Monday, October 26, 2015

Change of Twitter Handler Find me @IamZeeshanBaig

Share this Post
Hello Friends,

This is to inform you that I have renamed my Twitter handler to @IamZeeshanBaig from @baigsorcl

If you follow me on twitter there is no change except you need to remember my new ID.

I found my old handler was not really understandable and memorable to my friends and it is not tied to any technology.

Regards,
Zeeshan Baig
www.twitter.com/iamzeeshanbaig

Wednesday, October 21, 2015

How to Pass Dynamic Credentials to Web Services in BPEL Process

Share this Post
Hi.

Few days ago I got encountered with a little requirement about how to pass credentials to external web service calls inside BPEL process dynamically. I quickly mentioned to my colleagues that we can do using CSF-KEY on SOA Composite but the challenge was our BPEL process was really a service oriented :). Therefore, we had to pass a separate credentials to external web service calls.

I did a little research and by hit and trail I found a little solution that works well.

So here in summary you have to do
  • Create Map in Weblogic Domain as oracle.wsm.security 
  • Create Key inside the map called it my-custom-csf-key (you can call it anything) 
  • In BPEL attach a required policy to your service in external reference 
  • Create a custom variable in the BPEL process to hold the value of your custom CSF key i.e. my-custom-csf-key (You can read the CSF key name from Database if required) 
  • Assign a csf key value to your variable in the ASSIGN activity 
  • Add a csf-key property to your INVOKE Activity, set the value as your custom BPEL variable 
  • Deploy your code and test

Creating Key Map and Credentials Key

Log in to Enterprise Manager where BPEL Process is deployed i.e. http://localhost:7001/em

Right click the Domain Name and Choose Domain_Name > Security > Credentials 





Click Create Map button and enter oracle.wsm.security (if it is not already exists), Click OK




Select oracle.wsm.security in the table and click Create Key button

Enter your credentials, make sure the Type set as Password




Click OK, make sure you see the something similar in your screen (ignore basic.credentials)





BPEL Process Details


In the example my application have 2 BPEL process as follows

a. HellowithCredentials - This is main service secured by OWSM policy, you must pass credentials to successfully call it 
b.  CallSecureService - This is client application which is passing CSF key before invoking HellowithCredentials Service


HellowithCredentials Details


The service is a simple BPEL process and protected by SOA WS Policies i.e. oracle/wss_username_token_service_policy




Inside the BPEL process there is one ASSIGN activity which is just concat the input parameters you pass with String "Hello"




CallSecureService Details


The BPEL process is calling the HellowithCredentials service as External Service 


The oracle/wss_username_token_client_policy is attached to external service





A custom variable myCSFKeyVariable is created inside BPEL process to hold value of our dynamic csf-key 



Before Invoking External Service we are assigning value to myCSFKeyVariable using ASSIGN activity





The most important step is to create a property called csf-key inside INVOKE activity and set the value to your custom variable


Build and Deploy your code 

Testing application


Test CallSecureService from Enterprise Manager, you will see the following Green Flag


Now alter the password in your my-custom-csf-key to some random and Run again, you will see the following error message



There you go we have successfully pass the credentials to our BPEL process dynamically and secure, 

There is no need to hard code the credentials inside BPEL, WebLogic Key Map store the password and encrypt them securely. 

Cheers,
Zeeshan Baig