In this post, I would explain how WSM integration can be used to secure a composite and also how to invoke a secured composite/ webservice. In order to accomplish it, let's create 2 composite projects:
- Child Process (secured composite): This composite has a simple BPEL project that accepts a string and returns the same string with "Hello " appended.
- Parent Process (unsecured composite calling the Child Process): This composite has a BPEL process that accepts the string, invokes the Child Process passing the input string and returns the output from the Child Process back to the calling interface.
I am skipping the development of the child and parent processes/composites as it is very simple and will detail how to configure Policies as below:
- Child Process:
Step1: Go to composite.xml and right click on the Exposed Services and click "Configure WS Policies" as below:
Step2: You can configure the policy pipeline but for the sake of simplicity, I will only configure the Security using the "oracle/wss_username_token_service_policy" as shown below:
Step3: Deploy the composite and test it using the em console. Remember now the composite is secured and requires a username token as part of the SOAP Header as below:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
wsu:Id="UsernameToken-FvmfJSSMf71Q3Z9gn4chiQ22"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>weblogic</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">welcome1</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:ns1="http://xmlns.oracle.com/SecurityApplication_jws/ChildProcess/SecuredSvc">
<ns1:process>
<ns1:input>Neeraj</ns1:input>
</ns1:process>
</soap:Body>
</soap:Envelope>
Either modify the SOAP packet as above in the XML View or use the WSS UserName Token under Security configuration as below:
Parent Process:
Step 1: Go to composite.xml and right click on the External References (Child Process) and click on "Configure WS Policies". Select the "oracle/wss_username_token_client_policy" policy under security.
Step 2: Open the composite.xml in Source view and add the following properties under <reference> tag as below:
<reference name="SecuredBPEL"
:
:
<wsp:PolicyReference URI="oracle/wss_username_token_client_policy"
orawsp:category="security" orawsp:status="enabled"/>
<property name="weblogic.wsee.wsat.transaction.flowOption"
type="xs:string" many="false">WSDLDriven</property>
<property name="oracle.webservices.auth.username" type="xs:string"
many="false" override="may">weblogic</property>
<property name="oracle.webservices.auth.password" type="xs:string"
many="false" override="may">welcome1</property>
</binding.ws>
</reference>
Make sure the username and password is same as configured in the Weblogic Server.
Step3: Test the Parent process and it should be able to invoke the secured child process.
Few things to note:
1. All the above policy configurations can be done at runtime using the EM console without doing anything at the design time.
2. In the above example, we have hard-coded the username/password at development which should be made configurable as mentioned below:
- Go to EM console and right click on ParentProcess ->Service/Reference Properties -> PartnerLink -> Enter the username and password for the Child service in the below screen
8 comments:
I was looking for a simple example as here. Thanks for the Efforts :)
Good One
I did the same without adding the properties it works.
Any Idea why it works?
weblogic
password
Hi,
What about calling a web service that's not secured using ws-security but http authentication.
I can't even get jdeveloper to download the wsdl. It keeps raising a 401 unauthorized error.
jdeveloper fails to load the wsdl, it throws 401 unauthorised error.
How to configure a web service adapter for a wsdl protected by user name / password
That was simple n gud. Thanks
property name="oracle.soa.two.way.ssl.enabled"
Thanks, nice tips
Post a Comment