No
Webservice in real-world business applications is just exposed as it is,
Security is enabled inherently
Oracle
Fusion Middleware uses a policy-based model to manage and secure Web services
across an organization
Policies
apply security to the delivery of messages
Policies
can be managed by both developers in a design-time environment and system
administrators in a runtime environment
Below
are the steps to invoke a secured WebService from a BPEL Process
- Before we start, we have to know what is the security policy imposed by the WebService. In this example, we are considering a WebService that has oracle/wss_username_token_client_policy
- There are 2 ways of imposing security for services in Oracle SOA Suite 11g
- Design Time
- Simply, rt click on the web service reference --> Configure WS Policies --> Select the appropriate Policy
Please
note that you can select multiple policies at once, depending on the security
of the WebService
This
step adds the following snippet
<wsp:PolicyReference
URI="oracle/wss_username_token_client_policy"
orawsp:category="security" orawsp:status="enabled"/>
- Run Time
- The same could be done at runtime using Enterprise Manager(EM)
Login
to EM --> rt click on soa_infra --> configure Policies --> select the
appropriate Policy
The
above step creates a 'Lock' icon on top of the web service reference as shown
above
- Open composite.xml, goto source view, find out the reference tag in the file and add the following snippet which basically tells that this particular reference is secured with so-and-so policy, and these are the credentials for invoking the same
<property
name="oracle.webservices.auth.username" type="xs:string"
many="false"
override="may">admin</property>
<property
name="oracle.webservices.auth.password" type="xs:string"
many="false"
override="may">Welcome123</property>
This
will make sure the webservice is invoked using the provided credentials. And,
that’s it!
Hope
this gave you a clear understanding on invoking secured WebServices
Thanks
for reading, Please check the other blogs as well
This comment has been removed by a blog administrator.
ReplyDeleteI am using 11.1.1.6.0 Jdeveloper. It is not allowing me to create the service reference with out connectinf the WSDL. To connect to the WDDL URL username / password is required. Once it appears in the composite as external reference then only I can apply the above.Not sure what I am doing wrong here
ReplyDeleteHi
DeleteYou can save the WSDL to local, create a reference out of it and use the above mentioned approach.
Hi
ReplyDeleteadd "?wsdl" to the end of the wsdl url and it will open without username and password.