Thursday, April 19, 2012

OEG OSB/OWSM Username token/Message Protection example

Create a new OSB project/process that consumes the FraudChecker web service –

This is based on the following Java Class

-------------------------------------------------

package fraudcheckservice;


public class FraudChecker {
public FraudChecker() {
super();
}
public String checkCard4Fraud(String cctype, String ccnr){
String status = "VALID:";

if (ccnr.equalsIgnoreCase("12345678")){
status = "FRAUDULENT:";
}
status = status.concat("Card Type " + cctype + " Card Nr " + ccnr);
return status;
}
}



-------------------------------------------------




The WSDL is similar to the following -
http://localhost:7001/FraudCheckService/FraudCheckerPort?WSDL

In OSB -
Create a business service based on this web service




Create a proxy based on the business service



Test the proxy



Now apply OWSM policies to the OSB proxy





re-test specifying the key we created (joe-key) in the previous-1 blog post.







Now, in the OSB console, export the proxy service wsdl to a file.
Minre is simply called FraudChecker.wsdl



Back in OEG Policy Studio, we need to import the orakey certificate and register the web service –
Back in Policy Studio, we need to import the orakey certificate and register the web service –

This is the key we created in the previous-1 lab. We then stored it at /OSBHome/myDomain/config/fmwconfig

Click keystore





Click Import to Trusted...





Now register the OSB proxy process web service



select the operation -








The security configuration begins

Set Expires in to –



Click Next

Set Signing Key to orakey



Click Next

Configure Encryption Settings

Set Certificate Store to orakey



Click Next

Click Next
Configure Username Token settings
User name = joe
Password = welcome1



Create a relative path /SecureFraudChecker



Deploy & test

No comments: