Wednesday, April 18, 2012

Securing the last mile --> OEG and OSB

Starting point is a web service deployed on WLS

I now create an OSB proxy for the above service

Save the wsdl to a file

Import the wsdl file

Create a Business Service based on the WSDL

Create a Proxy Service based on the Business Service


Export the Proxy Service WSDL (3rd icon on the right)

Unzip the jar

We will augment the OSB process by adding a new "Secure" proxy service.

Open the newly created proxy service and add a pipeline pair
Then add a stage, and within the stage a LOG action, to the Request pipeline
We log the creditCard number and set the severity to Error so that the message is output on the WLS log.

Test in the OSB Console

Now apply simple username token security to the Proxy service

OWSM Security/Key setup
We need to do this initial setup, before we can test the OSB proxy service

Create a keystore and register it in em
Use keytool.exe (.sh)located in your /jdk/bin directory

keytool -genkeypair -keyalg RSA -alias orakey -keypass welcome1 -keystore default-keystore.jks -storepass welcome1 -validity 3600

Now copy this file to your fmwconfig directory –

Open em at http://localhost:7001/em

Click Keystore - Configure

Set all passwords to welcome1

Stop/Start the osb server
Then create a user via the OSB console
Click Add New
User Name : joe
Password : welcome1

Now we will add a csf-key for joe
Open em

Create a new key

Back in the OSB console, test as follows –

Now export the WSDL of the "Secure" proxy service so we can register it in OEG

Unzip the exported jar to get the ValidateCC.wsdl

In Policy Studio – add a new web services group - Secure OSB Services

Then import the WSDL i.e. Register the Service

Hard-code the user/pwd joe/welcome1

Create a relative path and point to the policy /SecureOSBCreditCardValidation

Deploy and test( from Service Explorer)

In Service Explorer - import the wsdl and select the operation required (validateCard)

Change the Request URl to point to localhost:8080/SecureOSBCreditCardValidation (OEG) and run

In the next post I will get rid of the hard coding of the username in OEG.

No comments: