com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_link3' is unknown.

BPEL Security

Configuring SecuredService-service.xml

The SecuredService-service.xml file contains the security policy configuration which is used to secure the BPEL service. For example:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<serviceGroup>
    <service name="DeployArtifact">
   	 <module ref="rampart" />
   	 <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
   		 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
   		 wsu:Id="UTOverTransport">
   		 <wsp:ExactlyOne>
   			 <wsp:All>
   				 <sp:TransportBinding
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:TransportToken>
   							 <wsp:Policy>
   								 <sp:HttpsToken RequireClientCertificate="false" />
   							 </wsp:Policy>
   						 </sp:TransportToken>
   						 <sp:AlgorithmSuite>
   							 <wsp:Policy>
   								 <sp:Basic256 />
   							 </wsp:Policy>
   						 </sp:AlgorithmSuite>
   						 <sp:Layout>
   							 <wsp:Policy>
   								 <sp:Lax />
   							 </wsp:Policy>
   						 </sp:Layout>
   						 <sp:IncludeTimestamp />
   					 </wsp:Policy>
   				 </sp:TransportBinding>
   				 <sp:SignedSupportingTokens
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:UsernameToken
   							 sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
   					 </wsp:Policy>
   				 </sp:SignedSupportingTokens>
   				 <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
   					 <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
   					 <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
   					 <rampart:timestampTTL>300</rampart:timestampTTL>
   					 <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
   					 <rampart:timestampStrict>false</rampart:timestampStrict>
   					 <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
   					 <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
   				 </rampart:RampartConfig>
   			 </wsp:All>
   		 </wsp:ExactlyOne>
   	 </wsp:Policy>
    </service>
</serviceGroup>

Configuring deploy.xml

Add an additional element called endpoint to the inbound interface configuration section as shown below. The endpoint element is used to identify where the SecuredService-service.xml file is located. You need to provide the policy file name as the serviceDescriptionReference value and ‘http://wso2.org/bps/bpel/endpoint/config’ as the XML namespace.

<?xml version="1.0" encoding="UTF-8"?>

<deploy xmlns="http://www.apache.org/ode/schemas/dd/2007/03" xmlns:deploy.core.af.carbon.wso2.org="http://deploy.core.af.carbon.wso2.org" xmlns:sample="http://wso2.org">

  <process name="sample:DeployArtifact">

	<active>true</active>
	<retired>false</retired>
	<process-events generate="all"/>

	<provide partnerLink="client">
  	<service name="sample:DeployArtifact" port="DeployArtifactPort">
    <endpoint xmlns="http://wso2.org/bps/bpel/endpoint/config" serviceDescriptionReference="SecuredService-service.xml"/>
  	</service>
	</provide>
	
<invoke partnerLink="deployPL">
  	<service name="deploy.core.af.carbon.wso2.org:ApplicationDeployer" port="ApplicationDeployerHttpsSoap11Endpoint"/>
	</invoke>
  </process>
</deploy> 

There are multiple ways you can package SecuredService-service.xml.

  • Package within the BPEL process. Tree structure of a secured BPEL package is shown below.
  • Store in the registry (config or WSO2 Governance Registry). You can specify the file path as follows:

    serviceDescriptionReference="conf:/SecuredService-service.xml" OR serviceDescriptionReference="gov:/SecuredService-service.xml" in the deploy.xml file. 

  • Store in the file system. You can specify the file path as follows:

    serviceDescriptionReference="./../../../../repository/conf/SecuredService-service.xml" in the deploy.xml file.

The BPEL process is now secured.

HumanTasks can be secured in the same manner.

com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links2' is unknown.