Securing a proxy service by Username Token authentication

In this recipe, we will secure a proxy service with an OWSM server policy using Eclipse OEPE.

Getting ready

For this recipe, we will use a simple OSB project with one proxy. Import the getting-ready project into Eclipse OEPE from chapter-11getting-ready\securing-a-proxy-service-with-username-token.

The OSB Server must be up and running and configured using the first two recipes of this chapter. This server needs to be defined in the Eclipse OEPE for this recipe to work.

How to do it...

In Eclipse OEPE, perform the following steps to add an OWSM policy to a proxy service:

  1. Open the CustomerManagement.proxy in the proxy folder of the securing-a-proxy-service-with-username-token project.
  2. Navigate to the Policy tab.
  3. Enable From OWSM Policy Store.
  4. Click Service Level Policies, which will enable the Add button.
  5. Click Add and the OWSM Policy Configuration window will open.
  6. Click Browse.
    How to do it...
  7. In the Select OWSM Policy window we need to choose a security or management policy.
  8. Enter *username* into the Name field and click Search.
    How to do it...
  9. Select the oracle/wss_username_token_service_policy from the list of policies and click OK.
  10. The Username Token policy will be displayed in the Policy tab of the proxy service.
    How to do it...
  11. Save the project and deploy it to the OSB server.

    We have successfully secured our proxy service using UsernameToken WS-Security SOAP headers to authenticate users.

    Now let's test it first using the Service Bus test console. In the Service Bus console, perform the following steps:

  12. Navigate to the CustomerManagement proxy service (in Project Explorer, click on the project and then on the proxy folder) and click on the Launch Test Console icon (with the bug).
  13. Click Execute (the value passed in the ID does not have an effect; the answer of the proxy service is hardcoded).
  14. We get an error because we have not passed a username and password.
    How to do it...
  15. Click Back to specify the username and password.
  16. In the test console, scroll down unt the Security area is visible.
  17. Enter osbbook-key into the Override Value field and click Execute.
    How to do it...
  18. The test should now work and a valid response should be returned by the proxy service. The test console also shows the SOAP header with the Username Token necessary for the authentication.
    How to do it...

How it works...

The Username Token authentication policy uses the credentials in the UsernameToken WS-Security header to authenticate users. Only the plain text mechanism is supported. The credentials are authenticated against the configured identity store on WebLogic server.

The usernames used in the user authentication policies will be validated against the users of the WebLogic security realm and the SOAP body will not be encrypted.

To add the OWSM policy to the proxy service, Eclipse OEPE needs to contact the OSB WebLogic server to retrieve the available OWSM server policies. We can add one or more OWSM policy references to a proxy service. These policies can only be added or verified when the OSB WebLogic server is running.

When the proxy service is deployed to the OSB Server, we can retrieve the WSDL of the proxy service. This WSDL will contain the WS security policies which can be used b the clients of this proxy service.

There's more...

SoapUI can also be used to test secured web services. To test the proxy service just created previously, perform the following steps in soapUI:

  1. Create a new soapUI project by consuming the WSDL from the proxy service, which is available under: http://[OSBServer]:[port]/securing-a-proxy-service-with-username-token/proxy/CustomerManagement?wsdl.
  2. Double-click on the new project in the project tree.
  3. Navigate to the WS-Security Configurations tab.
  4. Within the WS-Security Configurations, navigate to the Outgoing WS-Security Configurations tab.
  5. Click on the + button to create a new outgoing configuration.
  6. Enter UsernameToken into the Name cell and click OK.
  7. Click on the + button below the new configuration to add a WSS entry.
  8. From the drop-down list, select Username.
  9. Click OK.
  10. Enter osbbook into the Username filed and welcome1 into the Password field.
  11. Select PasswordText for the Password Type.
    There's more...
  12. Close the window.
  13. Open Request 1 for the FindCustomer operation.
  14. Replace the ? with 1 in the ID element.
  15. Run the test by clicking on the green arrow icon. A security error will be returned, because the WSS configuration is not yet used.
  16. Click the Aut button in the lower-left corner (marked red in the following screenshot):
    There's more...
  17. Select UsernameToken in the Outgoing WSS drop-down list.
  18. Rerun the test and a valid response should be returned.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset