Securing Mashups
The Mashup Server allows users to secure their mashups using WS-Security. All the complexities of WS-Security are hidden under the covers so that users can apply security scenarios of their mashups with ease. Once a security scenario is applied the corresponding WSDL of that mashup will display the WS-Security policy that has been engaged on that mashup. Hence consumers of this mashup will be able to consume your secured mashup by processing the information available in the WSDL.
Securing mashups deployed on the Mashup Server can be done by visiting the dashboard of the mashup service. There is a link named "Security" under "Quality of Service Configuration" section on the service dashboard. When you use WSO2 Mashup Server in production, it is strongly recommended that you change the default keys that are shipped with it. Please refer the Changing Keys section for setting up private keys.
Applying Security Scenarios
The Security Scenarios page lists the security scenarios that can be applied to a mashup. The Mashup Server ships with 15 most commonly used security scenarios which can be applied into a mashup by selecting the desired scenario and clicking "Next". By default any mashup is unsecured.
Some of the security scenarios listed above will require the user to specify the users and roles that are authorized to access the service. These are the security scenarios that involve Username Token Authentication. When such a scenario is applied you will be prompt with a list of available users and roles.
Providing access to the "admin" role would mean that any user in the Mashup Server registered under admin user group will be able to access this service.
NOTE: The generated stub provides facilities to access mashups secured using "UsernameToken" while the WSRequest host object provides facilities to access any secured mashup.