如何為 WSO2 EI 代理服務配置 HTTP 基本身份驗證 (How to Configure HTTP Basic Auth for WSO2 EI proxy service)

問題描述

如何為 WSO2 EI 代理服務配置 HTTP 基本身份驗證 (How to Configure HTTP Basic Auth for WSO2 EI proxy service)

我正在使用 WSO2 Enterprise Integrator 6.5.0（最新）

我需要通過代理服務（SOAP、REST）啟用 HTTP 基本身份驗證

我已嘗試以下資源‑ WSO2 EI 和 WSO2 開發人員‑ 使用 http 基本身份驗證設置 ESB 代理

<?xml version="1.0" encoding="UTF‑8"?>
<proxy name="ProxyWithBasicAuth" startOnLoad="true" trace="disable" transports="https" xmlns="http://ws.apache.org/ns/synapse">
    <target>
        <endpoint name="endpoint_urn_uuid_xxxxxxxx‑yyyy‑zzzz‑1111‑234567892345">
            <address trace="disable" uri="https://here.goes.the.uri.of.the.ws.endpoint"/>
        </endpoint>
        <inSequence>
            <property value="this_is_the_username" name="username" scope="default" type="STRING"/>
            <property value="this_is_the_password" name="password" scope="default" type="STRING"/>
            <property expression="fn:concat($ctx:username,':',$ctx:password)" name="credentials" scope="default" type="STRING"/>
            <property expression="fn:concat('Basic ', base64Encode($ctx:credentials))" name="Authorization" scope="transport" type="STRING" xmlns:ns="http://org.apache.synapse/xsd"/>
        </inSequence>
        <outSequence>
            <send/>
        </outSequence>
        <faultSequence/>
    </target>
</proxy>

但它不起作用？我期待當我發送錯誤的憑據時，

代理服務會給我錯誤？

以下是我發送請求的方式：[1]. However, if you need to enable HTTP Basic Auth with a proxy service, you will need to write the custom implementation to authenticate the user, as it is not supported by default from the ESB. One of the following approaches can be used to achieve your requirement.

1. Implement an API which is secured with Basic Auth and call the proxy service from that API. API handler implementation can be used to implement the authentication. Please refer [2] for API handler implementation.

2. Use a synapse handler to process the authentication prior to the proxy service invocation. Refer [3] for synapse handler implementation. handleRequestInFlow() method of the synapse handler will be called prior to the ESB proxy service. Therefore, we can have the custom authentication implementation within handleRequestInFlow() of the handler and allow/restrict the proxy calls.

1 ‑ https://docs.wso2.com/display/EI650/Applying+Security+to+a+Proxy+Service

2 ‑ https://docs.wso2.com/display/ESB481/Securing+APIs#SecuringAPIs‑BasicAuthUsingaBasicAuthhandler

3 ‑ https://docs.wso2.com/display/EI6xx/Working+with+Synapse+Handlers

方法 2:

Please refer to this. I think key should be corrected as Authorization instead of Proxy‑Authorization.

(by Iderkhangai.A、prabushi samarakoon、LW1)

參考文件

1. How to Configure HTTP Basic Auth for WSO2 EI proxy service (CC BY‑SA 2.5/3.0/4.0)