>>>>>> its
>>>>>>>>>> possible to do what you want. If you must have a reverse proxy then
>>>>>>>>>> you
>>>>>>>>>> need a way of getting the CN from the reverse proxy to the WSO2 ESB
>>>>>>>>>> (e.g.
>>>>>>>>>> you could add it into an HTTP header). But this only works if you can
>>>>>>>>>> customize the reverse proxy.
>>>>>>>>>>
>>>>>>>>>> Paul
>>>>>>>>>>
>>>>>>>>>> On 3 September 2012 03:13, Maeglin Vardamir <[email protected]>wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello there,
>>>>>>>>>>>
>>>>>>>>>>> Here is my case.
>>>>>>>>>>>
>>>>>>>>>>> Client-------->Reverse Proxy-------->WSO2ESB proxy
>>>>>>>>>>> service------->Backend webservices
>>>>>>>>>>> https https
>>>>>>>>>>> https
>>>>>>>>>>>
>>>>>>>>>>> I got several clients which connected the backend web service
>>>>>>>>>>> through https connection. I have a local CA service to deliver
>>>>>>>>>>> certificates
>>>>>>>>>>> to client, Reverse Proxy, Receiver and Sender of proxy service and
>>>>>>>>>>> backend
>>>>>>>>>>> apache.
>>>>>>>>>>> For now, I can get response from web service after making some
>>>>>>>>>>> changes to configuration files.
>>>>>>>>>>>
>>>>>>>>>>> But I want more features. I want to re-direct request to
>>>>>>>>>>> different endpoint according Common Name of the client's
>>>>>>>>>>> certificate.
>>>>>>>>>>>
>>>>>>>>>>> For example, I got one client. And I had two certificate for it
>>>>>>>>>>> to do testing. One common name is Client1, the other one is
>>>>>>>>>>> Client2. The
>>>>>>>>>>> client sent request to https://wso2esb_server:8243/services/echo.
>>>>>>>>>>> The WSO2ESB proxy service would re-direct request to
>>>>>>>>>>> https://backend1/services/echo if Common Name of the client's
>>>>>>>>>>> certificate is Client1. Otherwise, re-direct the request to
>>>>>>>>>>> https://backend2/services/echo.
>>>>>>>>>>>
>>>>>>>>>>> Is it doable? How to do that? Any suggestion would be welcomed.
>>>>>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>>>>> Bin
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> User mailing list
>>>>>>>>>>> [email protected]
>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/user
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Paul Fremantle
>>>>>>>>>> CTO and Co-Founder, WSO2
>>>>>>>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse
>>>>>>>>>>
>>>>>>>>>> UK: +44 207 096 0336
>>>>>>>>>> US: +1 646 595 7614
>>>>>>>>>>
>>>>>>>>>> blog: http://pzf.fremantle.org
>>>>>>>>>> twitter.com/pzfreo
>>>>>>>>>> [email protected]
>>>>>>>>>>
>>>>>>>>>> wso2.com Lean Enterprise Middleware
>>>>>>>>>>
>>>>>>>>>> Disclaimer: This communication may contain privileged or other
>>>>>>>>>> confidential information and is intended exclusively for the
>>>>>>>>>> addressee/s.
>>>>>>>>>> If you are not the intended recipient/s, or believe that you may have
>>>>>>>>>> received this communication in error, please reply to the sender
>>>>>>>>>> indicating
>>>>>>>>>> that fact and delete the copy you received and in addition, you
>>>>>>>>>> should not
>>>>>>>>>> print, copy, retransmit, disseminate, or otherwise use the
>>>>>>>>>> information
>>>>>>>>>> contained in this communication. Internet communications cannot be
>>>>>>>>>> guaranteed to be timely, secure, error or virus-free. The sender
>>>>>>>>>> does not
>>>>>>>>>> accept liability for any errors or omissions.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Paul Fremantle
>>>>>>>> CTO and Co-Founder, WSO2
>>>>>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse
>>>>>>>>
>>>>>>>> UK: +44 207 096 0336
>>>>>>>> US: +1 646 595 7614
>>>>>>>>
>>>>>>>> blog: http://pzf.fremantle.org
>>>>>>>> twitter.com/pzfreo
>>>>>>>> [email protected]
>>>>>>>>
>>>>>>>> wso2.com Lean Enterprise Middleware
>>>>>>>>
>>>>>>>> Disclaimer: This communication may contain privileged or other
>>>>>>>> confidential information and is intended exclusively for the
>>>>>>>> addressee/s.
>>>>>>>> If you are not the intended recipient/s, or believe that you may have
>>>>>>>> received this communication in error, please reply to the sender
>>>>>>>> indicating
>>>>>>>> that fact and delete the copy you received and in addition, you should
>>>>>>>> not
>>>>>>>> print, copy, retransmit, disseminate, or otherwise use the information
>>>>>>>> contained in this communication. Internet communications cannot be
>>>>>>>> guaranteed to be timely, secure, error or virus-free. The sender does
>>>>>>>> not
>>>>>>>> accept liability for any errors or omissions.
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Paul Fremantle
>>>>> CTO and Co-Founder, WSO2
>>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse
>>>>>
>>>>> UK: +44 207 096 0336
>>>>> US: +1 646 595 7614
>>>>>
>>>>> blog: http://pzf.fremantle.org
>>>>> twitter.com/pzfreo
>>>>> [email protected]
>>>>>
>>>>> wso2.com Lean Enterprise Middleware
>>>>>
>>>>> Disclaimer: This communication may contain privileged or other
>>>>> confidential information and is intended exclusively for the addressee/s.
>>>>> If you are not the intended recipient/s, or believe that you may have
>>>>> received this communication in error, please reply to the sender
>>>>> indicating
>>>>> that fact and delete the copy you received and in addition, you should not
>>>>> print, copy, retransmit, disseminate, or otherwise use the information
>>>>> contained in this communication. Internet communications cannot be
>>>>> guaranteed to be timely, secure, error or virus-free. The sender does not
>>>>> accept liability for any errors or omissions.
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Paul Fremantle
>>> CTO and Co-Founder, WSO2
>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse
>>>
>>> UK: +44 207 096 0336
>>> US: +1 646 595 7614
>>>
>>> blog: http://pzf.fremantle.org
>>> twitter.com/pzfreo
>>> [email protected]
>>>
>>> wso2.com Lean Enterprise Middleware
>>>
>>> Disclaimer: This communication may contain privileged or other
>>> confidential information and is intended exclusively for the addressee/s.
>>> If you are not the intended recipient/s, or believe that you may have
>>> received this communication in error, please reply to the sender indicating
>>> that fact and delete the copy you received and in addition, you should not
>>> print, copy, retransmit, disseminate, or otherwise use the information
>>> contained in this communication. Internet communications cannot be
>>> guaranteed to be timely, secure, error or virus-free. The sender does not
>>> accept liability for any errors or omissions.
>>>
>>>
>>
>
>
> --
> Paul Fremantle
> CTO and Co-Founder, WSO2
> OASIS WS-RX TC Co-chair, VP, Apache Synapse
>
> UK: +44 207 096 0336
> US: +1 646 595 7614
>
> blog: http://pzf.fremantle.org
> twitter.com/pzfreo
> [email protected]
>
> wso2.com Lean Enterprise Middleware
>
> Disclaimer: This communication may contain privileged or other
> confidential information and is intended exclusively for the addressee/s.
> If you are not the intended recipient/s, or believe that you may have
> received this communication in error, please reply to the sender indicating
> that fact and delete the copy you received and in addition, you should not
> print, copy, retransmit, disseminate, or otherwise use the information
> contained in this communication. Internet communications cannot be
> guaranteed to be timely, secure, error or virus-free. The sender does not
> accept liability for any errors or omissions.
>
>
_______________________________________________
User mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/user
