Implement Security IN SOA-BPEL 11g

IntroductionThe purpose of this document is to provide a framework for implementing security in a SOABPEL 11g Process. In SOA we exposed our created web service to consumer systems; sometimes it is required to authenticate the consumer identity before accessing the actual process. Here, the security authentication mechanism comes into picture.This document will guide towards the actual implementation of security in a BPEL process.

Data Conversion Process FlowTo Implement the Security Authentication we first need to configure the corresponding policy in the server. This example will provide the step by step guide how to configure the framework to capture Username and Password from the header and validate against a database. Here are the steps described: Step1: First we need to create the policy for User Authentication. Go To Weblogic EM (Enterprise Management) Console. Step2: Expand Weblogic Domain and click on soa_domain

Step3: Click on the Weblogic_Domain go to Web Services -> Policies.

Step4: Click on Create the next window will appear:

Step5: Give the Policy Name

Step6: Add Assertion into the policy, for this username authentication select oracle/wss_username_token_service_template and then click OK save the policy thereafter.

Now the policy has been created in the server.

Step8: Now we need to create a user group in the server , navigate to console , Security Realms > myrealm

Step9: Open user and groups tab

Step11: Create a user group, with username: validateuser and password: password1

Step12: As the policy is created on the server we now proceed with the BPEL development. For this purpose weve created a synchronous bpel named ValidateUser.bpel .

Step13:Import the Header.xsd (attached below) in the BPEL process and create a variable e.g g_SecurityVar as an element type of that imported xsd.

Step14: Create two internal variables e.g g_UserName and g_Password of type string.

Step15: Update your BPEL xsd response to capture both the username and password.

Step16: Add a line in the BPEL source receive element , bpelx:headerVariable="g_SecurityVar" . The variable name will be that one which you have created earlier using the Header.xsd.

Step17: Finally drag an Assign which will map the header security variable to output variable.

Step18:The final process we look like:

Now deploy the process in the server. Step19:After Deploying the code in the server add the previously created policy,

Step20: Attach the created policy in the process and click on OK.

Step21: Test the BPEL process , provide the valid username-password in the WSS Username Token and give some arbitrary value in the input (*) field. Then invoke the process.

Step22: The output result should capture the given header username-password.

Note: The invocation will not be successful if the username-password token cant matched with the earlier created user group . The following error message will be shown,

Final Note: Now when you get the header username-password you can validate it against your own database depending upon the business logic.