It is critical to
control access to BPEL processes and to the Web services they use. Preventing
unauthorized users from breaking into your system is required to protect both
the integrity of your processes and the personal information of your customers.
in real-world all
business applications are exposed with security is enabled.Oracle Fusion
Middleware uses a policy-based model to manage and secure Web services across
an organization
Policies apply
security to the delivery of messages
Policies can be
managed by both developers in a design-time environment and system
administrators in a runtime environment
Below are the steps
to invoke a secured WebService from a BPEL Process:
- On the External References where your web service is, right click on the web service and select configure ws policies.
- Under security click the green plus sign to add security and select oracle/wss_username_token_client_policy and click ok.
(We can select
multiple policies at once, depending on the security of the WebService we are
invoking)
This step will adds
the following code in your composite.xml
<wsp:PolicyReference
URI="oracle/wss_username_token_client_policy"
orawsp:category="security"
orawsp:status="enabled"/>
<property name="oracle.webservices.auth.password"
type="xs:string"
many="false" override="may">XX_AdmIn</property>
<property name="oracle.webservices.auth.username"
type="xs:string"
many="false"
override="may">XXADMIN_PASSWORD</property>
<property name="wsseOASIS2004Compliant" type="xs:string"
many="false">true</property>
</binding.ws>