End-2-end-105-PO-Processing

E Enforcing Policies

E Enforcing Policies ................................................................................................................... 1

E.1 Introduction ..................................................................................................................... 1
E.2 Policy attachment in console ......................................................................................... 1
E.3 A quick look at policy management ............................................................................. 3
E.4 Policy attachment in JDeveloper ................................................................................... 3

E.1 Introduction
In this section you will experience a simple demonstration of web
services policy enforcement. You will learn:
 How to attach a policy
 How to secure invocation of a composite using web services
security user name token (userid/password)
 How to propagate identity across a multi-component composite
to an invoked service using SAML
 Communicate signed and encrypted messages
The composite to be secured with a user name token is the composite
POProcessing. The composite to be secured with SAML, encryption and
signing is the validationForCC composite.

E.2 Policy attachment in console

Web services policies can be attached in JDeveloper and deployed or
they can be attached in the Enterprise Manager (EM) console after
deployment. In this section, you will use the console.
1. Go to the EM console and log in.
2. Click on POProcessing composite link in the left panel.
3. Click on the Policies tab. No policies are currently attached.
4. Select receivePO in the Attach To/Detach From drop-down list.
5. Select oracle/wss_username_token_service_policy at the bottom of
the Available Policies list. Click the Attach button above and the
policy is added to the Attached Policies panel. Then, click OK. The
original window redisplays and your policy now appears attached.

Section E.1 Enforcing Policies E-1

End-2-end-105-PO-Processing

Figure 3 Attaching a policy

6. Using the same steps as above, attach the policy

oracle/wss11_saml_token_with_message_protection_client_policy
to the attach point getCrediCardStatus.
7. Similarly, attach the policy
oracle/wss11_saml_token_with_message_protection_service_policy
to the attach point getStatusByCC in the validationForCC
composite.
8. Test POProcessing. Use po-large-iPodx30.txt as your test input. Be
sure to select WSS Username Token on the Request tab’s Security
section and specify the userid/password of weblogic/welcome1. Check
the message flow trace to see how execution proceeded.
9. Retest, but this time, specify an invalid password. What error do you
see? You should see a “FailedAuthentication” error.
10. Test validationForCC. Use 1234-1234-1234-1234 for CCNumber. Do
NOT specify any WSS Username Token. What error do you see?
Perhaps you saw a “Webservice Invocation failed” error.
11. Now, repeat the same steps you used to attach the policies.
However, this time, detach (Detach button) all the policies. We need

E-2 Enforcing Policies Section E.2

 End-2-end-105-PO-Processing

to do this since other labs assume POProcessing is not secured. This

will “reset” our composites so further labs will work well.

E.3 A quick look at policy management

In the EM console, select Weblogic Domain in the left-hand panel to expand the
hierarchy. Then, right-click on domain1 in the left-hand panel. Select Web Services and
then Policies. Look at all the policies being managed.

E.4 Policy attachment in JDeveloper

To attach policies in JDeveloper, right-click on services, references and components in the
composite view (composite.xml) and choose to Configure WS Policies. Try and repeat
the exercise you did in the console, but this time, using JDeveloper. As noted above, you
will need to detach any policies before moving on to the next labs as the subsequent labs
assume that policies are not to be attached.

Section E.3 Enforcing Policies E-3