Tuesday, January 7, 2014

WSO2 ESB supporting VFS transport with FTPS Protocol with File Encryption

WSO2 ESB supports vfs transports which is based on  the Apache Commons VFS implementation

WSO2 ESB supports many service level parameters in synapse configurations. Following are 3 service level parameters which you can use for protecting your files being transferred.

PASSIVE MODE

Passive mode is generally used in situations where the FTP server is not able to establish the data channel. One of the major reasons for this is network firewalls. While you may have a firewall rule which allows you to open up FTP channels to ftp.wso2.com, WSO2's servers may not have the power to open up the data channel back through your firewall. Passive mode solves this by opening up both types of channel from the client side.

IMPLICIT MODE

FTP over SSL (Implicit) Implicit security is a mechanism by which security is automatically turned on as soon as the FTP client makes a connection to an FTP server. In this case, the FTP server defines a specific port for the client (990, Can be change) to be used for secure connections.

And the other mode is explicit mode. Explicit security mechanism requires that the FTP client issues a specific command to the FTP server after establishing a connection to establish the secure (SSL) link. In explicit mode  the FTP client needs to send an explicit command ( i.e. "AUTH SSL" or "AUTH TLS") to FTP server to initiate a secure control connection.

PROT P

PROT P refers to the data transfers. Communication with the server is always encrypted if you use SSL/TLS. If PROT P isn't enforced, client could send PROT C and transfer files unencrypted. If PROT P is enforced, PROT C is rejected.


Using above 3 service level parameters you can establish a secure connection to transfer your files in FTP server using VFS protocol.

Following is a sample synapse configuration (proxy), which can be used to transfer files through WSO2 ESB.


<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="VFSSecureTransferProxy"
       transports="vfs"
       startOnLoad="true"
       trace="disable">
   <description/>
   <target>
      <inSequence>
         <log level="full"/>
         <drop/>
      </inSequence>
   </target>
   <parameter name="transport.PollInterval">1</parameter>
   <parameter name="transport.vfs.ActionAfterProcess">MOVE</parameter>
   <parameter name="transport.vfs.FileURI">vfs:ftps://{username}:{password}@{hostname/ip_address}:990/{source_filepath}?vfs.implicit=true&vfs.passive=true&vfs.protection=P</parameter>
   <parameter name="transport.vfs.MoveAfterProcess">vfs:ftps://{username}:{password}@{hostname/ip_address}:990/{destination_filepath}?vfs.implicit=true&vfs.passive=true&vfs.protection=P</parameter>
   <parameter name="transport.vfs.MoveAfterFailure">vfs:ftps://{username}:{password}@{hostname/ip_address}:990/{error_filepath}?vfs.implicit=true&vfs.passive=true&vfs.protection=P</parameter>
   <parameter name="transport.vfs.FileNamePattern">.*.xml</parameter>
   <parameter name="transport.vfs.ContentType">application/xml</parameter>
   <parameter name="transport.vfs.ActionAfterFailure">MOVE</parameter>
</proxy>






No comments:

Post a Comment