Wednesday, April 18, 2012

Securing the last mile --> OEG and OSB

Starting point is a web service deployed on WLS



I now create an OSB proxy for the above service





Save the wsdl to a file



Import the wsdl file



Create a Business Service based on the WSDL





Create a Proxy Service based on the Business Service



Test



Export the Proxy Service WSDL (3rd icon on the right)





Unzip the jar



We will augment the OSB process by adding a new "Secure" proxy service.



Open the newly created proxy service and add a pipeline pair
Then add a stage, and within the stage a LOG action, to the Request pipeline
We log the creditCard number and set the severity to Error so that the message is output on the WLS log.







Test in the OSB Console






Now apply simple username token security to the Proxy service



OWSM Security/Key setup
We need to do this initial setup, before we can test the OSB proxy service

Create a keystore and register it in em
Use keytool.exe (.sh)located in your /jdk/bin directory

e.g.
keytool -genkeypair -keyalg RSA -alias orakey -keypass welcome1 -keystore default-keystore.jks -storepass welcome1 -validity 3600





Now copy this file to your fmwconfig directory –



Open em at http://localhost:7001/em





Click Keystore - Configure

Set all passwords to welcome1



Stop/Start the osb server
Then create a user via the OSB console
----------------------
Click Add New
User Name : joe
Password : welcome1
----------------------





Now we will add a csf-key for joe
Open em



Create a new key



Back in the OSB console, test as follows –







Now export the WSDL of the "Secure" proxy service so we can register it in OEG

Unzip the exported jar to get the ValidateCC.wsdl



In Policy Studio – add a new web services group - Secure OSB Services

Then import the WSDL i.e. Register the Service









Hard-code the user/pwd joe/welcome1



Create a relative path and point to the policy /SecureOSBCreditCardValidation



Deploy and test( from Service Explorer)

In Service Explorer - import the wsdl and select the operation required (validateCard)



Change the Request URl to point to localhost:8080/SecureOSBCreditCardValidation (OEG) and run



In the next post I will get rid of the hard coding of the username in OEG.

No comments: