Sample OAuth2 Profile Workflow

The profile has two routes that emulate a basic client-server infrastructure. These routes are:

  • This route emulates a back-end system that serves data (a static dummy 101 transaction) through an OAuth2-protected RESTful endpoint. All HTTP requests that come to this endpoint must carry a security token in the Authorization header to prove the request sender's identity, otherwise the request authorization fails.

    Route Structure

    Route Components Description

    Component Name Component Type Description
    Secured REST Inbound RESTful Web Service Inbound Receives HTTP requests sent to http://{YourHostName}:9108/server/. The RESTful Web Service that listens for HTTP requests on port 9108 uses the OAuth2 authorization type (see the Jetty tab of Restful Web Service Server) to authorize incoming HTTP requests.
    Secured Call REST Client Generates a response from the Velocity template.
    REST Out RESTful Web Service Outbound Returns a response to the caller.

  • This route acts as a secure proxy - the route receives HTTP requests from an external system (REST client) and for each request, makes a secure call to the server route with a security token attached that is required to pass authorization.

    Route Structure

    Route Components Description

    Component Name Component Type Description
    REST Inbound RESTful Web Service Inbound Receives HTTP requests sent to http://{YourHostName}:9108/client/ without any authorization.
    Secured Call REST Client Makes a request to the server route (http://localhost:9988/server/). The component uses the OAuth 2.0 authorization type to connect to the secure server's endpoint (see the Authorization tab on the component's settings).
    REST Out RESTful Web Service Outbound Returns the server route's response to the caller.