Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Apply security at the BPEL deployment time

Configuring SecuredService-service.xml

The SecuredService-service.xml file contains the security policy configuration which is used to secure the BPEL service. For example:

Code Block
languagehtml/xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<serviceGroup>
    <service name="DeployArtifact">
   	 <module ref="rampart" />
   	 <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
   		 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
   		 wsu:Id="UTOverTransport">
   		 <wsp:ExactlyOne>
   			 <wsp:All>
   				 <sp:TransportBinding
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:TransportToken>
   							 <wsp:Policy>
   								 <sp:HttpsToken RequireClientCertificate="false" />
   							 </wsp:Policy>
   						 </sp:TransportToken>
   						 <sp:AlgorithmSuite>
   							 <wsp:Policy>
   								 <sp:Basic256 />
   							 </wsp:Policy>
   						 </sp:AlgorithmSuite>
   						 <sp:Layout>
   							 <wsp:Policy>
   								 <sp:Lax />
   							 </wsp:Policy>
   						 </sp:Layout>
   						 <sp:IncludeTimestamp />
   					 </wsp:Policy>
   				 </sp:TransportBinding>
   				 <sp:SignedSupportingTokens
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:UsernameToken
   							 sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
   					 </wsp:Policy>
   				 </sp:SignedSupportingTokens>
   				 <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
   					 <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
   					 <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
   					 <rampart:timestampTTL>300</rampart:timestampTTL>
   					 <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
   					 <rampart:timestampStrict>false</rampart:timestampStrict>
   					 <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
   					 <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
   				 </rampart:RampartConfig>
   			 </wsp:All>
   		 </wsp:ExactlyOne>
   	 </wsp:Policy>
    </service>
</serviceGroup>

Configuring deploy.xml

Add an additional element called endpoint to the inbound interface configuration section as shown below. The endpoint element is used to identify where the SecuredService-service.xml file is located. You need to provide the policy file name as the serviceDescriptionReference value and ‘http://wso2.org/bps/bpel/endpoint/config’ as the XML namespace.

...

The BPEL process is now secured.

...

Secure by using a predefined security scenarios at the BPEL at the runtime

Deploy the BPEL process and goto service listing page. Navigate to Process Information page.

Click on Security on the QOS Dashboard.

Image Added

You'll find predefined security scenarios as described in http://docs.wso2.org/display/BPS320/Security+Scenarios You can find more information on each security scenario by clicking on the icon next to each security scenario and apply one of those to secure the BPEL process.