WSO2 ESB - QoS Samples

Running the QoS addition and deduction samples with WSO2 ESB

Sample 100: Using WS-Security for outgoing messages

<definitions xmlns="http://ws.apache.org/ns/synapse">
    <localEntry key="sec_policy" src="file:repository/samples/resources/policy/policy_3.xml"/>

    <in>
        <send>
            <endpoint name="secure">
                <address uri="http://localhost:9000/services/SecureStockQuoteService">
                    <enableSec policy="sec_policy"/>
                    <enableAddressing/>
                </address>
            </endpoint>
        </send>
    </in>
    <out>
        <header name="wsse:Security" action="remove"
                xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
        <send/>
    </out>
</definitions>

Objective: Connecting to endpoints with WS-Security for outgoing messages

Prerequisites:

You may also need to download and install the unlimited strength policy files for your JDK before using Apache Rampart (e.g. see http://java.sun.com/javase/downloads/index_jdk5.jsp)

Start the Synapse configuration numbered 100: i.e. wso2esb-samples -sn 100
Start the Axis2 server and deploy the SecureStockQuoteService if not already done

Use the stock quote client to send a request without WS-Security. ESB is configured to enable WS-Security as per the policy specified by 'policy_3.xml' for the outgoing messages to the SecureStockQuoteService endpoint hosted on the Axis2 instance. The debug log messages on ESB shows the encrypted message flowing to the service and the encrypted response being received by ESB. The wsse:Security header is then removed from the decrypted message and the response is delivered back to the client, as expected. You may execute the client as follows:

ant stockquote -Dtrpurl=http://localhost:8280/

The message sent by ESB to the secure service can be seen as follows, when TCPMon is used.

POST http://localhost:9001/services/SecureStockQuoteService HTTP/1.1
Host: 127.0.0.1
SOAPAction: urn:getQuote
Content-Type: text/xml; charset=UTF-8
Transfer-Encoding: chunked
Connection: Keep-Alive
User-Agent: Synapse-HttpComponents-NIO

800
<?xml version='1.0' encoding='UTF-8'?>
   <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:wsa="http://www.w3.org/2005/08/addressing" ..>
      <soapenv:Header>
         <wsse:Security ..>
            <wsu:Timestamp ..>
               ...
            </wsu:Timestamp>
            <xenc:EncryptedKey..>
               ...
            </xenc:EncryptedKey>
            <wsse:BinarySecurityToken ...>
               <ds:SignedInfo>
               ...
               </ds:SignedInfo>
               <ds:SignatureValue>
               ...
               </ds:SignatureValue>
               <ds:KeyInfo Id="KeyId-29551621">
                  ...
               </ds:KeyInfo>
            </ds:Signature>
         </wsse:Security>
         <wsa:To>http://localhost:9001/services/SecureStockQuoteService</wsa:To>
         <wsa:MessageID>urn:uuid:1C4CE88B8A1A9C09D91177500753443</wsa:MessageID>
         <wsa:Action>urn:getQuote</wsa:Action>
      </soapenv:Header>
      <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-3789605">
         <xenc:EncryptedData Id="EncDataId-3789605" Type="http://www.w3.org/2001/04/xmlenc#Content">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
            <xenc:CipherData>
                <xenc:CipherValue>Layg0xQcnH....6UKm5nKU6Qqr</xenc:CipherValue>
            </xenc:CipherData>
         </xenc:EncryptedData>
      </soapenv:Body>
   </soapenv:Envelope>0

Sample 101: Reliable message exchange between ESB and the back-end server using WS-ReliableMessaging

<definitions xmlns="http://ws.apache.org/ns/synapse">

    <in>
        <RMSequence single="true" version="1.0"/>
        <send>
           <endpoint name="reliable">
              <address uri="http://localhost:9000/services/ReliableStockQuoteService">
                 <enableRM/>
                 <enableAddressing/>
              </address>
           </endpoint>
        </send>
    </in>
    <out>
        <header name="wsrm:SequenceAcknowledgement" action="remove"
                xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
        <header name="wsrm:Sequence" action="remove"
                xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
        <header name="wsrm:AckRequested" action="remove"
                xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
        <send/>
    </out>

</definitions>

Objective: Demonstrate the message exchange between ESB and the server using WS-ReliableMessaging (WS-RM)

Prerequisites:

Deploy the ReliableStockQuoteService in the sample Axis2 server by switching to the samples/axis2Server/src/ReliableStockQuoteService directory and running ant.

Start the sample Axis2 server on port 9000.

Start ESB with the sample configuration 101 (i.e. wso2esb-samples -sn 101).

In the above configuration, WS-RM is engaged to the endpoint using the <enableRM/> tag. It is possible to engage WS-RM to both Address and WSDL endpoints using this tag. In addition to the RM enabled endpoint, RMSequence mediator is specified before the send mediator. This mediator is used to specify the set of messages to be sent using a single RM sequence. In this sample it is specified as single message per sequence. It also specifies the version of the WS-RM to be used. Refer to the ESB configuration language documentation for more information about the RMSequence mediator. RM related SOAP headers are removed from the message in the out mediator as WS-RM message exchange happens only between the ESB and the server. Now run the sample client using the following command.

ant stockquote -Dsymbol=IBM -Dmode=quote -Daddurl=http://localhost:8280

You can observe the client output displaying the quote price for IBM as follows:

[java] Standard :: Stock price = $189.2521262517493

There is no difference to be observed between the normal message exchange and WS-RM enabled message exchange as far as client and server outputs are considered. But if you look at the wire level messages, you would observe additional WS-RM messages and WS-RM elements. ESB, the initiator of the RM sequence, first try to create a sequence by sending a message with CreateSequence element.

...
<soapenv:Body>
   <wsrm:CreateSequence xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm">
      <wsrm:AcksTo>
         <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
      </wsrm:AcksTo>
      <wsrm:Offer>
         <wsrm:Identifier>urn:uuid:546F6F33FB7D8BBE351179807372769</wsrm:Identifier>
      </wsrm:Offer>
   </wsrm:CreateSequence>
</soapenv:Body>
...

Sample Axis2 server responds to CreateSequence request with the following message:

...
<soapenv:Body>
   <wsrm:CreateSequenceResponse xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm">
      <wsrm:Identifier>urn:uuid:879853A6871A66641C1179807373270</wsrm:Identifier>
      <wsrm:Accept>
         <wsrm:AcksTo>
            <wsa:Address>http://localhost:9000/services/ReliableStockQuoteService</wsa:Address>
         </wsrm:AcksTo>
      </wsrm:Accept>
   </wsrm:CreateSequenceResponse>
</soapenv:Body>
...

Once the sequence is established, ESB sends the request to the server with the pre-negotiated sequence ID.

<soapenv:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing"
                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <wsa:To>http://localhost:9000/services/ReliableStockQuoteService</wsa:To>
        <wsa:MessageID>urn:uuid:DB9A5257B637DDA38B1179807372560712002-1515891720</wsa:MessageID>
        <wsa:Action>urn:getQuote</wsa:Action>
        <wsrm:Sequence xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm"
                       soapenv:mustUnderstand="1">
            <wsrm:Identifier>urn:uuid:879853A6871A66641C1179807373270</wsrm:Identifier>
            <wsrm:MessageNumber>1</wsrm:MessageNumber>
            <wsrm:LastMessage/>
        </wsrm:Sequence>
    </soapenv:Header>
    <soapenv:Body>
        <m0:getQuote xmlns:m0="http://services.samples/xsd">
            <m0:request>
                <m0:symbol>IBM</m0:symbol>
            </m0:request>
        </m0:getQuote>
    </soapenv:Body>
</soapenv:Envelope>

ESB keeps on sending above message till the server responds with a valid response message with 200 OK HTTP header. If the server is not ready with a response, it will respond with 202 Accepted HTTP header for all requests. Once the server is ready with a response it will send the response message with sequence ID as follows.

<soapenv:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing"
                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <wsa:MessageID>urn:uuid:879853A6871A66641C1179807373804</wsa:MessageID>
        <wsa:Action>http://services.samples/ReliableStockQuoteServicePortType/getQuoteResponse
        </wsa:Action>
        <wsa:RelatesTo>urn:uuid:DB9A5257B637DDA38B1179807372560712002-1515891720</wsa:RelatesTo>
        <wsrm:Sequence xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm"
                       soapenv:mustUnderstand="1">
            <wsrm:Identifier>urn:uuid:546F6F33FB7D8BBE351179807372769</wsrm:Identifier>
            <wsrm:MessageNumber>1</wsrm:MessageNumber>
            <wsrm:LastMessage/>
        </wsrm:Sequence>
        <wsrm:SequenceAcknowledgement xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm"
                                      soapenv:mustUnderstand="1">
            <wsrm:Identifier>urn:uuid:879853A6871A66641C1179807373270</wsrm:Identifier>
            <wsrm:AcknowledgementRange Lower="1" Upper="1"/>
        </wsrm:SequenceAcknowledgement>
    </soapenv:Header>
    <soapenv:Body>
        <ns:getQuoteResponse xmlns:ns="http://services.samples/xsd">
...

Now both ESB and the server are done with the actual message exchange. Then ESB sends a request to terminate the sequence as follows:

<soapenv:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing"
                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <wsa:To>http://localhost:9000/services/ReliableStockQuoteService</wsa:To>
        <wsa:MessageID>urn:uuid:546F6F33FB7D8BBE351179807379591</wsa:MessageID>
        <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence</wsa:Action>
        <wsrm:SequenceAcknowledgement xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm"
                                      soapenv:mustUnderstand="1">
            <wsrm:Identifier>urn:uuid:546F6F33FB7D8BBE351179807372769</wsrm:Identifier>
            <wsrm:AcknowledgementRange Lower="1" Upper="1"/>
        </wsrm:SequenceAcknowledgement>
    </soapenv:Header>
    <soapenv:Body>
        <wsrm:TerminateSequence xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm">
            <wsrm:Identifier>urn:uuid:879853A6871A66641C1179807373270</wsrm:Identifier>
        </wsrm:TerminateSequence>
    </soapenv:Body>
</soapenv:Envelope>

Server responds to the sequence termination message, accepting to terminate the sequence as follows.

<soapenv:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing"
                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <wsa:ReplyTo>
            <wsa:Address>http://localhost:9000/services/ReliableStockQuoteService</wsa:Address>
        </wsa:ReplyTo>
        <wsa:MessageID>urn:uuid:879853A6871A66641C1179807380190</wsa:MessageID>
        <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence</wsa:Action>
    </soapenv:Header>
    <soapenv:Body>
        <wsrm:TerminateSequence xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm">
            <wsrm:Identifier>urn:uuid:546F6F33FB7D8BBE351179807372769</wsrm:Identifier>
        </wsrm:TerminateSequence>
    </soapenv:Body>
</soapenv:Envelope>

Note that although each of above messages are separate SOAP messages, in most cases they will be exchanged in a single socket connection as HTTP Keep-Alive header is used.

Sample 102: Reliable message exchange between ESB and the back-end server using WS-ReliableMessaging 1.1

<definitions xmlns="http://ws.apache.org/ns/synapse">
    <in>
        <RMSequence single="true" version="1.1"/>
        <send>
            <endpoint name="reliable">
    		<address uri="http://localhost:9000/services/ReliableStockQuoteService">
	   	    <enableRM/>
		    <enableAddressing/>
                </address>
            </endpoint>
        </send>
    </in>
    <out>
        <header name="wsrm:SequenceAcknowledgement" action="remove"
                xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
        <header name="wsrm:Sequence" action="remove"
                xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
        <header name="wsrm:AckRequested" action="remove"
                xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
        <send/>
    </out>
</definitions>

Objective: Demonstrate the message exchange between ESB and the server using WS-ReliableMessaging 1.1 Specification (WS-RM).This sample is similar to sample 101 except it uses the RM 1.1 for the communication.

Prerequisites:

Deploy the ReliableStockQuoteService in the sample Axis2 server by switching to the samples/axis2Server/src/ReliableStockQuoteService directory and running ant.

Start the sample Axis2 server on port 9000.

Start ESB with the sample configuration 102 (i.e. wso2esb-samples -sn 102).

In the above configuration, WS-RM is engaged to the endpoint using the <enableRM/> tag. It is possible to engage WS-RM to both Address and WSDL endpoints using this tag. In addition to the RM enabled endpoint, RMSequence mediator is specified before the send mediator. This mediator is used to specify the set of messages to be sent using a single RM sequence. Also it specifies the RM version. In this sample it is specified as single message per sequence. It also specifies the version of the WS-RM to be used. Refer to the ESB configuration language documentation for more information about the RMSequence mediator. RM related SOAP headers are removed from the message in the out mediator as WS-RM message exchange happens only between the ESB and the server. Now run the sample client using the following command.

ant stockquote -Dsymbol=IBM -Dmode=quote -Daddurl=http://localhost:8280

You can observe the client output displaying the quote price for IBM as follows:

[java] Standard :: Stock price = $189.2521262517493

You can observer the set of messages exchnaged between ESB and back end service using a tool like TCPMon