This documentation is for WSO2 Business Process Server version 3.5.1. View documentation for the latest release.
||
Skip to end of metadata
Go to start of metadata

You can secure partner services used in a BPEL process using a given security policy. A sample policy configuration is shown below.

Following sample shows how we can secure a partner service used in a BPEL process.

Tree structure of the sample is shown below.


PolicySecurePartnerService01.xml configuration is given below.

<wsp:Policy wsu:Id="UTOverTransport"
        	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
        	xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
	<wsp:ExactlyOne>
    	<wsp:All>
        	<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            	<wsp:Policy>
                	<sp:TransportToken>
                    	<wsp:Policy>
                        	<sp:HttpsToken RequireClientCertificate="false"/>
                    	</wsp:Policy>
                	</sp:TransportToken>
                	<sp:AlgorithmSuite>
                    	<wsp:Policy>
                        	<sp:Basic256/>
                    	</wsp:Policy>
                	</sp:AlgorithmSuite>
                	<sp:Layout>
                    	<wsp:Policy>
                        	<sp:Lax/>
                    	</wsp:Policy>
                	</sp:Layout>
                	<sp:IncludeTimestamp/>
            	</wsp:Policy>
        	</sp:TransportBinding>
        	<sp:SignedSupportingTokens
                	xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            	<wsp:Policy>
                	<sp:UsernameToken
                        	sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
            	</wsp:Policy>
        	</sp:SignedSupportingTokens>
  		 <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
		 <ramp:user>client</ramp:user>
            	<ramp:encryptionUser>service</ramp:encryptionUser>
                	<ramp:passwordCallbackClass>org.wso2.bps.samples.pwcb.PWCBHandler</ramp:passwordCallbackClass>

                	<ramp:signatureCrypto>
                    	<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                        	<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        	<ramp:property name="org.apache.ws.security.crypto.merlin.file">/home/BPS/Partner/client.jks</ramp:property>
                        	<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
                    	</ramp:crypto>
                	</ramp:signatureCrypto>
                	<ramp:encryptionCypto>
                    	<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                        	<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        	<ramp:property name="org.apache.ws.security.crypto.merlin.file">/home/BPS/Partner/client.jks</ramp:property>
                        	<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
                    	</ramp:crypto>
                	</ramp:encryptionCypto>
            	</ramp:RampartConfig>
	</wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Add a reference to the policy configuration file at the EPR configuration as shown below.

SecurePartnerService01.epr configuration is given below.

<wsa:EndpointReference
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.w3schools.com uep_schema.xsd"
    	xmlns:wsa="http://www.w3.org/2005/08/addressing"
    	xmlns:wsdl11="http://schemas.xmlsoap.org/wsdl/">	  
<wsa:Address>https://localhost:9443/services/SecurePartnerService/</wsa:Address>
	<wsa:Metadata>
    	<id>SInvokeEPR</id>
    	<qos>
        	<enableAddressing version="final" separateListener="true"/>
    	<enableWsSec policy="file:PolicySecurePartnerService01.xml"/>
    	</qos>
	</wsa:Metadata>
</wsa:EndpointReference>

Make a reference to the endpoint reference file at the relevant partner link configuration in the deploy.xml file.

<invoke partnerLink="SecurePartnerService01PartnerLink">
  	<service name="SecurePartnerService01.wsdl:SecurePartnerService01" port="SecurePartnerService01SOAP11port_http">
    	  	<endpoint xmlns="http://wso2.org/bps/bpel/endpoint/config" endpointReference="SecurePartnerService01.epr">
  	  	</endpoint>
  	</service>
</invoke>

Now the partner service is secured with the above given security policy. In the same manner you can secure all the other partner services with a given security policy.

  • No labels