No
Webservice in real-world business applications is just exposed as it is,
Security is enabled inherently
Oracle
Fusion Middleware uses a policy-based model to manage and secure Web services
across an organization
Policies
apply security to the delivery of messages
Policies
can be managed by both developers in a design-time environment and system
administrators in a runtime environment
Below
are the steps to invoke a secured WebService from a BPEL Process
- Before we start, we have to know what is the security
policy imposed by the WebService. In this example, we are considering a
WebService that has oracle/wss_username_token_client_policy
- There are 2 ways of imposing security for services in
Oracle SOA Suite 11g
- Design Time
- Simply, rt click on the web service reference -->
Configure WS Policies --> Select the appropriate Policy
Please
note that you can select multiple policies at once, depending on the security
of the WebService
This
step adds the following snippet
<wsp:PolicyReference
URI="oracle/wss_username_token_client_policy"
orawsp:category="security" orawsp:status="enabled"/>
- Run Time
- The same could be done at runtime using Enterprise
Manager(EM)
Login
to EM --> rt click on soa_infra --> configure Policies --> select the
appropriate Policy
The
above step creates a 'Lock' icon on top of the web service reference as shown
above
- Open composite.xml, goto source view, find out the
reference tag in the file and add the following snippet which basically
tells that this particular reference is secured with so-and-so policy, and
these are the credentials for invoking the same
<property
name="oracle.webservices.auth.username" type="xs:string"
many="false"
override="may">admin</property>
<property
name="oracle.webservices.auth.password" type="xs:string"
many="false"
override="may">Welcome123</property>
This
will make sure the webservice is invoked using the provided credentials. And,
that’s it!
Hope
this gave you a clear understanding on invoking secured WebServices
Thanks
for reading, Please check the other blogs as well