How to call a WS-Security secured web service from Oracle BPEL ws1

How to call a WS-Security secured web service from Oracle BPEL

Introduction

I have been investigating Oracle’s Web Service Manager recently. WSM is shipped with the new SOA Suite. The WSM is a service gateway. Existing services can be placed behind the gateway. Security and authentication of the services will be done by the service gateway. WSM also provides a lot of logging facilities. Call to services behind the gateway can be logged. Authentication errors can be logged etc. Multiple services can be placed behing one gateway definition. All policies for that gateway definition, logging, authentication etc., will be applicable for all the services that are linked to the gateway.

Oracle provides a nice and complete tutorial that you can use when you are looking to the WSM for the first time. The tutorial can be found here. It was very straight forward to implement a authentication policy based on WS-Security. WS-Security is an OASIS standard that describes a uniform implementation regarding the security of webservices. The OASIS page regarding WS-Security can be found here. The following screen shot shows how easy it is to define a WS-Security policy. In this example a username/password file is defined that will be used for the authentication step. Note that the password in the file will be hashed with MD5.

How to call a WS-Security secured web service from Oracle BPEL ws

 

How to call a WS-Secured service from BPEL

 

Following Oracle’s WSM introduction was easy. The hard part (for me) was how to call the now WS-Secured service from a BPEL process. The following steps decribe how to call a WS-Security secured service from a BPEL project:

1. Create a partner link to the gateway that is wrapping the actual service

How to call a WS-Security secured web service from Oracle BPEL partnerlink

2. Create a new BPEL variable

The username and password that should be provided to the service gateway should be in the SOAP header of the partner link call. For this we need a BPEL variable that is based on an XSD that is provided by OASIS. I have imported copy of this file into my BPEL project. The content of the file can be found at http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd. I can now create a BPEL variable based on the Security variable defined in this schema. This variable is of type: ANY_TYPE, but I will address that later.

How to call a WS-Security secured web service from Oracle BPEL variable

 

3. Provide the authentication details to the new security variable

The variable of type security is of ANY_TYPE type. But are now going to assign a piece of XML as the variables value. This piece of XML will contain the username and password; in this case marcc/java1. Create an assign activity and copy the following XML to the Variable_1 variable:

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsse:Username>marcc</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">java1</wsse:Password>
   </wsse:UsernameToken>
</wsse:Security>

How to call a WS-Security secured web service from Oracle BPEL copy1

 

4. The value of the Variable_1 variable should be inserted in the SOAP header of the partner link call.

Loging details have to be provided in the SOAP header, that’s how WS-Security provides authentication details. That can be done by providing the the Variable_1 variable as a header variable during the Invoke activity. Of course you need to provide the proper input and output variables on the invoke activity.

How to call a WS-Security secured web service from Oracle BPEL invoke1

 

That’s it. We have created a variable, provided our username and password to the variable. We have then put that variable in the SOAP header. The BPEL process we have now created looks like:

How to call a WS-Security secured web service from Oracle BPEL bpelprocess

 

Testing it

After deployment and test of the BPEL project the result of the invoke activity shows:

<messages>
<ServiceIn>
<part xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” name=”format”>
<format xmlns=”” xmlns:def=”http://www.w3.org/2001/XMLSchema”
xsi:type=”def:string”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”/>
</part>
</ServiceIn>
<ServiceOut>
<part xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” name=”Result”>
<Result xsi:type=”xsd:string”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”>05:14 PM
</Result>
</part>
</ServiceOut>
</messages>

The following is the same output when I provide the wrong password:

<messages>
   <input>
      <ServiceIn>
         <part xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               name="format">
            <format xmlns="" xmlns:def="http://www.w3.org/2001/XMLSchema"
                    xsi:type="def:string"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
         </part>
      </ServiceIn>
   </input>
   <fault>
      <remoteFault xmlns="http://schemas.oracle.com/bpel/extension">
         <part name="code">
            <code>Client.AuthenticationFault
</code>
         </part>
         <part name="summary">
   &nbs
p;        &
lt;summary>Invalid username or password
</summary>
         </part>
         <part name="detail">
            <detail>
               <detail/>
            </detail>
         </part>
      </remoteFault>
   </fault>
</messages>

So, It’s working!!! One question remains. It is possible to provide wsseUsername and wssePassword on the property table page of a partner link definition. My first hope was that should be all I need. For me providing these two variables did not do anyting. But the above is working fine.

 

Resources:

http://weblogs.asp.net/gsusx/archive/2006/03/22/WS_2D00_Security-interoperability-with-Oracle-BPEL-and-WSE-3.0.aspx

 

 

 

14 Comments

  1. Sarat December 28, 2011
  2. Sree March 31, 2009
  3. Saurabh January 13, 2009
  4. Peter November 25, 2008
  5. Kerr June 6, 2008
  6. Pavel April 17, 2008
  7. Andrei March 28, 2007
  8. Peter Lorenzen February 5, 2007
  9. Lucas Jellema February 5, 2007
  10. Eric Elzinga February 4, 2007
  11. Andre Crone February 2, 2007
  12. Peter Lorenzen February 1, 2007
  13. Sandor Nieuwenhuijs February 1, 2007