Monday, September 1, 2008

How to pass Security Credentials from BPEL to ESB to a Web Service

I have seen people facing problems to pass security credentials from an ESB routing service to a WS-Security compliant Web Service. Passing security credentials from ESB routing service is possible but it's tricky. You need to play with the XSLT transformation to add WS-Security tokens in SOAP header of a Web Service request.

Oracle ESB is having four extension function for SOAP header manipulation:

1. String getRequestHeader(String xpathExpression,String namespaceDecl)
2. void setOutboundHeader(String xpathExpression,String value, String namespaceDecl)
3. String getInboundResponseHeader(String xpathExpression,String namespaceDecl)
4. void setResponseHeader(String xpathExpression,String value, String namespaceDecl)

here,
xpathExpression - XPath expression to get/set
value - value to be set for the xpathExpression
namespaceDecl - namespace declarations in the form ‘prefix=namespace;’

You need to add the four expressions given below in the XSLT map before invoking a WS-Security compliant Web Service. First two expressions extract user name and password from the incoming SOAP header and the last two expressions add security credentials in the outbound SOAP header.

<xsl:variable name="userName"
select="ehdr:getRequestHeader('/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Username','wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; soap=http://schemas.xmlsoap.org/soap/envelope/;')"/>

<xsl:variable name="password"
select="ehdr:getRequestHeader('/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Password','wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; soap=http://schemas.xmlsoap.org/soap/envelope/;')"/>

<xsl:variable name="setUsername"
select="ehdr:setOutboundHeader('/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Username',$userName,'wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd;')"/>

<xsl:variable name="setPassword"
select="ehdr:setOutboundHeader('/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Password',$password,'wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd;')"/>

See my previous posts How to set security credentials dynamically in Oracle BPEL and Invoking WS-Security compliant Web Services from Oracle BPEL to learn how to send security credentials from a BPEL process. You can download sample BPEL and ESB projects from here. You can use these projects for your reference.

3 comments:

AVNReddy said...

Hi,
When I use this code to pass the Security Credentials from ESB, I am getting soap prefix used but not declared exception. Even I decalre the soap namespace prefix still getting the same error. Could you please post some sample example or how and where to declare the soap: name space.

Thanks a lot.

Abbas Malik said...

Hi brothers,

could any one helo on doing same thing in Glassfish ESB bpel?

REgards,
aabi

Prologic Corporation said...

This is a good article & good site.Thank you for sharing this article. It is help us following categorize:
healthcare, e commerce, programming, multi platform,inventory management, cloud-based solutions, it consulting, retail, manufacturing, CRM, technology means, digital supply chain management, Delivering high-quality service for your business applications,
Solutions for all Industries,
Getting your applications talking is the key to better business processes,
Rapid web services solutions for real business problems,
Web-based Corporate Document Management System,
Outsourcing Solution,
Financial and Operations Business Intelligence Solution,

Our address:
2002 Timberloch Place, Suite 200
The Woodlands, TX 77380
281-364-1799

prologic-corp