Advertisements



Service Bus 12c – Securing Proxy Services

Security is one of the main aspects while developing any service and is no different from our regular web applications. Also services are reusable and can be invoked by either internal or external customers, so you should consider securing your Service Bus Proxy Services so that only valid users can invoke.

Service Bus is completely integrated with Oracle Webservices Manager (OWSM) that provides several out of the box security policies. You can use any of these OWSM policies to secure your Proxy Services based on requirements. Here in this post, you will use oracle/wss_username_token_service_policy policy to secure Proxy Service.

As a first step, you need to create users who can invoke the service. Typically an Organization will have users in LDAP directory and you have to configure one of the Authenticators in Weblogic server to access LDAP for authentication purpose. This configuration will not be discussed here in this post.

Creating User:

Login to Admin Console and click Security Realms in Domain Structure.

clip_image002

Click myrealm as shown below.

clip_image004

Navigate to Users by clicking on Users and Groups tab.

clip_image005

Click New and enter credentials as shown below.

clip_image007

Click OK. Observe that new user has been created which  can be used to invoke Proxy Service.

clip_image009

Attaching OWSM Policy:

Open your Proxy Service. Navigate to Policies tab and select option as shown below.

clip_image011

Click + icon in Security section and select policy oracle/wss_username_token_service_policy.

clip_image013

Click OK and observe that selected policy is shown up in Security section.

clip_image015

You can also attach OWSM policies to Proxy Service in sbconsole. Launch sbconsole and create a new session. Navigate to All Projects –> <<your project>> and open the Proxy service to bring up a new tab as shown below.

clip_image017

Click Security and choose the option as shown below.

clip_image019

Click Attach Policies icon (highlighted above) and select the policy as shown below and click Attach.

clip_image021

Click OK and observe that selected policy is shown up as shown below.

clip_image023

Save your changes in current tab and activate the session.

clip_image024

Testing

You can use SOAP UI for testing. Create a test suite in SOAP UI using your proxy service WSDL. Refer to http://soapui.org for any additional help.

Open request editor for any of your Proxy Service operations and paste the following in SOAP header. This represents the WS-Security header and is expected by OWSM policy i.e. attached to Proxy Service. You can observe username and password fields below.

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"&gt;

<wsse:UsernameToken>

<wsse:Username>UNAME1</wsse:Username>

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Welcome1</wsse:Password&gt;

</wsse:UsernameToken>

</wsse:Security>

clip_image026

Test using wrong credentials and observe the output showing security error.

clip_image028

Test using credentials created in previous section and observe the output.

clip_image030

clip_image032

Advertisements

6 Responses to “Service Bus 12c – Securing Proxy Services”


  1. 1 Anonymous May 30, 2017 at 7:11 PM

    Great work man

  2. 2 Dinesh Patel April 7, 2017 at 1:24 AM

    Siva, Nice Article,
    Is there any way to get ride of the stack trace in the response and pass nicer Fault Message.

  3. 4 Anonymous February 14, 2016 at 7:18 PM

    Thank you for this good article


  1. 1 Service Bus 12c – Series of Articles by Siva | SOA Community Blog Trackback on February 19, 2015 at 12:20 PM
  2. 2 Service Bus 12c – Series of Articles | Siva's Blog Trackback on October 30, 2014 at 1:33 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Advertisements

Pages

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 349 other followers

Enter your email address to follow this blog and receive notifications of new posts by email.