Applying security for services is vital since it creates high quality services in terms of non functional attributes like reliability. It supports highly available deployments, horizontal scaling via clustering with stateless server architecture, dynamic discovery of services using WS-Discovery, lazy loading via ghost deployers and Apache Zookeeper based coordination support.
The steps below demonstrate how to create a security policy, how to apply security for a service via Developer Studio, and then deploy it in the server.
Creating the security policy
- Open the Developer Studio Dashboard (click Developer Studio > Open Dashboard) and click Registry Resource.
- Select the From existing template option and click Next.
- Enter a resource name and select the WS-Policy template along with the preferred registry path.
- Click Finish.
- Open the created policy by double-clicking on the created policy file.
- The policy file opens in a multi page editor with a Security Form Editor as the design view and an XML editor as the source view.
- Enable security by specifying the required scenario in the Security Form Editor. Click the icon next to each scenario for more information.
- You can provide service information as private store and advanced configuration information as rampart configuration.
- For certain scenarios, you can specify user roles. After you select the scenario, scroll to the right to see the User Roles button. Alternatively, maximize the window.
- Either define the user roles inline or retrieve the user roles from the server.
Get from the server
- Create a Composite Application project including the created policy file and then create a CAR file to deploy to the server.
Applying security for a proxy service
- Once you have configured the policy file, you can apply security for a proxy service by setting the Security Enabled property to true and pointing to the policy key under Service Policies in the proxy properties.
- Specify the policy path inline or browse from the registry or workspace. You can also create and point to a new resource.
By default, the role names are not case sensitive. If you want to make them case sensitive, add the following property under the
<AuthorizationManager> configuration in the
Applying security for a data service
Once you have configured the policy file, you can apply security for a data service by setting the Enable Security property to true and pointing to the policy key in the Policy property in the data services properties.
Applying security for a BPEL workflow
- Once you have configured the policy file, you can apply security for a BPEL workflow by right-clicking the BPEL project and clicking Apply Security.
- On the wizard that appears, select the process and browse to the policy file from the registry.
- Click Finish.