Hi Alessio, The requirement mentioned is similar to the functionality provided by OAuth Mediator [1]. However this only works with WSO2 Identity Server.
For your purpose you can do the same by writing a custom mediator[2] or class mediator[3]. [1] https://docs.wso2.com/display/ESB481/OAuth+Mediator [2] https://docs.wso2.com/display/ESB481/Creating+Custom+Mediators [3] https://docs.wso2.com/display/ESB481/Class+Mediator Best Regards, Malaka On Thu, Jan 8, 2015 at 6:21 AM, Aliosha <[email protected]> wrote: > in my use case i have these 2 architectural configurations: > > 1) FrontEnd Client Application ---------------------------------> Services > Provider --- DB (tokens) > > 2) FrontEnd Client Application ----> WSO2 ESB 4.8.1 ----> Services > Provider --- DB (tokens) > > The only difference between 1 and 2 is the introduction of the WSO2 ESB > 4.8.1 mediating the client requests. > > For security purpose i developed an OAuth 2.0 module installed on the > client side and an OAuth 2.0 sever module on the Service Provider Side (). > > In the first configuration, the OAuthServer module produces the token > regularly and sends it the client side module which will use it for the > next requests for Services Provider Resources. The tokens are stored inside > a DB by the Service Provider. > > My question deals with the second configuration in which there is the WSO2 > ESB in the middle. > > I know that the OAuth token is appended to the client request url... so, > the behaviour i expected from the ESB is that the token would transparently > pass through the ESB reaching the Service Provider for accessing its > resources. > > Now... what can i do if i wanted to introduce an additional security level > in the WSO2 ESB? > > What i want is the ESB can validate the token before the request reach the > Service Provider. If the token is correct the request would be forwarded to > the Service Provider, on the contrary if the token is not validated, the > request flow is dropped by the ESB. > > Is it possible to implement such a configuration? How? > > > Regards. > > Alessio Orlando > -- Best Regards, Malaka Silva Senior Tech Lead M: +94 777 219 791 Tel : 94 11 214 5345 Fax :94 11 2145300 Skype : malaka.sampath.silva LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 Blog : http://mrmalakasilva.blogspot.com/ WSO2, Inc. lean . enterprise . middleware http://www.wso2.com/ http://www.wso2.com/about/team/malaka-silva/ <http://wso2.com/about/team/malaka-silva/> Save a tree -Conserve nature & Save the world for your future. Print this email only if it is absolutely necessary.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
