Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Oracle Service Bus 11g Development Cookbook

You're reading from  Oracle Service Bus 11g Development Cookbook

Product type Book
Published in Jan 2012
Publisher Packt
ISBN-13 9781849684446
Pages 522 pages
Edition 1st Edition
Languages
Concepts

Table of Contents (19) Chapters

Oracle Service Bus 11g Development Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Creating a basic OSB service Working Efficiently with OSB Artifacts in Eclipse OEPE Messaging with JMS Transport Using EJB and JEJB transport Using HTTP Transport Using File and Email Transports Communicating with the Database Communicating with SOA Suite Communication, Flow Control, and Message Processing Reliable Communication with the OSB Handling Message-level Security Requirements Handling Transport-level Security Requirements Index

Chapter 11. Handling Message-level Security Requirements

In this chapter, we will cover:

  • Preparing OSB server to work with OWSM

  • Configuring OSB server for OWSM

  • Securing a proxy service by Username Token authentication

  • Securing a proxy service by protecting the message

  • Securing a proxy service by using Username Token authentication and protecting the message

  • Securing a proxy service by using certificate authentication and protecting the message

  • Securing a proxy service with authorization through Message Access Control

  • Using JDeveloper to test a secured service

  • Calling a secured service from OSB

Introduction

Security has always played and still plays an important role in today's information-driven business processes. Consumers of information must know who sent the information and whether it has not been changed or read by others. Only then can they trust the message and do the transaction.

When thinking about security it's important to distinguish between Transport and Message-level security.

Transport-level security represents a technique where the underlying operating system or application servers are handling security features. Recipes for transport-level security are covered in the next chapter

Message-level security represents a technique where all information related to security is encapsulated in the message. This is what WS-Security specifies for web services. Securing messages using message-level security instead of using transport-level security has several advantages that includ:

  • Flexibility – parts of the message can be signed or encrypted. This means that intermediary...

Preparing OSB server to work with OWSM

Before OWSM can be used, we need to create a Metadata Service (MDS) database repository. The OWSM policies will be stored in the MDS and these policies can be used at design time by Eclipse OEPE or the Service Bus console, and at runtime by the OSB server. The second step is to extend our OSB domain with the OWSM and the Enterprise Manager optons.

This recipe will show how to create an OWSM-enabled OSB domain.

Getting ready

  1. For this recipe, you will need the following in place. A WebLogic domain which has the OSB version 11g R1 option will need to be enabled.

  2. An Oracle Database in version 10g R2, 11g R1, or 11g R2. The database should be on the latest patch set.

  3. A database schema user which has the sysdba privilege that can be used by the Repository Creation Utility (RCU).

  4. Download the Repository Creation Utility. It can be downloaded from http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html, here we should accept license agreement...

Configuring OSB server for OWSM

After installing the OWSM component to our WebLogic domain, we will be configuring the OSB server for OWSM. For this, we need to generate a custom Java keystore which contains the server certificates and configure it in Enterprise Manager (EM).

How to do it...

First, let's create a Java keystore which will be used by OWSM. On the command line, perform the following steps:

  1. Navigate to the bin folder of the JDK used by the OSB:

    cd c:\[FMWHome]\jrockit-jdk1.6.0_20-R28.1\bin

  2. Generate a new Java keystore with a self-signed server key:

    keytool -genkey -alias serverKey -keyalg "RSA" -sigalg "SHA1withRSA" -dname "CN=server, C=US" -keypass welcome -keystore c:\server.jks -storepass welcome

  3. Copy the Java keystore server.jks located at c:\ to the config\fmwconfig folder of the OSB domain:

    cd ..\.. cd user_projects\domains\osb_cookbook_domain\config\fmwconfigcopy c:\server.jks .

    Next, we have to import the Java keystore into Enterprise Manager. Open Enterprise Manager in...

Securing a proxy service by Username Token authentication

In this recipe, we will secure a proxy service with an OWSM server policy using Eclipse OEPE.

Getting ready

For this recipe, we will use a simple OSB project with one proxy. Import the getting-ready project into Eclipse OEPE from \chapter-11\getting-ready\\securing-a-proxy-service-with-username-token.

The OSB Server must be up and running and configured using the first two recipes of this chapter. This server needs to be defined in the Eclipse OEPE for this recipe to work.

How to do it...

In Eclipse OEPE, perform the following steps to add an OWSM policy to a proxy service:

  1. Open the CustomerManagement.proxy in the proxy folder of the securing-a-proxy-service-with-username-token project.

  2. Navigate to the Policy tab.

  3. Enable From OWSM Policy Store.

  4. Click Service Level Policies, which will enable the Add button.

  5. Click Add and the OWSM Policy Configuration window will open.

  6. Click Browse.

  7. In the Select OWSM Policy window we need to choose a security...

Securing a proxy service by protecting the message

Apart from requiring the user to authenticate themselves to the proxy service, we can also enforce that a message be encrypted and signed using the message protection policies. In this recipe, we will enable the message protection to guarantee message integrity through digital signature and message confidentiality through XML encryption.

For this to work, we need to have te public key of the server certificate.

Getting ready

For this we will use the same simple OSB project as in the previous Securing a proxy service using Username Token authentication recipe.

Import the getting-ready project into Eclipse from \chapter-11\getting-ready\securing-a-proxy-service-with-message-protection.

How to do it...

The steps to execute in this recipe are the same as in the previous Securing a proxy service using Username Token Authentication recipe, only another policy needs to be selected. In the Eclipse OEPE, perform the following steps:

  1. Open the CustomerManagement...

Securing a proxy service by using Username Token authentication and protecting the message

In this recipe, we will combine message protection with user authentication. For this we can reuse the client Java keystore and the osbbook user from the precedingrecipes.

Getting ready

For this we will use the same simple OSB project as in the previous Securing a proxy service using username and password authentication through OWSM recipe.

Import the getting-ready project into Eclipse OEPE from \chapter-11\getting-ready\securing-a-proxy-service-with-auth-and-message-protection.

How to do it...

The steps to execute in this recipe are the same as in the previous Securing a proxy service using username and password authentication through OWSM recipe, only another policy needs to be selected. In the Eclipse OEPE, perform the following steps:

  1. Open the CustomerManagement.proxy in the proxy folder of the securing-a-proxy-service-with-auth-and-message-protection project.

  2. Navigate to the Policy tab.

  3. Enable From...

Securing a proxy service by using certificate authentication and protecting the message

In this recipe, we will also use the message protection similar to the previous recipes but replace the username/password authentication with a client certificate authentication. For this, we need to generate a client certificate and add the public key of the client certificate to the server Java keystore. This way, OWSM can verify the client signature which is added tothe SOAP message.

Getting ready

For this recipe, we will use the same simple OSB project as in the previous Securing a proxy service using username and password authentication through OWSM recipe.

Import the getting-ready project into Eclipse OEPE from \chapter-11\getting-ready\securing-a-proxy-service-with-cert-auth-and-msg-protect.

How to do it...

The steps to execute in this recipe are the same as in the previous Securing a proxy service using username and password authentication through OWSM recipe, only another policy needs to be selected...

Securing a proxy service with authorization through Message Access Control

In the Securing a proxy service by Username Token authentication recipe we have made sure that only authenticated users have access to services through the use of OWSM. With this recipe, we will extend this security configuration with authorization to make sure that only selected users, roles, or groups hav access to the proxy service.

Getting ready

For this we will need the OSB project from the previous Securing a proxy service by Username Token authentication recipe.

The finished solution can be imported into Eclipse OEPE from \chapter-11\solution\securing-a-proxy-service-with-username-token.

How to do it...

In the Service Bus console, perform the following steps to cnfigure Message Access Control:

  1. In the menu to the left, click Project Explorer.

  2. Navigate to the CustomerManagement proxy service.

  3. Navigate to the Security tab.

  4. Click Create in the Change Center on the upper-left corner to create a new change session.

  5. Make...

Using JDeveloper to test a secured service

In this recipe, we will create a JDeveloper client for testing the secured OSB service created in the previous recipe. We will use the client certificate store created in the previous recipe.

Getting ready

For this we will need the OSB project from the previous Securing a proxy service using certificate authentication and protecting the message recipe.

The finished solution can be imported into Eclipse OEPE from \chapter-11\solution\securing-a-proxy-service-with-cert-auth-and-msg-protect.

How to do it...

In JDeveloper, we will create a new application workspace with a generic project. The generic project will be used to generate a web service proxy based on the WSDL of the customer proxy service.

In JDeveloper, perform the following steps:

  1. Click File | New....

  2. Choose Generic Application in the General category.

  3. Enter OWSM into the Application Name field.

  4. Click Browse, right to the Directory field and select the workspace folder.

  5. Enter osb.cookbook.owsm into...

Calling a secured service from OSB

In this recipe, we will call a secured web service by adding an OWSM client policy to a business service. For this we create a new business service that uses the WSDL of our previous recipe. This WSDL contains the OWSM server policy.

Getting ready

For this we will use a simple OSB project with one proxy. Import the getting-ready project into Eclipse OEPE from \chapter-11\getting-ready\calling-a-secured-service-form-OSB. Make sure that the solution from the Securing a proxy service using username and password authentication through OWSM recipe is deployed to the OSB server.

How to do it...

Open the WSDL of the secured proxy service and check whether the WSDL contains some WS-Security policies. In Eclipse OEPE, perform the following steps:

  1. Expand the wsdl folder of the calling-a-secured-service-from-osb project.

  2. Double-click on the CustomerManagement.wsdl. This is the WSDL consumed from the service provider.

  3. Check that the WSDL has a wsp:Policy element.

  4. Also check...

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 19
Next Chapter arrow right
You have been reading a chapter from
Oracle Service Bus 11g Development Cookbook
Published in: Jan 2012 Publisher: Packt ISBN-13: 9781849684446
© 2012 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
C++ Programming for Linux Systems
C++ Programming for Linux Systems
This book covers the essential system programming tools and helps you explore the features of C++20. It emphasizes important details to maintain code quality and tackle everyday challenges of developing software for high performance, optimization, and more.
Sep 2023 9 hours 36 minutes
Expert C++
Expert C++
Discover advanced programming techniques, the latest features of C++17 and C++20, and best practices for memory management, debugging, testing, and large-scale application design with Expert C++. Ideal for experienced developers advancing to proficient programmers and building professional-grade C++ applications.
Aug 2023 20 hours 8 minutes
iOS 17 Programming for Beginners
iOS 17 Programming for Beginners
iOS 17 Programming for Beginners, Eighth Edition is your comprehensive guide to learning the art of iOS app development. Whether you dream of creating the next chart-topping app or simply want to enhance your programming skills, this book is your trusted companion on this exciting journey.
Oct 2023 20 hours 8 minutes
Developer Career Masterplan
Developer Career Masterplan
Written by industry experts that have spent the last 20+ years helping developers grow their career path towards senior developer positions and beyond. This book provides a comprehensive guide, sharing examples and stories from their global careers. By the end, you’ll have the knowledge to create a clear career progression plan as a technical professional.
Sep 2023 10 hours 20 minutes
Refactoring with C#
Refactoring with C#
In Refactoring with C#, you’ll explore the process of safely refactoring modern .NET code using Visual Studio features, advanced unit tests, AI assistance, and custom Roslyn analyzers.
Nov 2023 14 hours 28 minutes
Python Real-World Projects
Python Real-World Projects
Amplify your developer journey by curating a dynamic project portfolio that outshines traditional resumes. Delve into the Python realm through immersive projects, mastering core concepts while constructing comprehensive modules and applications. From data acquisition prowess to impactful data visualization, Python Real-World Projects arms you with essential skills to beat the competition.
Sep 2023 15 hours 56 minutes
The MVVM Pattern in .NET MAUI
The MVVM Pattern in .NET MAUI
The MVVM Pattern in .NET MAUI enables developers to master MVVM principles and effectively apply them to .NET MAUI. This book uses real-life examples and covers complex problems to help you successfully apply MVVM with .NET MAUI to confidently develop robust and high-performing cross-platform apps.
Nov 2023 12 hours 52 minutes
Extending Microsoft Business Central with Power Platform
Extending Microsoft Business Central with Power Platform
Extending Business Central with the Power Platform is a step-by-step guide for Business Central professionals to create solutions that automate business processes, explain complex workflow approvals, and integrate with hundreds of other systems, without traditional development. It’ll guide you in customizing Business Central with Power Platform.
Aug 2023 15 hours 16 minutes
Extending Microsoft Business Central with Power Platform
Extending Microsoft Business Central with Power Platform
Extending Business Central with the Power Platform is a step-by-step guide for Business Central professionals to create solutions that automate business processes, explain complex workflow approvals, and integrate with hundreds of other systems, without traditional development. It’ll guide you in customizing Business Central with Power Platform.
Aug 2023 15 hours 16 minutes
Quantum Computing Algorithms
Quantum Computing Algorithms
The book emphasizes intuitive ideas behind quantum algorithms in ways that other books don’t cover, striking a careful balance between no math and too much math. To get the most from this book, you should be comfortable with basic algebra and writing simple computer code. No prior understanding of quantum physics is needed to get started.
Sep 2023 11 hours 24 minutes
Python – Complete Python, Django, Data Science and ML Guide
Python – Complete Python, Django, Data Science and ML Guide
Unlock Python's full potential with this 50+ hour course! From programming to web and game development, data manipulation, and machine learning, gain the skills required to succeed in various Python-related careers. With practical tasks, hands-on experience, and a strong foundation in Python, you'll be ready to tackle real-world challenges and take advantage of the many opportunities this versatile language offers.
Nov 2023 50 hours 30 minutes
Python – Complete Python, Django, Data Science and ML Guide
Python – Complete Python, Django, Data Science and ML Guide
Unlock Python's full potential with this 50+ hour course! From programming to web and game development, data manipulation, and machine learning, gain the skills required to succeed in various Python-related careers. With practical tasks, hands-on experience, and a strong foundation in Python, you'll be ready to tackle real-world challenges and take advantage of the many opportunities this versatile language offers.
Nov 2023 50 hours 30 minutes
Right arrow icon