Contact Free trial Login

Apply Operation Examples

The apply operation applies WSS information to a SOAP response according to the configuration specified in WssOutboundConfig.

Table 1. Parameters
Name M ES Default Value Type Description

response

Yes

No

-

TypedValue <InputStream>

SOAP response

version

No

Yes

SOAP_12

SoapVersion

SOAP version: SOAP_11 or SOAP_12

The output is a SOAP response that contains the header element <wsse:Security></wsse:Security>, resulting from applying the outbound configuration. The operation does not return any attributes.

Table 2. Errors
Namespace Type Parent Description

WSS

SECURITY_APPLYING

n.a.

Thrown when failing to apply WSS in the response

WSS

MISSING_CERTIFICATE

n.a.

Thrown when unable to get a certificate from either the trustStore or the keystore

Encrypt

Do not apply transformations to your message’s payload when performing cryptographic operations. Transform operations don’t exclude cryptographic signatures.

This example shows you how to apply encryption using a keystore:

Encyption Example
<wss:outbound-config name="encryption-config">
	<wss:encryption-config>
		<wss:keystore-config path="certificates/sign-keystore.jks"
password="mulepassword"
alias="muleclient"
keyPassword="mulepassword" />
	</wss:encryption-config>
</wss:outbound-config>

<flow name="OrderTshirtServiceFlow">
	<http:listener config-ref="HTTP-listener-config" path="/order" />
	<flow-ref name="OrderTshirtFlowImpl" />
	<wss:apply-wss config-ref="encryption-config" version="SOAP_12"/>
</flow>

Sign

Do not apply transformations to your message’s payload when performing cryptographic operations. Transform operations don’t exclude cryptographic signatures.

This exampe shows you how to sign a SOAP response using a keystore and the RSAwithSHA1 algorithm:

Signature Example
<wss:outbound-config name="sign-config">
	<wss:signature-config algorithm="RSAwithSHA1" >
		<wss:keystore-config path="certificates/sign-keystore.jks"
                            	password="mulepassword"
					alias="muleclient"
       	                    keyPassword="mulepassword" />
	</wss:signature-config>
</wss:outbound-config>

<flow name="OrderTshirtServiceFlow">
	<http:listener config-ref="HTTP-listener-config" path="/order" />
	<flow-ref name="OrderTshirtFlowImpl" />
	<wss:apply-wss config-ref="sign-config" version="SOAP_12"/>
</flow>

Encrypt and Sign a Certificate

Do not apply transformations to your message’s payload when performing cryptographic operations. Transform operations don’t exclude cryptographic signatures.

This example validates a signed request, saves the signing certificate, and uses it later in the apply-wss operation to sign the response:

Request Example
<soapenv:Envelope xmlns:ser="http://service.soap.service.mule.org/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ds:Signature Id="SIG-F8FAC4A91BEF76355615530303348205" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ser soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-F8FAC4A91BEF76355615530303348174"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ser" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>yLFLEkH4/MjYbZ4viZxjou9/4os=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>xxxxx+xxxxxxxxx==</ds:SignatureValue><ds:KeyInfo Id="KI-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"><wsse:SecurityTokenReference wsu:Id="STR-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=US</ds:X509IssuerName><ds:X509SerialNumber>1545521240</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soapenv:Header>
   <soapenv:Body wsu:Id="id-F8FAC4A91BEF76355615530303348174" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <ser:echo>
         <text>test</text>
      </ser:echo>
   </soapenv:Body>
</soapenv:Envelope>
Encyption Example
<wss:inbound-config name="validate-signature-config">
   <wss:verify-signature-config>
       <wss:truststore-config path="certificates/verify-signature-truststore.jks"
					password="mulepassword" />
   </wss:verify-signature-config>
</wss:inbound-config>

<wss:outbound-config name="encryption-without-keystore-config">
   <wss:encryption-config />
</wss:outbound-config>

<flow name="OrderTshirtServiceFlow">
	<http:listener config-ref="HTTP-listener-config" path="/order" />
	<wss:validate-wss config-ref="validate-signature-config" version="SOAP_12" />
	<flow-ref name="OrderTshirtFlowImpl" />
	<wss:apply-wss config-ref="encryption-without-keystore-config"
					version="SOAP_12" />
</flow>