Thursday, February 13, 2020

12c SOA - WS Security - expose service with header and WSSE user token authentication

  • WS-Security is a specification published by OASIS, it is mainly aimed for SOAP Web Services. It encompasses a number of mechanisms to strengthen the integrity and confidentiality of the messages exchanged between these type of services such as data encryption, security tokens, username and password validation, signed messages, etc.
  • On the other hand, Oracle Web Service Manager (OWSM) is a component of Oracle SOA Suite that provides a framework for centralizing policy management and security of Web Services. OWSM is based on the WS-Policy standard and can be used in development time, or from the management console.
  • For the SOAP Service the username and password will travel in the UsernameToken element embedded within the SOAP Envelope message Header, and for the REST service, it will travel in the HTTP transport Header.
Here you will find how to configure from a development perspective using JDeveloper, a policy-based user and password authentication for a SOAP.

Implementation:

Step1: Create a Schema:
XSD:
<?xml version="1.0" encoding="windows-1252" ?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.emp.test"
            targetNamespace="http://www.emp.test" elementFormDefault="qualified">
    <xsd:element name="EmployeeRequest">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="EmpId" type="xsd:string"/>
                <xsd:element name="EmpName" type="xsd:string"/>
                <xsd:element name="Address" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
        <xsd:element name="EmployeeResponse">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="result" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
    <xsd:element name="requestHeader">
    <xsd:complexType>
        <xsd:sequence>
            <xsd:element name="User" type="xsd:string" minOccurs="0"/>
            <xsd:element name="Id" type="xsd:string" minOccurs="0"/>
        </xsd:sequence>
    </xsd:complexType>
    </xsd:element>
</xsd:schema>

Step2: Create a WSDL:
Right click on project folder WSDLs⇾New⇾From Galary⇾All Items⇾WSDL(builder)(Interfaces)⇾OK⇾Provide Service Name,Port type, operation and choose Interface Type as Synchronous and Add the message part(Request and Header) in the Input and Response in the Output sections.

<?xml version= '1.0' encoding= 'UTF-8' ?>
<wsdl:definitions name="service1"
                  targetNamespace="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1"
                  xmlns:tns="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1"
                  xmlns:inp1="http://www.emp.test" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
                  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
    <wsdl:types>
        <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <xsd:import namespace="http://www.emp.test" schemaLocation="../Schemas/EMP.xsd"/>
        </xsd:schema>
    </wsdl:types>
    <wsdl:message name="requestMessage">
        <wsdl:part name="requestHeader" element="inp1:requestHeader"/>
        <wsdl:part name="paylod" element="inp1:EmployeeRequest"/>
    </wsdl:message>
    <wsdl:message name="replyMessage">
        <wsdl:part name="payload" element="inp1:EmployeeResponse"/>
    </wsdl:message>
    <wsdl:portType name="execute_ptt">
        <wsdl:operation name="execute">
            <wsdl:input message="tns:requestMessage"/>
            <wsdl:output message="tns:replyMessage"/>
        </wsdl:operation>
    </wsdl:portType>
    <wsdl:binding name="execute_pttSOAP11Binding" type="tns:execute_ptt">
        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
        <wsdl:operation name="execute">
            <soap:operation style="document"
                            soapAction="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1/execute"/>
            <wsdl:input>
                <soap:body use="literal" parts="paylod"/>
                <soap:header message="tns:requestMessage" use="literal" part="requestHeader"/>
            </wsdl:input>
            <wsdl:output>
                <soap:body use="literal" parts="payload"/>
            </wsdl:output>
        </wsdl:operation>
    </wsdl:binding>
</wsdl:definitions>

Step3: Create a BPEL service based on the above WSDL:






Step4: Configure SOA WS Policies...




Step5: Deploy and take the wsdl and test from SOAP UI:

Test1: Tested without WSSE Security user token authentication:
 Test2: Tested with WSSE Security user token authentication:
Payload with WSSE:
<soapenv:Envelope xmlns:emp="http://www.emp.test" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-81CB99D5C318DB117215815725859457">
            <wsse:Username>wsstest</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wsstest1</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">j05VdqxZ2sVIdPjZiGKi5Q==</wsse:Nonce>
            <wsu:Created>2020-02-13T05:43:05.944Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
      <emp:requestHeader>
         <!--Optional:-->
         <emp:User>user1</emp:User>
         <!--Optional:-->
         <emp:Id>id1</emp:Id>
      </emp:requestHeader>
   </soapenv:Header>
   <soapenv:Body>
      <emp:EmployeeRequest>
         <emp:EmpId>e1</emp:EmpId>
         <emp:EmpName>enmae</emp:EmpName>
         <emp:Address>eadd</emp:Address>
      </emp:EmployeeRequest>
   </soapenv:Body>
</soapenv:Envelope>

No comments:

Post a Comment

Featured Post

11g to 12c OSB projects migration points

1. Export 11g OSB code and import in 12c Jdeveloper. Steps to import OSB project in Jdeveloper:   File⇾Import⇾Service Bus Resources⇾ Se...