12c SOA - WS Security - How to call a protected web-service

Now that we protected the service from unauthorized access, how do we call it from another webservice:

Implementation steps:

Open the composite.xml

Right Click on the external reference and click Configure SOA WS policies..

 Under Security click on the + button

 Scroll down and select oracle/wss_username_token_client_policy and then OK

For OSB, same option is available on the business-services.

Username and password to be passed to the service should be configured as KEYS in EM console⇾security credentials section. 

The configured key has to be entered in the csf-key property in the Reference tag in the composite.xml as highlighted below.

<property name="csf-key" type="xs:string" many="false">user-key</property>

 Instead of using CSF key, we can also provide direct user and password in the reference tag (configured in the key/User).

<property name="oracle.webservices.auth.username" type="xs:string" many="false" override="may">testKey</property>

      <property name="oracle.webservices.auth.password" type="xs:string" many="false" override="may">test1234</property>

    

If CSF key or Auth user and password are not given in the reference section of the composite.xml then it will throw the following error:
Unable to invoke endpoint URI "http://host:port/soa-infra/services/POC/DynamicEndpointURIProject/dynamicendpointuribpelprocess_client_ep" successfully due to: oracle.fabric.common.PolicyEnforcementException: WSM-00015 : The user name is missing.