com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links' is unknown.

BPEL Security

Apply security at the BPEL deployment time

Configuring SecuredService-service.xml

The SecuredService-service.xml file contains the security policy configuration which is used to secure the BPEL service. For example:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<serviceGroup>
    <service name="DeployArtifact">
   	 <module ref="rampart" />
   	 <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
   		 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
   		 wsu:Id="UTOverTransport">
   		 <wsp:ExactlyOne>
   			 <wsp:All>
   				 <sp:TransportBinding
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:TransportToken>
   							 <wsp:Policy>
   								 <sp:HttpsToken RequireClientCertificate="false" />
   							 </wsp:Policy>
   						 </sp:TransportToken>
   						 <sp:AlgorithmSuite>
   							 <wsp:Policy>
   								 <sp:Basic256 />
   							 </wsp:Policy>
   						 </sp:AlgorithmSuite>
   						 <sp:Layout>
   							 <wsp:Policy>
   								 <sp:Lax />
   							 </wsp:Policy>
   						 </sp:Layout>
   						 <sp:IncludeTimestamp />
   					 </wsp:Policy>
   				 </sp:TransportBinding>
   				 <sp:SignedSupportingTokens
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:UsernameToken
   							 sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
   					 </wsp:Policy>
   				 </sp:SignedSupportingTokens>
   				 <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
   					 <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
   					 <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
   					 <rampart:timestampTTL>300</rampart:timestampTTL>
   					 <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
   					 <rampart:timestampStrict>false</rampart:timestampStrict>
   					 <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
   					 <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
   				 </rampart:RampartConfig>
   			 </wsp:All>
   		 </wsp:ExactlyOne>
   	 </wsp:Policy>
    </service>
</serviceGroup>

Configuring deploy.xml

Add an additional element called endpoint to the inbound interface configuration section as shown below. The endpoint element is used to identify where the SecuredService-service.xml file is located. You need to provide the policy file name as the serviceDescriptionReference value and ‘http://wso2.org/bps/bpel/endpoint/config’ as the XML namespace.

<?xml version="1.0" encoding="UTF-8"?>

<deploy xmlns="http://www.apache.org/ode/schemas/dd/2007/03" xmlns:deploy.core.af.carbon.wso2.org="http://deploy.core.af.carbon.wso2.org" xmlns:sample="http://wso2.org">

  <process name="sample:DeployArtifact">

	<active>true</active>
	<retired>false</retired>
	<process-events generate="all"/>

	<provide partnerLink="client">
  	<service name="sample:DeployArtifact" port="DeployArtifactPort">
    <endpoint xmlns="http://wso2.org/bps/bpel/endpoint/config" serviceDescriptionReference="SecuredService-service.xml"/>
  	</service>
	</provide>
	
<invoke partnerLink="deployPL">
  	<service name="deploy.core.af.carbon.wso2.org:ApplicationDeployer" port="ApplicationDeployerHttpsSoap11Endpoint"/>
	</invoke>
  </process>
</deploy> 

There are multiple ways you can package SecuredService-service.xml.

  • Package within the BPEL process. Tree structure of a secured BPEL package is shown below.
  • Store in the registry (config or WSO2 Governance Registry). You can specify the file path as follows:

    serviceDescriptionReference="conf:/SecuredService-service.xml" OR serviceDescriptionReference="gov:/SecuredService-service.xml" in the deploy.xml file. 

  • Store in the file system. You can specify the file path as follows:

    serviceDescriptionReference="./../../../../repository/conf/SecuredService-service.xml" in the deploy.xml file.

The BPEL process is now secured.

Applying security with Developer Studio

You can configure security policies using WSO2 Developer Studio. For more information on how to do this, see Applying Security for a Service.

 

com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links2' is unknown.