In this recipe, we will combine message protection with user authentication. For this we can reuse the client Java keystore and the osbbook user from the precedingrecipes.
For this we will use the same simple OSB project as in the previous Securing a proxy service using username and password authentication through OWSM recipe.
Import the getting-ready project into Eclipse OEPE from chapter-11getting-readysecuring-a-proxy-service-with-auth-and-message-protection.
The steps to execute in this recipe are the same as in the previous Securing a proxy service using username and password authentication through OWSM recipe, only another policy needs to be selected. In the Eclipse OEPE, perform the following steps:
- Open the CustomerManagement.proxy in the
proxyfolder of the securing-a-proxy-service-with-auth-and-message-protection project. - Navigate to the Policy tab.
- Enable From OWSM Policy Store.
- Click Service Level Policies, which will enable the Add button.
- Click Add and the OWSM Policy Configuration window will open.
- Click Browse.
- In the Select OWSM Policy window, we need to choose a security or management policy.
- Enter
*username_token_with*into the Name field and click Search. - Select the oracle/wss11_username_token_with_message_protection_service_policy from the list of policies and click OK.
The Username Token policy will be displayed in the Policy tab of the proxy service.
- Save the project and deploy it to the OSB server.
Instead of the
oracle/wss11_username_token_with_message_protection_service_policywe could also useoracle/wss10_username_token_with_message_protection_service_policyfor this poxy service.In the Service Bus console, perform the following steps for testing the service:
- Navigate to the CustomerManagement proxy service (in the Project Explorer, click on the securing-a-proxy-service-with-auth-and-message-protection project and then on the
proxyfolder) and click on the Launch Test Console icon (with the bug). - Click Execute (the value passed in the ID does not have an effect; the answer of the proxy service is hardcoded).
- We will get an error saying that the username is missing.
- Click Back to specify the username and password.
- In the test console, scroll down until the Security area is visible.
- Enter
serverkeyinto the Override Value field for the property keystore.recipient.alias. - Enter
enc-csf-keyinto the Override Value field for the property keystore.enc.csf.key. - Enter
osbbook-keyinto the Override Value field for the property csf.key. - Click Execute.
- The test should now work and a valid response should be returned by the proxy service. The test console also shows the various SOAP headers passed in the request message holding the security information.