This documentation is for WSO2 Business Process Server 3.2.0. View documentation for the latest release.

Unknown macro: {next_previous_link3}
Skip to end of metadata
  • Created by Former user, last modified by Former user on Feb 05, 2014
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Apply security at the BPEL deployment time

Configuring SecuredService-service.xml

The SecuredService-service.xml file contains the security policy configuration which is used to secure the BPEL service. For example:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<serviceGroup>
    <service name="DeployArtifact">
   	 <module ref="rampart" />
   	 <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
   		 xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
   		 wsu:Id="UTOverTransport">
   		 <wsp:ExactlyOne>
   			 <wsp:All>
   				 <sp:TransportBinding
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:TransportToken>
   							 <wsp:Policy>
   								 <sp:HttpsToken RequireClientCertificate="false" />
   							 </wsp:Policy>
   						 </sp:TransportToken>
   						 <sp:AlgorithmSuite>
   							 <wsp:Policy>
   								 <sp:Basic256 />
   							 </wsp:Policy>
   						 </sp:AlgorithmSuite>
   						 <sp:Layout>
   							 <wsp:Policy>
   								 <sp:Lax />
   							 </wsp:Policy>
   						 </sp:Layout>
   						 <sp:IncludeTimestamp />
   					 </wsp:Policy>
   				 </sp:TransportBinding>
   				 <sp:SignedSupportingTokens
   					 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
   					 <wsp:Policy>
   						 <sp:UsernameToken
   							 sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
   					 </wsp:Policy>
   				 </sp:SignedSupportingTokens>
   				 <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
   					 <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
   					 <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
   					 <rampart:timestampTTL>300</rampart:timestampTTL>
   					 <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
   					 <rampart:timestampStrict>false</rampart:timestampStrict>
   					 <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
   					 <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
   				 </rampart:RampartConfig>
   			 </wsp:All>
   		 </wsp:ExactlyOne>
   	 </wsp:Policy>
    </service>
</serviceGroup>

Configuring deploy.xml

Add an additional element called endpoint to the inbound interface configuration section as shown below. The endpoint element is used to identify where the SecuredService-service.xml file is located. You need to provide the policy file name as the serviceDescriptionReference value and ‘http://wso2.org/bps/bpel/endpoint/config’ as the XML namespace.

<?xml version="1.0" encoding="UTF-8"?>

<deploy xmlns="http://www.apache.org/ode/schemas/dd/2007/03" xmlns:deploy.core.af.carbon.wso2.org="http://deploy.core.af.carbon.wso2.org" xmlns:sample="http://wso2.org">

  <process name="sample:DeployArtifact">

	<active>true</active>
	<retired>false</retired>
	<process-events generate="all"/>

	<provide partnerLink="client">
  	<service name="sample:DeployArtifact" port="DeployArtifactPort">
    <endpoint xmlns="http://wso2.org/bps/bpel/endpoint/config" serviceDescriptionReference="SecuredService-service.xml"/>
  	</service>
	</provide>
	
<invoke partnerLink="deployPL">
  	<service name="deploy.core.af.carbon.wso2.org:ApplicationDeployer" port="ApplicationDeployerHttpsSoap11Endpoint"/>
	</invoke>
  </process>
</deploy> 

There are multiple ways you can package SecuredService-service.xml.

  • Package within the BPEL process. Tree structure of a secured BPEL package is shown below.

  • Store in the registry (config or WSO2 Governance Registry). You can specify the file path as follows:

    serviceDescriptionReference="conf:/SecuredService-service.xml" OR serviceDescriptionReference="gov:/SecuredService-service.xml" in the deploy.xml file. 

  • Store in the file system. You can specify the file path as follows:

    serviceDescriptionReference="./../../../../repository/conf/SecuredService-service.xml" in the deploy.xml file.

The BPEL process is now secured.

HumanTasks can be secured in the same manner.

Securing using predefined security scenarios at the BPEL at the runtime

Deploy the BPEL process and goto service listing page. Navigate to Process Information page.

Click on Security on the QOS Dashboard.

You'll find predefined security scenarios as described in http://docs.wso2.org/display/BPS320/Security+Scenarios You can find more information on each security scenario by clicking on the icon next to each security scenario and apply one of those to secure the BPEL process.

  • No labels
Unknown macro: {next_previous_links2}

 
Copyright © WSO2 Inc. 2005-2014