Secure web service in WSO2 Application Server 5.3.0

Question

I'm trying to secure a axis2 web service in WSO2 Application Server 5.3.0 but the Unsecured/Secured link is disabled.

In version 5.0.0 i can click the Unsecured link in the services list or the Security link in the Service Dashboard > Quality of Service Configuration.

Do i need to install some feature/module to make security work in 5.3.0?
(the Quality of Service Configuration also doesn't appear in 5.3.0).

Answer 1

goncalvez. This config work for me, using WSO2 AS 5.3.0.

You need to go inside echo.aar/META-INF/service.xml and put this xml:

<service name="echo" serviceDocumentation="echo" exposedAllTransports="false" serviceDeployedTime="1386978405019" successfullyAdded="true" serviceActive="true" utEnabled="true">
    <operation name="echoStringArrays">
        <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <operation name="echoOMElement">
                    <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <operation name="echoInt">
        <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <operation name="throwAxisFault">
        <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <operation name="echoString">
        <module name="addressing" version="4.4.1" type="engagedModules"/>
        <module name="rampart" version="1.61-wso2v14" type="engagedModules"/>
    </operation>
    <bindings>
        <binding name="echoHttpBinding">
            <operation name="echoStringArrays"/>
            <operation name="echoOMElement"/>
            <operation name="echoInt"/>
            <operation name="throwAxisFault"/>
            <operation name="echoString"/>
            <policyUUID>UTOverTransport</policyUUID>
        </binding>
        <binding name="echoSoap11Binding">
            <operation name="echoStringArrays"/>
            <operation name="echoOMElement"/>
            <operation name="echoInt"/>
            <operation name="throwAxisFault"/>
            <operation name="echoString"/>
            <policyUUID>UTOverTransport</policyUUID>
        </binding>
        <binding name="echoSoap12Binding">
            <operation name="echoStringArrays"/>
            <operation name="echoOMElement"/>
            <operation name="echoInt"/>
            <operation name="throwAxisFault"/>
            <operation name="echoString"/>
            <policyUUID>UTOverTransport</policyUUID>
        </binding>
    </bindings>
 <wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">  
   <wsp:AppliesTo>  
     <policy-subject identifier="binding:soap11"/>  
     <policy-subject identifier="binding:soap12"/>  
   </wsp:AppliesTo>                 
            <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
                <wsp:ExactlyOne>
                    <wsp:All>
                        <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                            <wsp:Policy>
                                <sp:TransportToken>
                                    <wsp:Policy>
                                        <sp:HttpsToken RequireClientCertificate="false"/>
                                    </wsp:Policy>
                                </sp:TransportToken>
                                <sp:AlgorithmSuite>
                                    <wsp:Policy>
                                        <sp:Basic256/>
                                    </wsp:Policy>
                                </sp:AlgorithmSuite>
                                <sp:Layout>
                                    <wsp:Policy>
                                        <sp:Lax/>
                                    </wsp:Policy>
                                </sp:Layout>
                                <sp:IncludeTimestamp/>
                            </wsp:Policy>
                        </sp:TransportBinding>
                        <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                            <wsp:Policy>
                                <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
                            </wsp:Policy>
                        </sp:SignedSupportingTokens>
                    </wsp:All>
                </wsp:ExactlyOne>
                <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
                    <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
                    <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
                    <rampart:timestampTTL>300</rampart:timestampTTL>
                    <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
                    <rampart:timestampStrict>false</rampart:timestampStrict>
                    <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
                    <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
                </rampart:RampartConfig>
  <sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
     <sec:Authorization>
        <sec:property name="org.wso2.carbon.security.allowedroles">admin,sys-admin
        </sec:property>
     </sec:Authorization>
  </sec:CarbonSecConfig>                    
            </wsp:Policy>
         </wsp:PolicyAttachment>  
<transports> 
    <transport>https</transport> 
</transports>
<parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
 <module ref="rampart"/>
</service>

Answer 2

QoS Features are been removed from all the carbon kernel 4.4.x based products. Therefore you have to use the wso2 Developer studio or manually edit the services.xml file as @Jorge mentioned in order to apply the security for your axis2 service.

Sample service.xml with username policy would be like below

<service name="echo">
    <schema elementFormDefaultQualified="false"/>
    <description>
        This service echos the input provided to it.
    </description>
    <transports> 
        <transport>https</transport> 
        <transport>http</transport> 
    </transports>
    <parameter name="ServiceClass" locked="true">org.wso2.carbon.core.services.echo.Echo</parameter>
                <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
                    <wsp:ExactlyOne>
                        <wsp:All>
                            <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                                <wsp:Policy>
                                    <sp:TransportToken>
                                        <wsp:Policy>
                                            <sp:HttpsToken RequireClientCertificate="false"/>
                                        </wsp:Policy>
                                    </sp:TransportToken>
                                    <sp:AlgorithmSuite>
                                        <wsp:Policy>
                                            <sp:Basic256/>
                                        </wsp:Policy>
                                    </sp:AlgorithmSuite>
                                    <sp:Layout>
                                        <wsp:Policy>
                                            <sp:Lax/>
                                        </wsp:Policy>
                                    </sp:Layout>
                                    <sp:IncludeTimestamp/>
                                </wsp:Policy>
                            </sp:TransportBinding>
                            <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                                <wsp:Policy>
                                    <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
                                </wsp:Policy>
                            </sp:SignedSupportingTokens>
                        </wsp:All>
                    </wsp:ExactlyOne>
                    <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
                        <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
                        <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
                        <rampart:timestampTTL>300</rampart:timestampTTL>
                        <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
                        <rampart:timestampStrict>false</rampart:timestampStrict>
                        <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
                        <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
                    </rampart:RampartConfig>
 <sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
        <sec:Authorization>
            <sec:property name="org.wso2.carbon.security.allowedroles">admin</sec:property>
        </sec:Authorization>
    </sec:CarbonSecConfig>
                </wsp:Policy>
        <module ref="rampart"/>
</service>