Tuesday, January 7, 2014

WSO2 ESB supporting VFS transport with FTPS Protocol with File Encryption

WSO2 ESB supports vfs transports which is based on  the Apache Commons VFS implementation

WSO2 ESB supports many service level parameters in synapse configurations. Following are 3 service level parameters which you can use for protecting your files being transferred.

PASSIVE MODE

Passive mode is generally used in situations where the FTP server is not able to establish the data channel. One of the major reasons for this is network firewalls. While you may have a firewall rule which allows you to open up FTP channels to ftp.wso2.com, WSO2's servers may not have the power to open up the data channel back through your firewall. Passive mode solves this by opening up both types of channel from the client side.

IMPLICIT MODE

FTP over SSL (Implicit) Implicit security is a mechanism by which security is automatically turned on as soon as the FTP client makes a connection to an FTP server. In this case, the FTP server defines a specific port for the client (990, Can be change) to be used for secure connections.

And the other mode is explicit mode. Explicit security mechanism requires that the FTP client issues a specific command to the FTP server after establishing a connection to establish the secure (SSL) link. In explicit mode  the FTP client needs to send an explicit command ( i.e. "AUTH SSL" or "AUTH TLS") to FTP server to initiate a secure control connection.

PROT P

PROT P refers to the data transfers. Communication with the server is always encrypted if you use SSL/TLS. If PROT P isn't enforced, client could send PROT C and transfer files unencrypted. If PROT P is enforced, PROT C is rejected.


Using above 3 service level parameters you can establish a secure connection to transfer your files in FTP server using VFS protocol.

Following is a sample synapse configuration (proxy), which can be used to transfer files through WSO2 ESB.


<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="VFSSecureTransferProxy"
       transports="vfs"
       startOnLoad="true"
       trace="disable">
   <description/>
   <target>
      <inSequence>
         <log level="full"/>
         <drop/>
      </inSequence>
   </target>
   <parameter name="transport.PollInterval">1</parameter>
   <parameter name="transport.vfs.ActionAfterProcess">MOVE</parameter>
   <parameter name="transport.vfs.FileURI">vfs:ftps://{username}:{password}@{hostname/ip_address}:990/{source_filepath}?vfs.implicit=true&vfs.passive=true&vfs.protection=P</parameter>
   <parameter name="transport.vfs.MoveAfterProcess">vfs:ftps://{username}:{password}@{hostname/ip_address}:990/{destination_filepath}?vfs.implicit=true&vfs.passive=true&vfs.protection=P</parameter>
   <parameter name="transport.vfs.MoveAfterFailure">vfs:ftps://{username}:{password}@{hostname/ip_address}:990/{error_filepath}?vfs.implicit=true&vfs.passive=true&vfs.protection=P</parameter>
   <parameter name="transport.vfs.FileNamePattern">.*.xml</parameter>
   <parameter name="transport.vfs.ContentType">application/xml</parameter>
   <parameter name="transport.vfs.ActionAfterFailure">MOVE</parameter>
</proxy>






WSO2 ESB Removing full soap header using enrich mediator.

WSO2 ESB supports many mediators, and we can use them to achieve most of our use cases.

The following message template illustrates the structure of a SOAP Envelope:


<soap:Envelope   xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header> <!-- optional -->
    <!-- header blocks go here... -->
  </soap:Header>
  <soap:Body>
    <!-- payload or Fault element goes here... -->
  </soap:Body>
</soap:Envelope>



Even though soap header is optional, you might receive the soap envelop with soap headers. And you might need to remove the soap header element including <soap:Header></soap:Header> element.

You can achieve this by using enrich mediator and payload factory mediator.
We first extract the body from the soap envelop and assign it to a property using enrich mediator. Then we create an empty soap envelop using payload factory. At last enrich mediator is again used to put the soap body to soap envelop from the property.

          <enrich>
            <source type="body" clone="true"/>
            <target type="property" property="ORIGINAL_BODY"/>
         </enrich>

         <payloadFactory media-type="xml">
            <format>
               <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                  <soapenv:Body/>
               </soapenv:Envelope>
            </format>
            <args/>
         </payloadFactory>

         <enrich>
            <source type="property" clone="true" property="ORIGINAL_BODY"/>
            <target type="body"/>
         </enrich>