Note that, before Oracle Web Services Manager 11g can be implemented to secure OSB services, certain pre-configuration steps must be done. These steps are:
Additionally, the following link is a good video demonstration showing how to secure OSB services using WSM 11g: https://blogs.oracle.com/owsm/entry/osb_security_using_owsm_11g
Note that the following sections assume that this configuration has been successfully completed.
Expanding on the example described in the previous section, Implementing WSM Policies in Composites, we will demonstrate how a WSM username client policy can be attached to the OSB Business Service consuming the PurchaseOrderEBS composite, and subsequently how to secure the OSB Proxy Service fronting the same business service.
Sometimes, it is necessary to call the SOA composites from OSB for which WSM security policies have been applied. In these scenarios, it is easy to comply with such policies by attaching the equivalent client policy of the server policy appliedto the target composite. In the following example, we will show how to attach the wss_username_token_client_policy to an OSB Business Service that consumes an SOA composite that has been secured with the wss_saml_or_username_token_service_policy.
http://<osb managed server url>:<osb managed server port>/sbconsole
*
) for any WSM policy that contained the text username
in the policy name. Once a policy has been selected click on Submit:This section assumes that WSM has been configured to work with OSB. For information on how to do this you may refer to:
Section 50.2 Setting Up and Using Oracle Web Services Manager with Oracle Service Bus of the Developers Guide for OSB:
http://docs.oracle.com/cd/E28280_01/dev.1111/e15866/owsm.htm#CHDDEAJG
Section Configuring Keystores for Message Protection of the OFM Security and Administrator's Guide for Web Services:
http://docs.oracle.com/cd/E28280_01/web.1111/b32511/setup_config.htm#BAJJHHII
The implementation of WSM Client Policies allows OSB Business Service to comply (without any extra coding) with policies implemented in target services. In this example, the WSM Username Client Policy allows the OSB Business Service to invoke an SOA Composite that is secured using the WSM SAML or Username Service Policy. The application of this policy does not require any complex mappings or coding, in order to include the username token into the SOAP header of the message.
The next step is to implement a second line of defense, by applying a WSM security policy to the OSB Proxy Service. This will add an additional layer of security, therefore ensuring that any calls coming from the DMZ (for example, the API Gateway) are from the trusted parties.
http://<osb managed server url>:<osb managed server port>/sbconsole
.*
) for any WSM policy that contained the text username in the policy name. Once a policy has been selected click on Submit: