Wednesday, February 12, 2020

12c SOA - WS Security - How to call a protected web-service

Now that we protected the service from unauthorized access, how do we call it from another webservice:

Implementation steps:
Open the composite.xml
Right Click on the external reference and click Configure SOA WS policies..

 Under Security click on the + button

 Scroll down and select oracle/wss_username_token_client_policy and then OK

For OSB, same option is available on the business-services.
Username and password to be passed to the service should be configured as KEYS in EM console⇾security credentials section. 

The configured key has to be entered in the csf-key property in the Reference tag in the composite.xml as highlighted below.

<property name="csf-key" type="xs:string" many="false">user-key</property>
 Instead of using CSF key, we can also provide direct user and password in the reference tag (configured in the key/User).
<property name="oracle.webservices.auth.username" type="xs:string" many="false" override="may">testKey</property>
      <property name="oracle.webservices.auth.password" type="xs:string" many="false" override="may">test1234</property>

If CSF key or Auth user and password are not given in the reference section of the composite.xml then it will throw the following error:
Unable to invoke endpoint URI "http://host:port/soa-infra/services/POC/DynamicEndpointURIProject/dynamicendpointuribpelprocess_client_ep" successfully due to: oracle.fabric.common.PolicyEnforcementException: WSM-00015 : The user name is missing.

No comments:

Post a Comment

Featured Post

11g to 12c OSB projects migration points

1. Export 11g OSB code and import in 12c Jdeveloper. Steps to import OSB project in Jdeveloper:   File⇾Import⇾Service Bus Resources⇾ Se...