Web Service Security Header Authentication with Database using Datapower

How to do WS Security Header Authentication with a Database Using Datapower. This cannot be done using the AAA action in a policy but a custom stylesheet can be used.

The first step of the stylesheet is to extract the WS Security Header and assigning both the username and password to the variable.

<xsl:variable name=”aQuote”>'</xsl:variable>
<xsl:variable name=”dataSource” select=”‘TestDataSource'” />
<xsl:variable name=”Username”
select=”/*[local-name()=’Envelope’]/*[local-name()=’Header’]/*[local-name()=’Security’]/*[local-name()=’UsernameToken’]/*[local-name()=’Username’]” />
<xsl:variable name=”Password”
select=”/*[local-name()=’Envelope’]/*[local-name ()=’Header’]/*[local-name()=’Security’]/*[local-name()=’UsernameToken’]/*[local-name()=’Password’]” />

The second step is to build the SQL statement with the newly created variables.

<xsl:variable name=”count_sql”
select=”concat(‘select count(*) from ADMINISTRATOR.USER_REG where USER_NAME=’,$aQuote,$Username,$aQuote,’ and PASSWORD=’,$aQuote,$Password,$aQuote)” />
<xsl:variable name=”sql-output”
select=”dp:sql-execute($dataSource,$count_sql)” />

The Third step is to check if the SQL output product one successful match

<xsl:message dp:type=”sql” dp:priority=”debug”>
sql-output: <xsl:value-of select=”$sql-output” />
<xsl:variable name=”recordCount” select=”$sql-output/sql/row/column/value” />
<!– <xsl:when test=”$sql-output = ‘1’”> –>
<xsl:when test=”count($recordCount) > 0″>
<login-msg>Successful Login!!!</login-msg>
<login-msg>Failed Login!!!</login-msg>

2 thoughts on “Web Service Security Header Authentication with Database using Datapower

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s