Maeglin The more you describe your scenario, the more I wonder if our API Manager wouldn't be more appropriate: http://wso2.com/products/api-manager/
We don't use client certs in that case, but OAuth2 tokens. Take a look. To solve what you've asked you can simply to a dblookup call against the MySQL and then filter/drop based on the results. Paul On 6 September 2012 07:24, Maeglin Vardamir <[email protected]> wrote: > Hi all, > > I also got another case. Now I have the Common Name from HTTP Header. How > can I set up rules to forward/reject the request to the backend web service? > I means maybe I set the rules in the mysql like below > > CN Legal > Client1 False > Client2 True > > May I setup those rules via WSO2 ESB (Carbon Server?) and store them into > mysql? Or I need WSO2 IS? How to do that? > > Thanks, > Bin > > > On Thu, Sep 6, 2012 at 2:18 PM, Maeglin Vardamir <[email protected]> wrote: > >> Hi Paul, >> >> Thanks for you information. I also googled that page. It is helpful. >> >> Regards, >> Bin >> >> >> On Mon, Sep 3, 2012 at 7:47 PM, Paul Fremantle <[email protected]> wrote: >> >>> Bin >>> >>> In that case its really easy. >>> >>> This blog shows how to read those headers in the ESB and then you can >>> simply write a filter mediator or router to send the message to the right >>> place: >>> >>> >>> http://warunapw.blogspot.co.uk/2011/11/how-to-read-http-headers-through.html >>> >>> Paul >>> >>> >>> On 3 September 2012 08:27, Maeglin Vardamir <[email protected]> wrote: >>> >>>> Hi Paul, >>>> >>>> Yes. You are right. I did customize my reverse proxy to store CN in >>>> http header. >>>> >>>> Regards, >>>> Bin >>>> >>>> >>>> On Mon, Sep 3, 2012 at 2:26 PM, Paul Fremantle <[email protected]> wrote: >>>> >>>>> Hi >>>>> >>>>> Is the reverse proxy part of the WSO2 ESB config or a separate server >>>>> instance? >>>>> >>>>> I'm not sure this is possible to do if you have a reverse proxy in the >>>>> way, because the reverse proxy will terminate the SSL connection and the >>>>> SSL connection coming into the WSO2 ESB will just be the reverse proxies >>>>> connection. If the client connects directly to the WSO2 ESB its possible >>>>> to >>>>> do what you want. If you must have a reverse proxy then you need a way of >>>>> getting the CN from the reverse proxy to the WSO2 ESB (e.g. you could add >>>>> it into an HTTP header). But this only works if you can customize the >>>>> reverse proxy. >>>>> >>>>> Paul >>>>> >>>>> On 3 September 2012 03:13, Maeglin Vardamir <[email protected]> wrote: >>>>> >>>>>> Hello there, >>>>>> >>>>>> Here is my case. >>>>>> >>>>>> Client-------->Reverse Proxy-------->WSO2ESB proxy >>>>>> service------->Backend webservices >>>>>> https https >>>>>> https >>>>>> >>>>>> I got several clients which connected the backend web service through >>>>>> https connection. I have a local CA service to deliver certificates to >>>>>> client, Reverse Proxy, Receiver and Sender of proxy service and backend >>>>>> apache. >>>>>> For now, I can get response from web service after making some >>>>>> changes to configuration files. >>>>>> >>>>>> But I want more features. I want to re-direct request to different >>>>>> endpoint according Common Name of the client's certificate. >>>>>> >>>>>> For example, I got one client. And I had two certificate for it to do >>>>>> testing. One common name is Client1, the other one is Client2. The client >>>>>> sent request to https://wso2esb_server:8243/services/echo. The >>>>>> WSO2ESB proxy service would re-direct request to >>>>>> https://backend1/services/echo if Common Name of the client's >>>>>> certificate is Client1. Otherwise, re-direct the request to >>>>>> https://backend2/services/echo. >>>>>> >>>>>> Is it doable? How to do that? Any suggestion would be welcomed. >>>>>> >>>>>> Regards, >>>>>> Bin >>>>>> >>>>>> _______________________________________________ >>>>>> User mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/user >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Paul Fremantle >>>>> CTO and Co-Founder, WSO2 >>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>>> >>>>> UK: +44 207 096 0336 >>>>> US: +1 646 595 7614 >>>>> >>>>> blog: http://pzf.fremantle.org >>>>> twitter.com/pzfreo >>>>> [email protected] >>>>> >>>>> wso2.com Lean Enterprise Middleware >>>>> >>>>> Disclaimer: This communication may contain privileged or other >>>>> confidential information and is intended exclusively for the addressee/s. >>>>> If you are not the intended recipient/s, or believe that you may have >>>>> received this communication in error, please reply to the sender >>>>> indicating >>>>> that fact and delete the copy you received and in addition, you should not >>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>> contained in this communication. Internet communications cannot be >>>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>>> accept liability for any errors or omissions. >>>>> >>>>> >>>> >>> >>> >>> -- >>> Paul Fremantle >>> CTO and Co-Founder, WSO2 >>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>> >>> UK: +44 207 096 0336 >>> US: +1 646 595 7614 >>> >>> blog: http://pzf.fremantle.org >>> twitter.com/pzfreo >>> [email protected] >>> >>> wso2.com Lean Enterprise Middleware >>> >>> Disclaimer: This communication may contain privileged or other >>> confidential information and is intended exclusively for the addressee/s. >>> If you are not the intended recipient/s, or believe that you may have >>> received this communication in error, please reply to the sender indicating >>> that fact and delete the copy you received and in addition, you should not >>> print, copy, retransmit, disseminate, or otherwise use the information >>> contained in this communication. Internet communications cannot be >>> guaranteed to be timely, secure, error or virus-free. The sender does not >>> accept liability for any errors or omissions. >>> >>> >> > -- Paul Fremantle CTO and Co-Founder, WSO2 OASIS WS-RX TC Co-chair, VP, Apache Synapse UK: +44 207 096 0336 US: +1 646 595 7614 blog: http://pzf.fremantle.org twitter.com/pzfreo [email protected] wso2.com Lean Enterprise Middleware Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ User mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/user
