Webservice which is exposed to the outer world is need to be secured by two important ways
1. Policy enforces message protection ie, to pass the payload in encryted and signed form in the network
2. Authentication for inbound SOAP requests ie., to prevent the access of webservice from unauthorised people to access it.
To complete this task we need to accompliss three tasks
Task 1: Create a BPELprocess which is secured
Task 2: Create Keystore with keypair and certificates
Task 3: Configure the EM with the created key store.
Task 4: Test the secure BPEL service
Task 1: Create a BPELprocess which is secured
Lets create a Oracle BPEL service is exposed as secured service
1. I have just created a simple BPEL service which just echo the data which is passed to the service. But this BPEL is secured by using WS-Security policy. Lets see the screenshots to constructs the secured service through JDeveloper during design time.
2. Right click the exposed service which need to be secured and select WS policy
3. Select oracle/wss11_username_token_with_message_protection_service_policy policy, this policy enforces message protection (integrity and confidentiality) and authentication for inbound SOAP requests in accordance with the WS-Security 1.1 standard. Both plain text and digest mechanisms are supported.
4. Deploy the service in the Weblogic Domain.
If we test this service directly, the service will fail as we didn't set the keystore in weblogic server.
Task 2: Create Keystore with keypair and certificates:
1. Create a self-signed certificate and keystore with one single command below. Here the password is set as 'password' for the keystore and encryption
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
2. With below command we can see what is present inside the created keystore
keytool -list -v -keystore keystore.jks
Task 3: Configure the EM with the created key store:
1. Login to EM and navigate to keystore of the domain
2. Select Keystore configuration
3. Replace the default jks file with created keystore file.
"selfsigned" is the alais value for key and crypt alias
"password" is the password for the both the entry
4. Click OK and restart the server.
Task 4: Test the secure BPEL service
1. Navigate to the deployed bpel service and click test button in EM
2. select securing and OWSM security option
3. select wss11_username_token_with_message_protection_client_policy
4. Enter weblogic username and password for authentication
5. Click test webservice button. It should be successfully.
No comments:
Post a Comment