Securing an ESB Service using OWSM

Recently I was organizing a seminar regarding Oracle Soa Suite and the focus lied on Securing web services and integration.

In my demo I wanted to show the different features of BPEL, ESB and OWSM and of course the ease of integration of these different technologies.

The ame was to secure as well existing web services as the ESB services itself which are called inside my bpel processes.

In this way I can call stand-alone BPEL processes, ESB services and web services or integrate these technologies with eachother when required.

The difficulty of this exercise lies in calling secured soap services inside an ESB Service. Using a gateway we can secure the ESB Services and BPEL Processes used throughout the organization. The external webservices we need to integrate with are secured as well, and these security requirements need to be met by the calling service, which in our case is an existing BPEL Process or an ESB Service.

First lets have a look on how to call a secured external webservice, a partnerlink, in a bpel process. The webservice expects user-credentials to be able to call the webservice, these credentials can be added to the secured webservice using by editing the partnerlink.

Go to the partnerlink and click ‘edit’, go to the 3d tab which is the ‘Property’ tab and add the needed parameters to your webservice call. These parameters will define that credentials are added to the header of the web service call and the username and password which are required in this header. The properties you need to add are shown in the printscreen, for each property you need to define the proper values.
Such as for the wsseHeaders property, you need to define ‘credentials’ to state that the header will contain user credentials. This is standard web service security we’re using.

To be able to add these same credentials to the external web service, which is invoked from an ESB Service now, we need to come up with another solution. In the demo the same integration exercise is defined, once integration of external web service with BPEL and once through integration of ESB Routing Service with a SOAP Service. The only difficulty in the ESB Service is, that we can’t add these properties in a declarative way to the ESB Service. Instead we need to work with transformations to be able to add the credentials to the SOAP Service call.
How can we accomplish this, by adding parameters to the xsl-stylesheet which is used to transform the call that’s being made to the SOAP Service.

Have a look at the screenshot below to have a clear view on the needed parameters to add to the SOAP Service using an xsl-stylesheet in the transformation-property of our ESB Routing Service.