Wednesday, April 24, 2013

OSB11g –Adding OWSM Policy to OSB from Eclipse in case OWSM store is not accessible




In case the Eclipse is not able to access OWSM to fetch the policies, then workaround would be manually add the security policy entries into the proxy file from backend by editing the .proxy file.



Eclipse generated Proxy Service

<xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:con="http://www.bea.com/wli/sb/pipeline/config" xmlns:con1="http://www.bea.com/wli/sb/stages/logging/config" xmlns:con2="http://www.bea.com/wli/sb/stages/config" xmlns:con3="http://www.bea.com/wli/sb/stages/routing/config" xmlns:con4="http://www.bea.com/wli/sb/stages/transform/config" >
  <ser:coreEntry isProxy="true" isEnabled="true">
<ser:binding type="SOAP" isSoap12="false" xsi:type="con:SoapBindingType" xmlns:con="http://www.bea.com/wli/sb/services/bindings/config">
      <con:wsdl ref="GeoDownload/WSDL/v1/GeoService"/>
      <con:binding>
        <con:name>GeoServiceBinding</con:name>
        <con:namespace>http://geo.com/wsdl/download/v1.0</con:namespace>
      </con:binding>
      <con:selector type="SOAP body"/>
    </ser:binding>
    <ser:monitoring isEnabled="false">
      <ser:aggregationInterval>10</ser:aggregationInterval>
      <ser:pipelineMonitoringLevel>Pipeline</ser:pipelineMonitoringLevel>
    </ser:monitoring>
    <ser:reporting>true</ser:reporting>
    <ser:logging isEnabled="true">
      <ser:logLevel>debug</ser:logLevel>
    </ser:logging>
    <ser:sla-alerting isEnabled="true">
      <ser:alertLevel>normal</ser:alertLevel>
    </ser:sla-alerting>
    <ser:pipeline-alerting isEnabled="true">
      <ser:alertLevel>normal</ser:alertLevel>
    </ser:pipeline-alerting>
    <ser:ws-policy>
      <ser:binding-mode>owsm-policy-bindings</ser:binding-mode>
    </ser:ws-policy>
  </ser:coreEntry>




Message Level Security Configuration



To add OWSM Security Policy to Proxy Service

Add the highlighted fields in yellow into the proxy file to add the Policy to the SOAP service proxy.

<xml-fragment xmlns:ser="http://www.bea.com/wli/sb/services" xmlns:tran="http://www.bea.com/wli/sb/transports" xmlns:env="http://www.bea.com/wli/config/env" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:con="http://www.bea.com/wli/sb/pipeline/config" xmlns:con1="http://www.bea.com/wli/sb/stages/logging/config" xmlns:con2="http://www.bea.com/wli/sb/stages/config" xmlns:con3="http://www.bea.com/wli/sb/stages/routing/config" xmlns:con4="http://www.bea.com/wli/sb/stages/transform/config" xmlns:con5="http://www.bea.com/wli/sb/services/security/config">
  <ser:coreEntry isProxy="true" isEnabled="true">
     <ser:security>
      <con5:inboundWss processWssHeader="true"/>
    </ser:security>
<ser:binding type="SOAP" isSoap12="false" xsi:type="con:SoapBindingType" xmlns:con="http://www.bea.com/wli/sb/services/bindings/config">
      <con:wsdl ref="GeoDownload/WSDL/v1/GeoService"/>
      <con:binding>
        <con:name>GeoServiceBinding</con:name>
        <con:namespace> http://geo.com/wsdl/download/v1.0</con:namespace>
      </con:binding>
      <con:selector type="SOAP body"/>
    </ser:binding>
    <ser:monitoring isEnabled="false">
      <ser:aggregationInterval>10</ser:aggregationInterval>
      <ser:pipelineMonitoringLevel>Pipeline</ser:pipelineMonitoringLevel>
    </ser:monitoring>
    <ser:reporting>true</ser:reporting>
    <ser:logging isEnabled="true">
      <ser:logLevel>debug</ser:logLevel>
    </ser:logging>
    <ser:sla-alerting isEnabled="true">
      <ser:alertLevel>normal</ser:alertLevel>
    </ser:sla-alerting>
    <ser:pipeline-alerting isEnabled="true">
      <ser:alertLevel>normal</ser:alertLevel>
    </ser:pipeline-alerting>
    <ser:ws-policy>
      <ser:binding-mode>owsm-policy-bindings</ser:binding-mode>
     <ser:policies>
        <ser:service-policy>
          <ser:owsm-policy-ref ID="geo/security/GeoCustomAuth"/>
        </ser:service-policy>
      </ser:policies>
    </ser:ws-policy>
  </ser:coreEntry>

After editing the .proxy file reload the file in eclipse.



Modified Message Level Security Configuration

The ProcessWS-Security Header value will be set to Yes.


Check the Service Policy Configuration tab to see the Policy assigned to the Service.
That’s it.

1 comment:

Dibas said...

Hi, how can i open this proxy file to edit it?