Currently we have web-services built up so that everyone (with valid service account) can turn to their methods and request sensible information from our internal network through public web. How can we apply method based security for our web services so that the methods are protected? Some of our web services contain up to 20 methods in them and they should be protected individually.
WSO2 ESB utilizes Apache Rampart as the web service security engine. Rampart doesn't support method level security policies. Therefor you cannot define such a policy for a single service. The possible approach is to create a proxy service at ESB for every method at the backend service. Then you will ended up with 20 proxy services in the ESB for 20 methods in the backend service. Now you can secure each proxy services with different security policies. Then your 20 methods are protected individually at another layer.