I am experimenting with WSO2 ESB to secure by REST APIs, by following this approach: https://docs.wso2.com/display/ESB480/Securing+REST+APIs
My API configuration:
<?xml version="1.0" encoding="UTF-8"?>
<api xmlns="http://ws.apache.org/ns/synapse"
name="Test"
context="/test">
<resource methods="GET">
<inSequence>
<log level="full">
<property name="STATUS" value="***** REQUEST HITS IN SEQUENCE *****"/>
</log>
<send>
<endpoint>
<http method="get" uri-template="http://localhost:8080/document"/>
</endpoint>
</send>
</inSequence>
</resource>
<handlers>
<handler class="org.wso2.handler.SimpleOauthHandler"/>
</handlers>
</api>
When I remove the handler section, I can see my service being invoked. But when I include the ouath handler, I can see my WSO2 Identity Server receiving the token validation call but the response from ESB is always HTTP 202.
curl -v -X GET -H "Authorization: Bearer UQFffmYViFDxTHfCLOwDpjcX3qXZYQuiJ8EgJ_m-F1V7JTgqb6lbyA8QMT3" http://localhost:8285/document
> GET /document HTTP/1.1
> User-Agent: curl/7.33.0
> Host: 192.168.2.162:8285
> Accept: */*
> Authorization: Bearer UQFffmYViFDxTHfCLOwDpjcX3qXZYQuiJ8EgJ_m-F1V7JTgqb6lbyA8QMT3
>
< HTTP/1.1 202 Accepted
< Date: Fri, 10 Apr 2015 20:44:57 GMT
* Server WSO2-PassThrough-HTTP is not blacklisted
< Server: WSO2-PassThrough-HTTP
< Transfer-Encoding: chunked
Any pointers on what am I missing or how I can debug would be appreciated.
Thank you.
