Wednesday, March 2, 2011

Securing SOA Composites/Services With OWSM Policies

Oracle Web Services Manages (OWSM) is an integral component of the SOA Infrastructure in SOA Suite 11g. It provides a policy-based, completely declarative way of implementing secure SOA applications. OWSM supports centrally managed generalized, standards-based policy management, attachment policies by providing policy management functions that are available through the Oracle Enterprise Manager (EM).

For the service that needs to be secured:

  1. Right click on the composite client, and  choose select the option Configure WS Policies.
  2. Click the + sign on the security tab and select security policy "wss_username_token_service_policy


3. Press OK and deploy the service. Alternatively, the service can also be secured from EM


 For the client that needs access the secured service:

The client side policies have to be attached to the client that needs to access the service
  1. Right click the  secured web. service component in the composite and choose the option to Configure WS Policies.
  2. Click the + sign on the security tab and select security policy "wss_username_token_client_policy.
  3. Create the binding properties  oracle.webservices.auth.username and oracle.webservices.auth.password for the user and password respectively
  4. The source code for the composite after the policy has been added will look like

<wsp:PolicyReference URI="oracle/wss_username_token_client_policy"
                           orawsp:category="security" orawsp:status="enabled"/>
      <property name="weblogic.wsee.wsat.transaction.flowOption"
                type="xs:string" many="false">WSDLDriven</property>
      <property name="oracle.webservices.auth.username" type="xs:string"
                many="false" override="may">username</property>
      <property name="oracle.webservices.auth.password" type="xs:string"
                many="false" override="may">passwd</property>


  5. Deploy the composites to test the services

For questions, comments and feedback  please contact:
 Harvinder Singh Saluja

4 comments:

  1. Nice post....need one clarification though...whats the username and password for the secured service and where has it been set

    ReplyDelete
  2. The username and password can be set in the CSF (Credential Store Framework) the CSF key should be defined in the composite.xml.
    Please read my post on CSF to dfine the Credential Store Framework.

    ReplyDelete
  3. Hi harvinder,

    can we add this CSF key in service side of compsite

    ReplyDelete
    Replies
    1. Yes, the CSF needs to be referred in the composite.xml Please read my post on CSF to dfine the Credential Store Framework.

      Delete

ForgeRock IAM : OpenDS (Open Directory Server). Importing LDIF files

The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the ...