How to Secure the Message Forwarding Processor¶
This example demonstrates a use case where security policies are applied to the message forwarding processor.
Synapse configuration¶
Following are the artifact configurations that we can use to implement this scenario. See the instructions on how to build and run this example.
<proxy xmlns="http://ws.apache.org/ns/synapse" name="StockQuoteProxy" transports="https http" startOnLoad="true" trace="disable">
<description />
<target>
<inSequence>
<property name="FORCE_SC_ACCEPTED" scope="axis2" value="true"/>
<property name="OUT_ONLY" value="true" />
<store messageStore="MSG_STORE" />
</inSequence>
</target>
</proxy>
<localEntry xmlns="http://ws.apache.org/ns/synapse" key="sec_policy" src="file:/path/to/policy1.xml" />
<endpoint xmlns="http://ws.apache.org/ns/synapse" name="SecureStockQuoteService">
<address uri="http://localhost:9000/services/SecureStockQuoteService">
<enableSec policy="sec_policy" />
</address>
</endpoint>
<messageStore xmlns="http://ws.apache.org/ns/synapse" name="MSG_STORE" class="org.apache.synapse.message.store.impl.memory.InMemoryStore" />
<messageProcessor xmlns="http://ws.apache.org/ns/synapse" class="org.apache.synapse.message.processor.impl.forwarder.ScheduledMessageForwardingProcessor" name="SecureForwardingProcessor" targetEndpoint="SecureStockQuoteService" messageStore="MSG_STORE">
<parameter name="client.retry.interval">1000</parameter>
<parameter name="interval">1000</parameter>
<parameter name="is.active">true</parameter>
</messageProcessor>
Build and run¶
Create the artifacts:
-
- Launch Visual Studio Code with the Micro Integrator for VS Code extension (MI for VS Code) installed.
Info
Follow the Install Micro Integrator for VS Code documentation for a complete installation guide.
-
Create an integration project.
- Create the proxy service, registry resource, local entry, in-memory message store, and message processor with the configurations given above.
- Deploy the artifacts in your Micro Integrator.
Set up the back-end service:
- Download the back-end service.
- Extract the downloaded zip file.
- Open a terminal, navigate to the
axis2Server/bin/
directory inside the extracted folder. -
Execute the following command to start the axis2server with the SimpleStockQuote back-end service:
sh axis2server.sh
axis2server.bat
The Micro Integrator is configured to enable WS-Security as per the policy specified by 'policy_1.xml' for the outgoing messages to the secured backend. The debug logs on the Micro Integrator shows the encrypted message flowing to the service and the encrypted response being received by the Micro Integrator.
The security policy file policy1.xml
can be downloaded from policy1.xml.
The security policy file URI needs to be updated with the path to the policy1.xml file.