Invoking ws-secured (username token) service from WSO2 API Manager

In this blog post I'm going to talk about a usecase scenario where I want to invoke a ws-secured web service (username token) via WSO2 API Manager. For the demonstration purposes I use WSO2 DSS to create a ws-secured web service. Here are the steps

1. Download WSO2 APIManager (at the moment 1.7.0) and WSO2 DSS (at the moment 3.2.2)
2. Extract two products zip files. As both products run in the same machine, change the port offset in either of the instance. Here I'm going to do that change in DSS instance. For that edit the carbon.xml (in $SERVER_ROOT/repository/conf) and change the following in the DSS.

<Offset>0</Offset>
to
<Offset>1</Offset>

3. Run the ant script in the DSS samples
4. Start both servers
5. In the DSS server the sample dataservices should be now deployed. Secure the "samples/ResourcesSample" dataservice with username token ws-security policy.

6. Try to invoke the following REST URL with username and password as 'admin'

https://localhost:9444/services/samples/ResourcesSample/products

7. Create an API from API Manager. Go to API publisher and add an API

8. Give the ws-secured service as the endpoint

9. Click on 'Show More Options' link and select 'Secured' from drop down and give admin as credentials.

10. Publish the API. In the API store subscribe to the API and invoke the API with the necessary authorization access token. You will be able to see the result.