Lets start with WSM in PS2, I did some checks and came to the conclusion that it works the same as in PS1, so my WSM in FMW blogpost is still valid. The only thing what changed is that JDeveloper 11g PS2 give you more information about the WSM policies.
OSB11g is a major release and in this 11g release Oracle did not change the WS-Security policies of Weblogic 9.2, so my OSB blogpost about the security policies in OSB 10.3 is still valid in the 11g version. From this you can conclude Oracle is going full for WSM. With OSB 11g Oracle added support for WSM agents. You can now use the WSM server policies on your OSB Proxy services and the WSM client policies on the OSB Business services. But more inportant, it is now easy to call these secured WSM proxy services from other FMW components ( ADF , Soa Suite & Java )
To use WSM in OSB 11g you need to have a MDS repository and extend the OSB Domain with the WSM components.
When your OSB server is running then you can add the WSM server policy to a Proxy Service. Just select the OWSM policy option and add the right WSM server policy
It works the same for an OSB business service only now you use the client policies.
Before you can test these WSM policies you need to follow the steps of my FMW WSM blogpost . If you configured the WSM keystore then you can test the proxy service in the service bus console application ( sbconsole) . In the security part of this testpage you only need to provide the keystore.recipient.alias. Leave the rest empty.
Or you can generate a web service proxy service in JDeveloper and use this in your Proxy client.
public class HelloWorldServiceSoapHttpPortClient { @WebServiceRef private static HelloWorldService_Service helloWorldService_Service; public static void main(String [] args) { helloWorldService_Service = new HelloWorldService_Service(); SecurityPolicyFeature[] securityFeatures = new SecurityPolicyFeature[] { new SecurityPolicyFeature("oracle/wss10_message_protection_client_policy") }; HelloWorldService helloWorldService = helloWorldService_Service.getHelloWorldServiceSoapHttpPort(securityFeatures); // Add your code to call the desired methods. Map<String, Object> reqContext = ((BindingProvider) helloWorldService).getRequestContext(); reqContext.put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS"); reqContext.put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "C:\\test_keystore.jks"); reqContext.put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "password"); reqContext.put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client_key"); reqContext.put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password"); reqContext.put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client_key"); reqContext.put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password"); reqContext.put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS, "client_key"); System.out.println(helloWorldService.sayHello()); } }
i like this
ReplyDeleteHi mr. Biemond. I'm trying to use WSM from OSB 11gR1. Thanks for the post. I've come up with 2 questions:
ReplyDelete1- I've created a simple proxy service in OSB 11gR1 with an OWSM Policy to test it but when I try to make the call I receive a generic message BEA-380001: Internal Server Error. So I would like to know if there is an OSB log file in which I can see detail of the error. The only log I found was the Weblogic Domain, it includes the OSB errors too ?
2- I'm using Weblogic and OSB 11gR1 10.3.3.0 only. I've not installed Soa Suite and so my EM console does not shows the SOA folder. Since I was able to use OSB and WSM in isolation until now I didn't install Soa Suite. So I would like to know if Soa Suite is required to use OSB and OWSM and so if what i'm doing is wrong.
Sorry for the lenght of the message.
Thank you !
Hi Lupan,
ReplyDeleteinteresting question, Can you send me the wls domain options you have and I will make the same osb domain on my laptop and try the same. Maybe you need a wsm server somewhere in your network.
Try to start the osb domain in workshop and in the console window you will see the errors.
2. I will try to find out what wsm client means
thanks
Lupan,
ReplyDeleteWhen you go to the em website and select the weblogic domain. Then you can go to security sub menu and select credentials or Security Provider Configuration ( here you can import the keystore )
that should work even without installing soa
thanks
…
Hi Mr. Biemond,
ReplyDeleteI'm using Weblogic 10.3.3.0 and OSB 11.1.1.3.0. All I did was:
1- Created a simple dummy WS which returns a string and deployed it on Weblogic.
2- Created a business service in OSB pointing to it with the same WSDL published by WL.
3- Create a proxy service in OSB based in the previous business service.
4- Tested with the OSB web client and naturally it worked.
5- Went to the proxy service config and added the policy: oracle/wss11_x509_token_with_message_protection_service_policy .
6- Tried to access the service with a properly configured client. And so I received that generic error I mentioned in the last post.
Unfortunately the weblogic log simply shows nothing about OSB (I'm running the domain from OEPE).
This client having the problem is the same that successfuly worked when I attached the same WSM policy directly through Enterprise Manager in the Weblogic Web service, without using OSB. Just as a reminder, I don't have Soa Suite installed.
Thanks !
Hi,
ReplyDeleteand did you configure the keystore in the em.
else send me your projects and i will try it out.
biemond at gmail dot com
thanks
Hi Edwin,
ReplyDeleteI am using MDS repository for my SOA Composites and am planning to use OSB for several components. How to use MDS for OSB ?
Any help really appreciated
Cheers
Genji
Hi Genji.
ReplyDeleteOSB can't use MDS like you used to in SOA Suite 11g, it only uses a MDS repos for the OWSM policies.
thanks