WS-Security and custom header encryption in SOAP request header, in proxy server like Mule ESB.

What is this solution about?
1. If you are trying to access SOAP based webservice.
2. If WSSE:Security header is required in SOAP request for authentication.
3. If custom headers are added to request.
4. If encryption and digital signing needs to be performed at proxy server like Mule ESB, through which SOAP request is passed to webservice.


Solution -

1. Generate request xml from client-side and send it to mule proxy server.
2. From client-side code, request would be generated along with custom headers added into header of stub.
3. In mule config, out-interceptor for Web Service Security in Mule, WSS4JInterceptor,
would be configured to add Security header into request
that would do encryption and digital signing, as configured.
4. Add following configuration [flow] in mule-config.xml

5. You need to configure values like [inbound.url], [wsdl.url], [service.name], [service.namespace], [signature.user] in property file used for your mule flows.
Please note:
We need signature.user and corresponding password through callback code to authenticate through https service.
here assumption is that reader can work on mule flows, configure https out-endpoint and use WSS4JInterceptor to authenticate through https out-endpoint.
Moving on to next step..

6. Add new property file ws-security.properties with following key-values.

These Merlin values would be used by interceptor to read your keystore
(This can be JKS generated by you for testing or keystore containing certificate provided by service provider),
encrypt, digitally sign and consolidate everything into wsse:security header.

Most important part for solution is, that we are discussing is to encrypt custom header.
In solution (point 4), check value injected for [signatureParts] key.
Here we provide list of elements to interceptor that we need to encrypt and digitally sign.
In our case, we need to encrypt custom headers added in request.
We need to mention semi-colon separated list of values - {what-type}{namespace}{name}.
Interceptor would read these elements from request and it would exception out if no such element found in request.

Leave a Reply

Your email address will not be published. Required fields are marked *