When you build a component which has an exposed service, you want to make sure that it is secure. This means we have to apply authentication and authorization to the service in question. Lets see how we can get this done in the SOA Suite 11G (PS2).
First of all we have already created a webservice which we are going to expose in my example an EventDispatcher which sends out events using the EDN.
Now lets say we want to secure this webservice using WS-Security, the username-token variant. The only thing we need to do is to right-click the service and choose: Configure WS Policies
In the next screen you can choose different policies for your webservice but the one we are looking for in under security. Click the green + sign at the Security tab and choose: oracle/wss_username_token_service_policy.
Click OK and check that your policy is selected in the Security section. If so, click OK. This policy will now make sure that if you send a ws-s header with your request, it will be processed. Adding this policy can also be done in the Enterprise Manager by the way. Select you component under SOA and select the Policies tab. Here you can do the same.
Now al we need to do is to make a user of which the credentials will be checked when he/she wants to make use of this service..
Go to your Weblogic administration console and click on Security Realms.
Next click in on ‘myrealm’ and click on the ‘Users and Groups’ tab. Click ‘New User’ and enter the information for the user you want to authenticate. Make sure your password if 8 characters long and contains at least 1 number.
Click OK if you are ready. The next thing is to create a group of which the user is a member. Select the ‘Groups’ tab and click ‘New’. Now insert the info of your group.
If your done, click on OK. You can now use this user to check if we have access to the service. In SoapUI you can create configurations which you can use to call a webservice. Make one for the user you have just created.
Now let’s try to call the service without a security configuration. It should look something like this.
Now select the Test configuration
and make the call again. You should now get a proper response from the server. This is the end of part 1 of this small tutorial…..authentication of a webservice in SOA Suite 11g using ws-security. In the next post, I will show you how you can make sure only users which are a member of the created group, can make use of the service.