Thursday, 22 December 2011

How to set security credentials dynamically in Oracle BPEL

Few months ago I have written a post on invoking WS-Security compliant services, In Oracle BPEL you can either propagate the security credentials coming from the caller process or you can hard-code the tokens in partner link properties.
If you want to invoke a WS-Security compliant web service and want to pass user supplied security tokens, Oracle BPEL does not let you set the security credential dynamically. You need to manually create a UserNameToken and then you need to pass the token as a SOAP header.
Follow the steps given below to change and pass security credentials dynamically:
  • Create 3 variable as given below:
<variable name="securityContext" element="ns2:Security"/>
<variable name="userNameToken" element="ns2:UsernameToken"/>
<variable name="pswd" element="ns2:Password"/>
  • Assign incoming security credentials to these variables:
<assign name="AssignSecurityCredentials">
<copy>
<from variable="inputVariable" part="payload"
query="/client:SampleRequest/client:pswd"/>
<to variable="pswd" query="/wsse:Password"/>
</copy>
<copy>
<from variable="inputVariable" part="payload"
query="/client:SampleRequest/client:user"/>
<to variable="userNameToken"
query="/wsse:UsernameToken/wsse:Username"/>
</copy>
<bpelx:insertAfter>
<bpelx:from variable="pswd" query="/wsse:Password"/>
<bpelx:to variable="userNameToken"
query="/wsse:UsernameToken/wsse:Username"/>
</bpelx:insertAfter>
<bpelx:append>
<bpelx:from variable="userNameToken" query="/wsse:UsernameToken"/>
<bpelx:to variable="securityContext" query="/wsse:Security"/>
</bpelx:append>
</assign>
  • Pass the security credentials to the calling service like the expression given below:
<invoke name="InvokeAxisService" partnerLink="PartnerLinkAxisService"
portType="ns1:sample03PortType" operation="echo"
inputVariable="Invoke_1_echo_InputVariable"
outputVariable="Invoke_1_echo_OutputVariable"
bpelx:inputHeaderVariable="securityContext"/>
Complete you BPEL process by adding required functionalities then deploy and test it.

1 comment:

  1. do we need to use the securityContex in WSDL?

    ReplyDelete