Service Bus 12c – Securing Proxy Services

Security is one of the main aspects while developing any service and is no different from our regular web applications. Also services are reusable and can be invoked by either internal or external customers, so you should consider securing your Service Bus Proxy Services so that only valid users can invoke.

Service Bus is completely integrated with Oracle Webservices Manager (OWSM) that provides several out of the box security policies. You can use any of these OWSM policies to secure your Proxy Services based on requirements. Here in this post, you will use oracle/wss_username_token_service_policy policy to secure Proxy Service.

As a first step, you need to create users who can invoke the service. Typically an Organization will have users in LDAP directory and you have to configure one of the Authenticators in Weblogic server to access LDAP for authentication purpose. This configuration will not be discussed here in this post.

Creating User:

Login to Admin Console and click Security Realms in Domain Structure.


Click myrealm as shown below.


Navigate to Users by clicking on Users and Groups tab.


Click New and enter credentials as shown below.


Click OK. Observe that new user has been created which  can be used to invoke Proxy Service.


Attaching OWSM Policy:

Open your Proxy Service. Navigate to Policies tab and select option as shown below.


Click + icon in Security section and select policy oracle/wss_username_token_service_policy.


Click OK and observe that selected policy is shown up in Security section.


You can also attach OWSM policies to Proxy Service in sbconsole. Launch sbconsole and create a new session. Navigate to All Projects –> <<your project>> and open the Proxy service to bring up a new tab as shown below.


Click Security and choose the option as shown below.


Click Attach Policies icon (highlighted above) and select the policy as shown below and click Attach.


Click OK and observe that selected policy is shown up as shown below.


Save your changes in current tab and activate the session.



You can use SOAP UI for testing. Create a test suite in SOAP UI using your proxy service WSDL. Refer to for any additional help.

Open request editor for any of your Proxy Service operations and paste the following in SOAP header. This represents the WS-Security header and is expected by OWSM policy i.e. attached to Proxy Service. You can observe username and password fields below.

<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=""&gt;



<wsse:Password Type="">Welcome1</wsse:Password&gt;




Test using wrong credentials and observe the output showing security error.


Test using credentials created in previous section and observe the output.




11 Responses to “Service Bus 12c – Securing Proxy Services”

  1. 1 sai siva ramabhadra raju Tirumalraju August 27, 2018 at 9:17 PM

    Thanks Siva for the post, is there any other way to send the username/password. we don’t want to include the password in the payload.
    what other options we have to secure webservices apart from OWSM policies.


  2. 2 Asad June 20, 2018 at 12:21 PM

    Hey, when i try to attach a client policy to Business Service, it doesnt take any impact… the policy is not passed to the called webservice and i get the resooonse “Attentication requried” exactly similar to case when there is no policy attached at all

    • 3 svgonugu June 21, 2018 at 9:21 AM

      just adding the policy will not work, you should be using credentials from credential store or add the policy to proxy service. Get authenticated at proxy service and make sure same user is propagated to business service as well.

  3. 4 Anonymous January 22, 2018 at 12:27 PM

    Hi Siva,

    Thank you for the post.!!

    Could you please explain us , how to authorize the users to access specific proxy service

    For example ,there are two users 1.UserA and 2. UserB defined in Security reamls, so in this case either of the credentials can be used to execute the proxy service, but in my case i need only userB to access the proxy Service, for this we have to login to SBconsole and under security there will be ‘Message Access Control’ and select the UserB from predicate list and save the session. Now only UserB credentials will be able to execute proxy service

    But In OSB 12c I am not able to click on ‘Message Access Control’ and even Transport Access Control’

    I am able to See proxy service along with its operations under ‘Message Access Control’ but if i click on the proxy service nothing is enabling.

    Kindly help me on this.

  4. 6 Anonymous May 30, 2017 at 7:11 PM

    Great work man

  5. 7 Dinesh Patel April 7, 2017 at 1:24 AM

    Siva, Nice Article,
    Is there any way to get ride of the stack trace in the response and pass nicer Fault Message.

  6. 9 Anonymous February 14, 2016 at 7:18 PM

    Thank you for this good article

  1. 1 Service Bus 12c – Series of Articles by Siva | SOA Community Blog Trackback on February 19, 2015 at 12:20 PM
  2. 2 Service Bus 12c – Series of Articles | Siva's Blog Trackback on October 30, 2014 at 1:33 PM

Leave a Reply to sai siva ramabhadra raju Tirumalraju Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 379 other subscribers

Enter your email address to follow this blog and receive notifications of new posts by email.

%d bloggers like this: