Calling a webservice using the wss-username-token policy from a SOA Suite composite

Hugo Hendriks's picture
Submitted by Hugo Hendriks on Thu, 21/07/2011 - 13:21

When you are building a composite using the SOA Suite you quite often want to call an external webservice. These services can have a form of security on them....wss-username-token in our example. To attach the policy to the service in BPEL is quite forwards.

  • Right-click the service in the 'External Reference' swimlane and click 'Configure WS Policies'
  • Choose the correct policy under Security. In my case oracle/wss_username_token_client_policy
  • Next we need to supply a username and password. The easiest way is to go to the source of the composite.xml and add 2 properties to the binding. See below for an example. This will ensure you can call your service using ws-security:username-token.

  1.  <reference name="CardManagementService" ui:wsdlLocation="v1.wsdl">
  2.     <interface.wsdl interface="http://www.rbx.nl/wsdl/cardmanagement/service#wsdl.interface(CardManagementServicePortType)"/>
  3.     <binding.ws port="http://www.rbx.nl/wsdl/cardmanagement/service#wsdl.endpoint(CardManagementServiceQSService/CardManagementServiceQSPort)"
  4.                 location="v1.wsdl" soapVersion="1.2">
  5.       <wsp:PolicyReference URI="oracle/wss_username_token_client_policy"
  6.                            orawsp:category="security" orawsp:status="enabled"/>
  7.       <property name="weblogic.wsee.wsat.transaction.flowOption"
  8.                 type="xs:string" many="false">WSDLDriven</property>
  9.       <property name="oracle.webservices.auth.username" type="xs:string"
  10.                 many="false" override="may">MyUsername</property>
  11.       <property name="oracle.webservices.auth.password" type="xs:string"
  12.                 many="false" override="may">MyPassword</property>
  13.     </binding.ws>
  14.   </reference>

 

»