Secure WSO2 Data Services with Basic Auth

Here in this article Im going to describe how we can add basic auth authentication for a WSO2 Data Service.

We will be using wso2 developer studio(EI Tooling) for this task.

I have following project in my EI Tooling (Developer Studio). And I have my dataservice called test.dbs

project view

When I deploy it, It will be like below. Unsecured.

unsecured dataservice

Now we are going to create a ws-policy to secure the dataservice.

01. Write Click on your Registry project

02. Add new -> Registry Resource -> From existing Template

03. Select WS-Policy from templates, give the resource a name and a registry path to save.

adding new ws-policy to registry project

01. Open the policy you’ve just created(Double click on it). You should see something like below.

Policy editor in Developer Studio

02. Select UsernamToken and click on the ‘User Roles’ button.

03. Add user roles that you are planning to give access to the data service. Either you can add comma seperated values or you can retrieve existing roles from server by ticking “Get Roles from Server” and providing url and credentials of the server. Click OK once completed adding roles

Add follwoing lines to enable the security and point to the registry path of the ws-policy deployed in registry. This has to be added just before the end </data> tag.

<policy key="conf:security/DataService_secure_policy.xml"/><enableSec/>

My data service .dbs file looks like below now.

Add ws-policy to your CApp and deploy.

Now go to your management console and look at the dataservice. You should see that its been secured.

Now If you open try it service, you may see that its asking for username and password to invoke the data service.

If you are invoking it from other service, please make sure you add the Authorization header with value “Basic {base64 encoded username:password}” in your request.