WebService Security
Configuring Jetty Server
In FPS Jetty Server, basic Authentication needs to be enabled as the Stub component is running in the FPS server. To provide the basic authentication, perform the following actions:
- Before starting the FPS server, launch eStudio and load the FPS profile from Profile Management (Window > Show View > Other > Profile Manager) panel.
- Navigate to FPS > Fiorano > Esb > Jetty > Jetty.
In the Properties of Jetty panel on the right side, enable Basic Authentication (BasicAuthSupported property) and give the fully qualified path of the Realm.properties file.
Refer to the Create Realm.properties file section to know how to generate a Realm.properties file.
- Save the profile and Close.
Enabling Basic Authentication with bcwsgateway
- Edit the Web.xml file in %FIORANO_HOME%/esb/server/jetty/fps/webapps/bcwsgateway/WEB- INF as below:
- Uncomment the following tags:
- security-constraint
- login-config
- Uncomment the following tags:
- Save and close the file.
- Start the Server and log in to eStudio.
- Configure the WSStub microservice as explained in the next section.
Enabling Basic Authentication with WSStub
Open the WSStub service and configure HTTP Authentication configuration in the CPS as follows:
- Click Next in the Configuration panel.
- In the Security Configuration panel, click HTTP Authentication Configuration button.
- In the HTTP Authentication Configuration dialog box, enable authentication by selecting the Use HTTP Authentication checkbox.
- Select the type as 'BASIC', and provide the username and password that are present in the Realm.properties file.
- Click OK and click Finish in the Security Configuration panel.
- Launch the flow
Testing Services from Dashboard
Go to the ENDPOINTS > Web services tab using the left navigation pane in the Dashboard and perform the following actions:
- Click the Start button present under the Actions column to start the service.
- Click the Test button icon under the Actions column.
- Expand the Authentication configuration section and enable the Set basic configuration option.
Enter the username and password in the WSStub configuration.
Figure 3: Enabling Basic AuthenticationIn this case, it's auto-populated as it's already configured in the CPS (refer to the previous section).
Testing Services from Web Service Consumer
Configure the WebServiceConsumer service by performing the following actions:
Enable Http Basic Authentication property and enter the user name and password as done in the WSStub service.
- Specify the WSDL to enable the Next button.
Click the Next button to move to Interaction Configuration panel.
Click the Call Properties button, add the javax.xml.rpc.security.auth.username and javax.xml.rpc.security.auth.password properties, and then enter the values. Finally, perform the test.
Select the Web Service Operation to complete the configuration.
Configuring SSL Security
You can configure the SSL parameters for Jetty; configure the SSL parameters for Jetty, running with FES/FPS by editing the corresponding profiles.
In FPS profile configuration, enable SSLEnabled property.
In FES profile configuration, enable SSLEnabled property. Also provide the port number for SSL Port Number property which returns the port used by the embedded jetty server with SSL support.
Configuring SSL parameters for Jetty
You can configure the SSL parameters for Jetty which is running with FES/FPS by editing the corresponding profiles.
By default, the SSL property for Jetty is disabled. Perform the following actions to enable this property and provide the respective properties,
- Open FES/FPS profile, navigate to Esb > Jetty, select Jetty node.
Specify the values for KeyStoreLocation, KeyStorePassword, KeyPassword, TrustStore, TrustStorePasswd and save the FES/FPS profile.
Refer Configuring SSL Settings section to know how to generate KeyStore and TustStore.
- Start the servers. Jetty is started with the SSL enabled.
Configuring SSL support for WSStub and HttpStub
To use WSStub/HttpStub with SSL Support, the Jetty Server running in FPS needs to be started with SSL support. To check if Jetty is started with SSL support, check the following URL:
https://<IP Address>:<Port Number>/bcwsgateway.
If the URL is working, this means the Jetty with FPS is started with SSL support. SSL properties can be configured for WSStub and HttpStub through CPS.
Figure 10: Properties of SSL
Figure 11: SSL Security dialog box
After configuring the SSL parameters through CPS, launch the Event Process. If WSStub does not start properly, check the SSL configuration with WSStub CPS.
Testing Web Service from Dashboard
Web service can be tested from dashboard by clicking the Test button and giving the input parameters.
Testing Web Service from WebServiceConsumer
After Launching the WSStub, perform the following actions:
- Get the WSDL URL (right-click WSStub and copy WSDL)
- Open the WSConsumer CPS and provide the copied URL in WSDL URL property.
- Configure WSConsumer for SSL through CPS.
Figure 12: Configure WSConsumer
- Enable SSL and provide TrustStore location, TrustStorePassword, KeyStoreLocation, and KeyStorePassword.
Figure 13: Enabling SSL option
The Web Service configured for SSL from WebServiceConsumer can now be invoked.