Thursday, May 04, 2017

Securing OSB Proxy Service using OWSM : Simple guide

Service Bus is integrated with Oracle Webservices Manager (OWSM) that provides several out of the box security policies. You can use any of these OWSM policies to secure your Proxy Services based on requirements. Here in this post, you will use oracle/wss_username_token_service_policy policy to secure Proxy Service.
Steps Summary :
1.    Create Users who needs access
2.    Add policy to Service
3.    Test and Validate

Creating User:
Login to Admin Console and click Security Realms in Domain Structure.




Click myrealm as shown below.




Navigate to Users by clicking on Users and Groups tab.




Click New and enter credentials as shown below.



Click OK. 
Observe that new user has been created which can be used to invoke Proxy Service.






Attaching OWSM Policy:

Go to sbconsole. Create a new session. Navigate to All Projects –> <<your project>> and open the Proxy service to bring up a new tab as shown below.




Click Security and choose the option as shown below.



Click Attach Policies icon (highlighted above) and select the policy as shown below and click Attach.




Click OK and observe that selected policy is shown up as shown below.


Save your changes in current tab and activate the session.


Testing
You can use SOAPUI or SBConsole Test service for testing.
Open request editor for any of your Proxy Service operations and paste the following in SOAP header. This represents the WS-Security header and is expected by OWSM policy i.e. attached to Proxy Service.

Test using wrong credentials or without security header and observe the output showing security error.



Test using credentials created in first section and observe the output.
Add below header to your request, You can see username and password fields below.
                                                              
<soap:Header>
                <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                                <wsse:UsernameToken wsu:Id="UsernameToken-F7A4A73DA710AE195C14938940405155">
                                                <wsse:Username>dheeraj</wsse:Username>
                                                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">webic123</wsse:Password>
                                                <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">T36cJsRsgb5IzQyyy/Yskw==</wsse:Nonce>
                                                <wsu:Created>2017-05-04T10:34:00.515Z</wsu:Created>
                                </wsse:UsernameToken>
                </wsse:Security>
</soap:Header>






That’s all.




Posted by at
Labels: , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)