Wednesday, October 12, 2011

OWSM policies to access secured web services from Oracle SOA

Oracle Fusion Middleware 11g Release 1 (10.3.x) products install a portability layer on top of
WebLogic Server that integrates Oracle Web Services Manager WS-Security policies into the WebLogic Server environment. This portability layer provides Oracle WSM WS-Security policies that  can be used to protect WebLogic Server JAX-WS Web services and Web service clients.
  • If you develop WebLogic Server JAX-WS Web services or clients that interact with SOA Composite Services, ADF Components, or WebCenter Services, then you should use the Oracle WSM WS-Security policies.
  • If you develop only WebLogic Server native Java JAX-WS Web services, then you should use WebLogic Server's WS-Security policies.

HTTP Basic authentication for composites calling secured services

  • Setup username and password on SOA

    • Weblogic Domain-->Base Domain--> Security-->Credentials 

  • Create a map

    •  Create key; basic.credentials and csf-key 

Modify composites calling secured services

  • Right click on the web services adapter in the composite and add the security policy

To use a custom key instead of csf-key, create a key test-key using enterprise manager

Change the composite and override the default key

For questions, comments and feedback  please contact:
 Harvinder Singh Saluja


  1. thx, for your post. How i can ovveride properties in EM-console?

  2. Thanks for your post, it was exactly I was looking for!

  3. I am new to Oracle SOA and using 11.1.6 Jdeveloper and I need to invoke a webservice with basic authentication, I am not able to see bring the reference from the SOA component palette to the composite as the WSDL I am giving fails to connect. If it appears in the composite then only i can add properties for username and password. Any hint in what I am doing wrong here..

  4. Hello Harvinder,

    For consuming the Web Services having OWSM policies attached, from Java client I am unable to locate any example without using SecurityPoliciesFeature Class from weblogic inbuilt jar.

    Suppose I have created webservice and applied OWSM policies X509 token with message protection and wanted my .net clients to consume it. In that scenario how do they consume the service? As every example is talking about create web service client in JDeveloper and it generates class using SecurityPoliciesFeature. I want to consume OWSM secured web services without any dependencies on Weblogic client jar's and such things. Please suggest.


ForgeRock: Open AM. Install Open AM 5.5 with Tomcat 8.0 - Part 1- Install Tomcat

This BLOG thread discusses on steps to install and configure Open AM 5.5 with Tomcat 8.0. Install Tomcat. You can always find the l...