Service Bus is integrated
with Oracle Webservices Manager (OWSM) that provides several
out of the box security policies. You can use any of these OWSM policies to
secure your Proxy Services based on requirements. Here in this post, you will
use oracle/wss_username_token_service_policy policy to secure
Proxy Service.
Steps Summary
:
1. Create
Users who needs access
2. Add
policy to Service
3. Test
and Validate
Login to Admin
Console and click Security Realms in Domain Structure.
Click myrealm as
shown below.
Navigate to Users by
clicking on Users and Groups tab.
Click New and
enter credentials as shown below.
Click OK.
Observe that new user has
been created which can be used to invoke Proxy Service.
Go to sbconsole. Create
a new session. Navigate to All Projects –> <<your
project>> and open the Proxy service to bring up a new tab as
shown below.
Click Security and
choose the option as shown below.
Click Attach
Policies icon (highlighted above) and select the policy as shown below
and click Attach.
Click OK and
observe that selected policy is shown up as shown below.
Save
your changes in current tab and activate the session.
You can use SOAPUI
or SBConsole Test service for testing.
Open request editor for
any of your Proxy Service operations and paste the following in SOAP header.
This represents the WS-Security header and is expected by OWSM
policy i.e. attached to Proxy Service.
Test using wrong
credentials or without security header and observe the output showing security
error.
Test
using credentials created in first section and observe the output.
Add below header to your
request, You can see username and password fields
below.
<soap:Header>
<wsse:Security
soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken
wsu:Id="UsernameToken-F7A4A73DA710AE195C14938940405155">
<wsse:Username>dheeraj</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">webic123</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">T36cJsRsgb5IzQyyy/Yskw==</wsse:Nonce>
<wsu:Created>2017-05-04T10:34:00.515Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
That’s all.