{"id":2741,"date":"2011-07-28T13:54:12","date_gmt":"2011-07-28T18:54:12","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=2741"},"modified":"2015-04-17T13:17:47","modified_gmt":"2015-04-17T18:17:47","slug":"soa-11g-tutorial-secure-composite-applications","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=2741","title":{"rendered":"SOA 11g Tutorial: Secure Composite Applications"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tOverview<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tSecure a Composite<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    2. \n\t\tSecure Composite with OWSM<\/a>\n\t\t
        \n\t\t\t
      1. \n\t\t\t\tOverview<\/a>\n\t\t\t<\/li>\n\t\t\t
      2. \n\t\t\t\tView Built-in Policies<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
      3. \n\t\tSecure Credit Card Validation Service<\/a>\n\t\t
          \n\t\t\t
        1. \n\t\t\t\tDefine a New User<\/a>\n\t\t\t<\/li>\n\t\t\t
        2. \n\t\t\t\tAttach Policies with EM Console<\/a>\n\t\t\t\t
            \n\t\t\t\t\t
          1. \n\t\t\t\t\t\tAttach Policy to receivePO<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t
          2. \n\t\t\t\t\t\tAttach Policy to getCreditCardStatus<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t
          3. \n\t\t\t\t\t\tAttach Policy to getStatusByCC<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t<\/ol>\n\t\t\t
          4. \n\t\t\t\tAttach Policies with JDeveloper<\/a>\n\t\t\t\t
              \n\t\t\t\t\t
            1. \n\t\t\t\t\t\tSecure POProcessing Composite<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t
            2. \n\t\t\t\t\t\tSecure validationForCC Composite<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t<\/ol>\n<\/ol>\n\t\t\t
            3. \n\t\t\t\tTest Security Policy<\/a>\n\t\t\t\t
                \n\t\t\t\t\t
              1. \n\t\t\t\t\t\tTest with Wrong Password<\/a>\n\t\t\t\t\t<\/li>\n<\/ol>\n<\/ol>\n<\/ol>\n<\/div>\n
                 <\/div>\n

                This is part of the Oracle SOA11g hands on tutorials<\/a>.<\/p>\n

                Overview<\/h2><\/span>\n

                * Composite security should be configured by system administrators, NOT coded by developers.<\/p>\n

                Secure a Composite<\/h3><\/span>\n

                * Authenticate client invoking the composite.
                \n* Authorize client accessing service.
                \n* Sign messages.
                \n* Encrypt messages.
                \n* Propagate client identity to downstream services.<\/p>\n

                Secure Composite with OWSM<\/h2><\/span>\n

                * OWSM: Oracle Web Services Manager<\/p>\n

                Overview<\/h3><\/span>\n

                * OWSM supports standard-based policy management, attachment, and enforcement.
                \n* Policies can be created and attached to
                \n– composite services,
                \n– references,
                \n– components.
                \n* Policy management and attachment can be done in
                \n– EM console
                \n– JDev via deployment plan
                \n* Examples of Policies
                \n– Authorization policies
                \n– WS-Security
                \n– WS- Addressing
                \n– MTOM
                \n– WS-ReliableMessaging
                \n– Management policies, e.g. logging<\/p>\n

                View Built-in Policies<\/h3><\/span>\n

                * Go to EM console
                \n* Farm_soa_domain -> Expand WebLogic Domain
                \n* Right click soa_domain
                \n* Select Web Services -> Policies<\/p>\n

                Secure Credit Card Validation Service<\/h2><\/span>\n

                Define a New User<\/h3><\/span>\n

                * Login WebLogic Admin Console.
                \n* Click Security Realms link in Domain Structure panel.
                \n* Click myrealm link in the Summary of Security Realms panel.
                \n* Click Users and Groups tab.
                \n* Click New button to bring up the Create a New User page. Enter:
                \n– Name: weblogic1
                \n– Password: welcome1
                \n– Click OK button.
                \n* Click weblogic1 user to bring up the Settings for weblogic1 page.
                \n– Click Groups tab.
                \n– Select Administrators group on Available list and click the single right arrow to move it to Chosen list.
                \n– Click Save button.<\/p>\n

                Attach Policies with EM Console<\/h3><\/span>\n

                * Login EM console.<\/p>\n

                Attach Policy to receivePO<\/h4><\/span>\n

                * Click on POProcessing composite link.
                \n* Click on Policies tab.
                \n* Click Attach To\/Detach From drop down list and select receivePO. It will bring up a new window.
                \n* In the Available Policies panel, select oracle\/wss_username_token_service_policy and click the Attach button.
                \n* Click the OK button.<\/p>\n

                Attach Policy to getCreditCardStatus<\/h4><\/span>\n

                * Attach: oracle\/wss11_saml_token_with_message_protection_client_policy<\/p>\n

                Attach Policy to getStatusByCC<\/h4><\/span>\n

                * Click validationForCC composite application
                \n* Click on Policies tab.
                \n* Attach: oracle\/ wss11_saml_token_with_message_protection_service_policy<\/p>\n

                Attach Policies with JDeveloper<\/h3><\/span>\n

                Secure POProcessing Composite<\/h4><\/span>\n

                * Open POProcessing composite.xml file.
                \n* Right click receivePO and select Configure WS Policies…
                \n* Click the green plus sign to the right of Security field.
                \n* Select: oracle\/wss_username_token_service_policy and click OK
                \n* Notice receivePO has a new lock icon on the upper right corner.
                \n* Do the same and select oracle\/wss11_saml_token_with_message_protection_client_policy.<\/p>\n

                Secure validationForCC Composite<\/h4><\/span>\n

                * Open validationForCC composite.xml file.
                \n* Right click getStatusByCC and select Configure WS Policies…
                \n* select oracle\/ wss11_saml_token_with_message_protection_service_policy<\/p>\n

                Test Security Policy<\/h2><\/span>\n

                * Click the Test tab.
                \n* Click Request -> Security accordion.
                \n* Select WSS username Token and enter
                \n– Username: weblogic1
                \n– Password: welcome1
                \n* Input message<\/p>\n

                \r\n\r\n    \r\n        \r\n            1111<\/ns1:CustID>\r\n            2121<\/ns1:ID>\r\n            Bluetooth Headset<\/ns1:productName>\r\n            Electronics<\/ns1:itemType>\r\n            49.99<\/ns1:price>\r\n            1<\/ns1:quantity>\r\n            Initial<\/ns1:status>\r\n            Mastercard<\/ns1:ccType>\r\n            8765-8765-8765-8765<\/ns1:ccNumber>\r\n        <\/ns1:PurchaseOrder>\r\n    <\/soap:Body>\r\n<\/soap:Envelope>\r\n<\/pre>\n
                Test with Wrong Password<\/h3><\/span>\n
                * Repeat the same test but purposely use the wrong password welcome2
                \n* Check that web service invocation fails.<\/p>\n","protected":false},"excerpt":{"rendered":"
                This is part of the Oracle SOA11g hands on tutorials. Overview * Composite security should be configured by system administrators, NOT coded by developers. Secure a Composite * Authenticate client invoking the composite. * Authorize client accessing service. * Sign … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[100],"tags":[],"class_list":["post-2741","post","type-post","status-publish","format-standard","hentry","category-soa11g"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-Id","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/2741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2741"}],"version-history":[{"count":11,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/2741\/revisions"}],"predecessor-version":[{"id":10635,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/2741\/revisions\/10635"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2741"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2741"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}