Scribd Logo
Upload

Welcome to Scribd!

  • Osb - Osb With WSM

    Uploaded by

    SOA Training
    409 views16 pages
    For this sample we will expose the following Java class as a Web Service. We will secure the request payload and add username token with message protection policy.

    Original Description:

    Original Title

    Osb_osb With Wsm

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    For this sample we will expose the following Java class as a Web Service. We will secure the request payload and add username token with message protection policy.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    409 views16 pages

    Osb - Osb With WSM

    Uploaded by

    SOA Training
    For this sample we will expose the following Java class as a Web Service. We will secure the request payload and add username token with message protection policy.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    OSB 11g and WSM

    This article is from the excellent Blog by Niall Commiskey. See complete article here -http://niallcblogs.blogspot.com/2010/07/osb-11g-andwsm.html. It is reproduced here for easy reference only.

    Scenario - I need to secure a proxy service (username/pwd), and sign/encrypt the payload. For this sample we will expose the following Java class as a web service and secure the request payload. package simplecccws; import javax.jws.WebService; @WebService public class validateCC { public validateCC() { super(); } public String validateCard(String cardNr, String firstName, String lastName, String validUntilDate){ String rtc = "INVALID"; if (cardNr.startsWith("1")){ rtc = "VALID"; } return rtc; } } Create the Java class and deploy as a Web Service to WLS. Test

    Note the wsdl e.g. http://localhost:7001/AAA-validateCC-root/validateCCPort?WSDL and save to the local file system Create the OSB Business/Proxy services Import WSDL to OSB and create a Business Service based on it.

    Create a Proxy Service based on the Business Service.

    Test Proxy

    Secure the Proxy Service Add username token with message protection policy

    The result...

    Set up OWSM for OSB and create a test user Register Keystore using Enterprise Manager. This step is required so OSB test console or SOA reference can use the OWSM csf-key to look up the username/password to send the ValidateCard Proxy Service secured with the UserNameToken with Message OWSM policy. Setup default keystore - Copy your sample keystore file, default-keystore.jks to the domain homes fmwconfig directory, e.g.

    /oracle/soa/mwhome/user_projects/domains/soa-osb/config/fmwconfig. You can create a default-keystore as follows, if you don't have one -

    Open em

    In the Security Provider Configuration, find Keystore under Web Services Manager Authentication Providers. Expand Keystore and Click Configure

    Create user in WLS using OSB console. OSB Proxy Service will use WLS Default Authenticator to authenticate the username/password in the WS-Security SOAP Headers received from the client. The user created using OSB console is available to the WLS Default Authenticator. OSB Console - Click on Security Configuration

    Add csf-key for user joe created in step 2. This step is required so the OSB test console/SOA reference can lookup the username/password using the csf-key. In Enterprise Manager, select soa_osb_domain Weblogic Domain. Expand Security and select Credentials as shown below.

    Create Map with name oracle.wsm.security if it does not already exist. Create a new key joe-key o User Name: joe o Password: welcome1

    Test the Proxy Service Set the following values in the OSB test console

    and Execute the test

    View the result -

    Posted by Niall Commiskey at 11:42 PM 15 comments: Halvor said... Hello, thanks for an excellent blog that I help me to understand the usage of keystore for OWSM policy in the OSB. I succeed to test the proxy service from the test page but with at different configuration for the property keystore.recipient.alias. When I tried to test the proxy service with your configuration of the properties I got the following error: [OSB Security - OWSM:387257]Invalid Recepient Alias "joe-key" specified. To succeed I removed the override value joe-key (then the default value orakey is used) from the property keystore.recipient.alias (still using override value joe-key for property csf-key). Do you have any explanation for this? Best Regards Halvor Larsen July 21, 2010 1:46 AM

    Rob said... Thanks for the overview, however, I'm not able to get this to work. When I invoke my proxy service through the test console, I get an error stating: [OSB Security - OWSM:387257]Invalid Recepient Alias "SecurityTester-key" specified. SecurityTester-key is the key I setup for the user I created. Any ideas? August 14, 2010 11:33 AM

    Niall Commiskey said... hi guys, I'm currently on vacation but will look at this as soon as I return. NiallC. August 25, 2010 6:32 AM

    Niall Commiskey said... Sorry guys, the screenshot was incorrect. You mustn't override orakey in this case. I've corrected the blog entry accordingly! September 10, 2010 12:21 AM chandra@SOA said... Hi, In the post you have mentioned that we need to create Map with name oracle.wsm.security. But when i tried to create a MAP it was just asking the name but not the type.I am unable to create the MAP of this type. Please suggest me. chandra.soa@gmail.com

    December 17, 2010 3:10 AM

    Niall Commiskey said... Hi Chandra, you should have to create the Map. You should simply havve to select it from the list. Is that not the case with you? December 18, 2010 12:02 AM Raj said... Hi, Thanks for the excellent blog. I tried it and implemented succesfully. In addition to this i am trying to implement below usecases for invalid user and without header. Usecase 1: I am sending a request from soapUI as below,

    Test TestPassword

    Rose

    when user is invalid - Seeing error: WSM-00008 : Web service authentication failed in logs

    Usecase 2: Without Header part.

    Seeing error: WSM-00069 : The security header is missing in logs. But the problem is in Proxy Service Error Handler: A common error is giving for both the cases i.e "BEA-386200: General web service security error". I want to differentiate between these two types and send corresponding error message to client. How i can do this ? Is there a way to get OWSM Error code in Proxy service error handler ? Please advise. January 4, 2011 12:29 PM shailesh said... Thanks for the detailed steps. I was able to follow it successfully. I am now trying to invoke it through a BPEL process, but getting errors. Can you also elaborate on how to do that? Regards, Rakhee February 28, 2011 7:34 AM

    Niall Commiskey said... Hi Shailesh, what errors are you getting? How are you invoking osb from BPEL? You will have to pass the security credentials across. February 28, 2011 9:31 AM Rakhee said... Hello, I created OSB business and proxy services based on a WSDL (as described by you). Attached the 'wss10_username_token_with_message_protection_service_policy ' policy to the proxyservice. Then I created a BPEL process. Created a partner link for the same WSDL and attached the policy 'wss10_username_token_with_message_protection_client_policy'. Also defined the csf

    key and added credentials (in the domain) through the em console. Now when I try to invoke the proxy service from this BPEL process, I am getting below error. oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: oracle.fabric.common.FabricInvocationException: Unable to access the following endpoint(s): http://lnx04.aarisha.com:8011/ValidateCC/ProxyService/ValidateCCProxy at oracle.sysman.emas.model.wsmgt.WSTestModel.invokeOperation(WSTestModel.ja va:575) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:381) at oracle.sysman.emas.view.wsmgt.WSView.invokeOperation(WSView.java:299) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl. java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(AstValue.java:157) at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283) at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.i nvoke(MethodExpressionMethodBinding.java:53) at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodB inding(UIXComponentBase.java:1259) at Will appreciate if you could point to me what I am doing wrong or what is missing. Regards, Rakhee February 28, 2011 5:52 PM

    Niall Commiskey said... stupid question, but is the endpoint http://lnx04.aarisha.com:8011/ValidateCC/ProxyService/ValidateCCProxy valid? March 1, 2011 12:00 AM Mohan said... Great Post... Just something that I was looking for the whole last week to do... But encountered an error at the last step of testing it..

    OSB Security - OWSM:387253]Failed to initialize Owsm Credential Manager. Please validate the keystore Configuration. Any help would be greatly appreciated. -mohan April 6, 2011 1:53 PM

    Niall Commiskey said... Hi Mohan, please refer to http://download.oracle.com/docs/cd/E14571_01/web.1111/b32511/setup_config.htm#WS SEC1401 let me know if the issue persists. Niall C. April 7, 2011 1:29 AM McNairStation said... Niall, It worked for me...thanks for you help... But I am not sure if creating a user in the OSB Console is required... My test works from the console even after I created the Joe user from Security Configuration. thanks, -mohan April 13, 2011 11:01 AM

    Niall Commiskey said... Excellent! April 13, 2011 12:37 PM

    You might also like