Securing an OSB Service with OWSM
- 08
- November
- 2013
- By Nits
- Best Practices, Design Patterns, ESB, Oracle, OSB, OWSM, SOAP, Web Services
- Comments Off on Securing an OSB Service with OWSM
In this post I will show how to secure a web service used by OSB ( Oracle Service Bus ) by authenticating it against an OWSM (Oracle Web Services manager) policy.
We will add a User Name Token service OWSM policy to secure the Proxy Service in OSB.
Below are steps in using a simple web service in OSB and applying it with OWSM policy.
oracle/wss_username_token_service_policy
- Firstly create a simple Java web service (or BPEL service) and deploy it to WebLogic server.
- Log into OSB console.
http://localhost:7001/sbconsole
OSB Business/Proxy services
The OSB project is firstly created, then the web service is imported into OSB. Following this is creating the OSB Business and Proxy Services.
Create Project
- Select Project Explorer.
- Project Explorer: press Projects link.
- Change Center section: press [Create] or [Edit].
- Projects screen. Enter new project name i.e. “OWSM-Demo” and press [Add Project].
- Change Center section: press [Activate] and submit details.
Import Web Service
- Change Center section: press [Create].
- Project Explorer: select “OWSM-Demo”
- Resources section: Create Resource field select: Bulk->Resources from URL.
- Load Resources wizard | Load Resources From URL screen: enter the following.
- URL/Path field: Enter the URL of the deployed web service i.e.
http://localhost:7001/OSB-OWSMTest-SimpleWS-context-root/validateCCPort?WSDL
- Resource Name field: “validateCC”
- Resource Type field: accept default ‘WSDL’
- Press [Next].
- URL/Path field: Enter the URL of the deployed web service i.e.
- Review Loaded Resources screen: accept defaults and press [Import].
- Change Center section: press [Activate] and submit details.
Create Business Service
- Change Center section: press [Create].
- Project Explorer: select “OWSM-Demo”
- From the Create Resources drop-down, select Business Service.
- Create a Business Service (OWSM-Demo/) wizard:General Configuration screen:
- Service Name field: enter “validateCardService”
- Description field: enter anything i.e. “Business Service to validate CC”
- Service Type section select ‘WSDL Web Service’ and press [Browse].
- Select a WSDL window: select wsdl validateCC and press [Submit]
- Select a WSDL definition: select entry in Port i.e. validateCCPort and press [Submit].
- WSDL Web Service field populates entries
- Press [Last] then [Save] in the Summary screen, and then activate changes.
Test Business Service
- Project Explorer: select “OWSM-Demo”
- Resources section: for the new Business service just created press the ‘Launch Test Console’ icon.
- Business Service Testing – validateCardService window: Request Document section: Modify the XML so it returns a valid value and press [Execute].
- The response will depend on the web service you are using. Since we are not testing OWSM policies at this stage there is no need to add any security in the header.
Create Proxy Service
- Change Center section: press [Create].
- Project Explorer: select “OWSM-Demo”
- From the Create Resources drop-down, select Proxy Service.
- Create a Proxy Service (OWSM-Demo/) wizard: General Configuration screen:
- Service Name field: enter “validateCardProxy”
- Description field: enter anything i.e. “Proxy Service to validate CC”
- Service Type section select ‘Business Service’ Press [Browse].
- Select Business Service window: select a business service i.e. “validateCardService” and press [Submit].
- Business Service field is populated with the selected business service.
- WSDL Web Service field populates entries.
- Press [Last] then [Save] in the Summary screen, and then activate changes.
Test Proxy
- Test the Proxy Service the same well the Business Service was tested by pressing the ‘Launch Test Console’ icon for the Proxy Service.
Secure the Proxy Service
Will provide authentication for the Proxy Service by adding OWSM policy i.e. oracle/wss_username_token_service_policy.
Add OWSM Policy
- Change Center section: press [Create].
- In the OWSM-DEMO project select the Proxy Service.
- View a Proxy Service screen: select Policies tab.
- Service Policy Configuration section: select OWSM Policy Bindings and expand proxy name i.e. validateCardProxy.
- Press [Add].
- Select OWSM Policy screen: select oracle/wss_username_token_service_policy and press [Submit].
- The OWSM policy is registered with the Proxy Service.
- Press [Update].
- Select Security tab
- Web Services Security Configuration section: Process WS-Security Header field: press [Yes].
- Press [Update] and activate changes.
Create a Keystore File
- Proceed to folder.
$WLS_HOME/user_projects/domains/<domain>/config/fmwconfig
- Run the following command to create the default keystore.
keytool -genkeypair -keyalg RSA -alias orakey -keypass welcome1 -keystore default-keystore.jks -storepass welcome1 -validity 3600
What is your first and last name?
[Unknown]: weblogic
What is the name of your organizational unit?
[Unknown]: Support
What is the name of your organization?
[Unknown]: Oracle
What is the name of your City or Locality?
[Unknown]: US
What is the name of your State or Province?
[Unknown]: US
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=weblogic, OU=Support, O=Oracle, L=US, ST=US, C=US correct?
[no]: yes
Configure Keystore Configuration in EM
- Log into EM and expand node Weblogic Domain.
- Right-click domain name and select Security | Security Provide Configuration.
- Security Provider Configuration screen: Expand Keystore.
- Press [Configure].
- Keystore Configuration screen: Add the following keystore information.
- Keystore Path: Do not need to change this since the default-keystore.jks file is in the fmwconfig directory.
- Password: welcome1
- Key Alias: orakey
- Signature Password: welcome1
- Crypt Alias: orakey
- Crypt Password: welcome1
- Save changes.
Configure Security Credentials in EM
- Still in EM, right-click domain name and select Security | Credentials.
- Credentials screen: expand/select oracle.wsm.security
- Press [Create Key].
- Create Key dialog: add the following.
- Map: oracle.wsm.security (default)
- Key: joe-key
- Type: Password
- User Name: joe (this will be the same username that will be used OSB console).
- Password: welcome1 (this will be the same password that will be used OSB console)
- Press [OK].
Add a User in OSB
- In OSB Console select Security Configuration | Users.
- Summary of Users screen: press [Add New].
- Create New User screen:
- User Name field: enter “joe”
- New Password/Confirm Password fields: “welcome1”.
- Press [Save]. The user “joe” will appear in list of users.
Test OWSM Policy in OSB
- Select Project Explorer | OWSM-Demo.
- Resources section: for the Proxy service, press the ‘Launch Test Console’ icon.
- Proxy Service Testing: Request Document section: Modify the XML so it returns a valid value.
- Security section: For the policy oracle/wss_username_token_client_policy, Override Value column: enter “joe-key”
- Press [Execute].
- The SOAP message will contain user name token information in security header, i.e.
<soapenv:Envelope xmlns:soapenv=”http://schemas.xmlsoap.org/soap/envelope/”>
<soap:Header xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/”>
<wsse:Security soap:mustUnderstand=”1″ xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”>
<wsse:UsernameToken wsu:Id=”UsernameToken-03reYQL1uSrzWfQ6tcjwkQ22″ xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd”>
<wsse:Username>joe</wsse:Username>
<wsse:Password Type=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText”>welcome1</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
Reference: Oracle Knowledge Base (Doc ID 1265548.1)
Related
Post Tagged with Proxy Service
Recent Posts
- 12.1.0.2 RAC Installation – Step by Step installation on VMware
- OSB FTP Poller continuously throwing exception – while no file pending on FTP Location
- Using JMS Transport with OSB
- Installing Spring Tool Suite and configuring Spring for a development PC
- Rest Enabling SOA using OSB in Oracle 12c
Recent Comments
- Nits on Installing Oracle SOA Suite 12c
- Rajesh Krishna on Installing Oracle SOA Suite 12c
- Nits on Installing Oracle SOA Suite 12c
- Rohinii on Installing Oracle SOA Suite 12c
- Mahitha on Oracle Service Bus (OSB) Development Best Practices.
Archives
- December 2015
- May 2015
- November 2014
- September 2014
- August 2014
- July 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- March 2013
- February 2013
- November 2012
- October 2012
- September 2012
- May 2012
- March 2012
- February 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- June 2011
- May 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- July 2010
- June 2010
- March 2010
- February 2010
- December 2009
- September 2009
- August 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- November 2008
- October 2008
- August 2008
- June 2008
- May 2008
Categories
- AIA
- AXIS2
- Best Practices
- BPEL
- BPM
- Budget
- Build
- Design Patterns
- ESB
- Hermes
- Hibernate
- Home Owners
- Java
- JMS
- JSR 168
- Maven
- Mediator
- Messaging
- Nitin
- OER
- OESB
- Oracle
- OSB
- OWSM
- Portlets
- SDLC
- Sequencing
- Singleton
- SOA
- SOAP
- Spring
- Struts
- UK
- Uncategorized
- Web Services
- WLST
Meta
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
To find out more, including how to control cookies, see here: Cookie Policy
Recent Posts
- 12.1.0.2 RAC Installation – Step by Step installation on VMware
- OSB FTP Poller continuously throwing exception – while no file pending on FTP Location
- Using JMS Transport with OSB
- Installing Spring Tool Suite and configuring Spring for a development PC
- Rest Enabling SOA using OSB in Oracle 12c
Recent Comments
- Nits on Installing Oracle SOA Suite 12c
- Rajesh Krishna on Installing Oracle SOA Suite 12c
- Nits on Installing Oracle SOA Suite 12c
- Rohinii on Installing Oracle SOA Suite 12c
- Mahitha on Oracle Service Bus (OSB) Development Best Practices.
Archives
- December 2015
- May 2015
- November 2014
- September 2014
- August 2014
- July 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- March 2013
- February 2013
- November 2012
- October 2012
- September 2012
- May 2012
- March 2012
- February 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- June 2011
- May 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- July 2010
- June 2010
- March 2010
- February 2010
- December 2009
- September 2009
- August 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- November 2008
- October 2008
- August 2008
- June 2008
- May 2008
Categories
- AIA
- AXIS2
- Best Practices
- BPEL
- BPM
- Budget
- Build
- Design Patterns
- ESB
- Hermes
- Hibernate
- Home Owners
- Java
- JMS
- JSR 168
- Maven
- Mediator
- Messaging
- Nitin
- OER
- OESB
- Oracle
- OSB
- OWSM
- Portlets
- SDLC
- Sequencing
- Singleton
- SOA
- SOAP
- Spring
- Struts
- UK
- Uncategorized
- Web Services
- WLST