Search code examples

WSO2 EI and WSO2 Developer - Setup an ESB Proxy with http basic authentication

I'm using WSO2 EI 6.3.0 and WSO2 Developer Studio 3.8.0.
I'm working with an ESB Project and a Proxy Service inside it.

The Proxy service is a simple pass through service; it receives a request from a webapp and forward it to a Soap Web Service, gets the response from the WS and gives it back to the web app.

I realized this configuration following this tutorial:

The setup is very simple, everything worked fine until I found a web service whose endpoint has http basic authentication.

I made it work thanks to this article:

Here follows the xml that describes the proxy service:

<?xml version="1.0" encoding="UTF-8"?>
<proxy name="ProxyWithBasicAuth" startOnLoad="true" trace="disable" transports="https" xmlns="">
        <endpoint name="endpoint_urn_uuid_xxxxxxxx-yyyy-zzzz-1111-234567892345">
            <address trace="disable" uri=""/>
            <property value="this_is_the_username" name="username" scope="default" type="STRING"/>
            <property value="this_is_the_password" name="password" scope="default" type="STRING"/>
            <property expression="fn:concat($ctx:username,':',$ctx:password)" name="credentials" scope="default" type="STRING"/>
            <property expression="fn:concat('Basic ', base64Encode($ctx:credentials))" name="Authorization" scope="transport" type="STRING" xmlns:ns="http://org.apache.synapse/xsd"/>

So, this configuration (xml file) is working, but I wrote all the section that enables basic auth without using any visual or drag and drop element of the gui.

My questions are:
1) is this the right way to setup basic auth on a proxy service?
2) is there any gui (drag and drop) element that allows to do this setup visually?

Note: I do not need to struggle with basic authentication between "clients" and the ESB Proxy Service; this question is about basic authentication between ESB Proxy Service and an "external" web service.


  • What you have done is correct. To invoke a service secured with Basic Auth, we just have to set the Authorization header to the message. You could use Header Mediator[1] or the Property mediator (as you have already used) to do that. There is no special Mediator (or a GUI element in the Tool) specifically designed for setting the Authorization header.

    Btw, you could consider storing passwords in the secure-vault[2] rather than having it in plain text in the Synapse configuration.

    [1] [2]