Discover our knowledge. Read our blogs!

Learn more

We build all our solutions with WSO2 and we are proud that we are Platinum Value-Added Reseller of WSO2.

Learn more

How to create a secondary user store in WSO2 Enterprise Integrator

7 min read

How to create a secondary user store in WSO2 Enterprise IntegratorWSO2 Enterprise Integrator (WSO2 EI) is an Enterprise Service Bus that allows you to do mediation and transformation with regard to connecting systems that normally would not speak each other's language.

One system might accept SOAP, the other can only send REST. To bridge that gap the WSO2 EI is able to take a SOAP message and transform it into REST or vice versa. It uses the WSO2 Carbon core like most WSO2 products. While the user management does not play a major role in the WSO2 EI, there are situations where users can play a role.

The user management of the WSO2 EI is part of the WSO2 Carbon core and therefore supports all kinds of setups such as Active Directory, LDAP or regular JDBC database for storing users.

However, as mentioned, there are situations where having a secondary user store is necessary, for example to let users use a secure proxy with basic authentication. We typically store those users in a secondary user store to keep them separate from the WSO2 EI users, such as administrators and developers.

Let's start by defining the secondary user store. In this example, we are going to use a JDBC user store stored in a MySQL database called proxy users. We create a database using this command in the command line interface of my SQL:

create database proxyusers;

This will create a database and we can use one of the DB scripts to create the tables inside this service. The scripts that are in the DB script directory of the WSO2 Enterprise Integrator will create both user and registry tables as they are often combined in one database. In this case it’s not necessary, so we will make a copy of the script to create the databases that will only create the database with tables used for user management, so users and roles. We've deleted everything up to the comment about user manager tables, so every registry table is gone.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-1

We will run this script using the command:

use proxyusers;
source [fully_qualified_path_to_EI]/dbscripts/mysql_um.sql;

This creates the tables we need to create a secondary user store.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-2

We need to add the MySQL driver / JDBC connector to the WSO2 Enterprise Integrator in order to access the database, so when using an RDBMS, a JDBC connection is necessary. You can put the JAR file in the /lib directory of the WSO2 EI. A restart of the Enterprise Integrator is necessary since these our only loaded at startup.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-3

Let us a create a secondary user store in the Management user interface.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-4

As you can see, we define the Connection URL, Name and Password and Driver Name in the secondary user store. We select the JDBC User Store Manager.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-5

Let’s create a role and a user with the role in the secondary user store. We then assign the role to the user.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-6

I choose a user called Arthur Dent with a username ‘adent’. The password can be chosen at will, as long as it adheres to the regex in the user store definition.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-7

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-8

Create a simple proxy

Let us create a simple proxy, calling the echo service. We will not detail the steps to do that. Check out our blogs for more information or, better still, attend one of our (online) WSO2 trainings.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-9

This proxy will be secure with basic authentication from WS-Security. We also define a registry policy.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-10

Click on the user roles and add the user role to the policy.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-11

Go back the proxy and enable the security. This is done in the Security section of the proxy properties as shown below.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-12

In the source it looks like this.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-13

Let’s invoke the proxy to see if this works. We need to change to https://localhost:8243/services/SimpleProxy with basic authentication. The response is now with wsse:Security.

yenlo_blog_2020-08-20_create-secondary-user-store-in-wso2-ei_figure-14

As you have seen we can actually use a secondary user store for proxy security.

New Call-to-action

Care to share?
   
Picture of Rob Blaauboer
Published August 20, 2020

Rob Blaauboer

Rob is an Integration Consultant & WSO2 Trainer with more than twenty year experience. In addition to his work he is an active blogger working on a number of articles on the ‘Internet of Things’ and a WSO2 ‘Getting Started with …’ series (WSO2 tutorial) in which he talks about WSO2 components and their purpose especially aimed at non-technical readers. Rob is a WSO2 expert and official WSO2 trainer.

Responses

Stay up to date with the latest articles