Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Apply security at the BPEL deployment time

Configuring SecuredService-service.xml

...

Code Block
languagehtml/xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<serviceGroup>
    <service name="DeployArtifact">
   	 <module ref="rampart" />
   	 <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
   		 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
   		 wsu:Id="UTOverTransport">
   		 <wsp:ExactlyOne>
   			 <wsp:All>
   				 <sp:TransportBinding
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:TransportToken>
   							 <wsp:Policy>
   								 <sp:HttpsToken RequireClientCertificate="false" />
   							 </wsp:Policy>
   						 </sp:TransportToken>
   						 <sp:AlgorithmSuite>
   							 <wsp:Policy>
   								 <sp:Basic256 />
   							 </wsp:Policy>
   						 </sp:AlgorithmSuite>
   						 <sp:Layout>
   							 <wsp:Policy>
   								 <sp:Lax />
   							 </wsp:Policy>
   						 </sp:Layout>
   						 <sp:IncludeTimestamp />
   					 </wsp:Policy>
   				 </sp:TransportBinding>
   				 <sp:SignedSupportingTokens
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:UsernameToken
   							 sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
   					 </wsp:Policy>
   				 </sp:SignedSupportingTokens>
   				 <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
   					 <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
   					 <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
   					 <rampart:timestampTTL>300</rampart:timestampTTL>
   					 <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
   					 <rampart:timestampStrict>false</rampart:timestampStrict>
   					 <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
   					 <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
   				 </rampart:RampartConfig>
   			 </wsp:All>
   		 </wsp:ExactlyOne>
   	 </wsp:Policy>
    </service>
</serviceGroup>

Configuring deploy.xml

Add an additional element called endpoint to the inbound interface configuration section as shown below. The endpoint element is used to identify where the SecuredService-service.xml file is located. You need to provide the policy file name as the serviceDescriptionReference value and ‘http://wso2.org/bps/bpel/endpoint/config’ as the XML namespace.

...

Info

HumanTasks can be secured in the same manner.

...

Secure by using a predefined security scenarios at the BPEL at the runtime

Deploy the BPEL process and goto service listing page. Navigate to Process Information page.

...

You'll find predefined security scenarios as described in http://docs.wso2.org/display/BPS320/Security+Scenarios You  You can find more information on each security scenario by clicking on the icon next to each security scenario and apply one of those to secure the BPEL process.