Invoking a Secured WebService in BPEL – Oracle SOA Suite 11g

No Webservice in real-world business applications is just exposed as it is, Security is enabled inherently
Oracle Fusion Middleware uses a policy-based model to manage and secure Web services across an organization
Policies apply security to the delivery of messages
Policies can be managed by both developers in a design-time environment and system administrators in a runtime environment
Below are the steps to invoke a secured WebService from a BPEL Process
  1. Before we start, we have to know what is the security policy imposed by the WebService. In this example, we are considering a WebService that has oracle/wss_username_token_client_policy
  1. There are 2 ways of imposing security for services in Oracle SOA Suite 11g
    1. Design Time
      1. Simply, rt click on the web service reference –> Configure WS Policies –> Select the appropriate Policy
Please note that you can select multiple policies at once, depending on the security of the WebService
This step adds the following snippet
  1. Run Time
    1. The same could be done at runtime using Enterprise Manager(EM)
Login to EM –> rt click on soa_infra –> configure Policies –> select the appropriate Policy
The above step creates a ‘Lock’ icon on top of the web service reference as shown above
  1. Open composite.xml, goto source view, find out the reference tag in the file and add the following snippet which basically tells that this particular reference is secured with so-and-so policy, and these are the credentials for invoking the same
      <property name="oracle.webservices.auth.username" type="xs:string"
                many=”false” override=”may”>admin
      <property name="oracle.webservices.auth.password" type="xs:string"
                many=”false” override=”may”>Welcome123
This will make sure the webservice is invoked using the provided credentials. And, that’s it!
Hope this gave you a clear understanding on invoking secured WebServices
Thanks for reading, Please check the other blogs as well
This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Invoking a Secured WebService in BPEL – Oracle SOA Suite 11g

  1. Mahesh says:

    This comment has been removed by a blog administrator.

  2. Mahesh says:

    I am using Jdeveloper. It is not allowing me to create the service reference with out connectinf the WSDL. To connect to the WDDL URL username / password is required. Once it appears in the composite as external reference then only I can apply the above.Not sure what I am doing wrong here

  3. Ravi Kiran says:

    You can save the WSDL to local, create a reference out of it and use the above mentioned approach.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s