Secure Oracle Service Bus REST using OWSM
Some Useful links
In the case of a proxy REST Service, where there is no Envelope message, We can use this policy to send requests with user and password elements in HTTP Transport Header.
Considering you already have a REST service and gonna to secure the same REST service. If you don’t have REST service you can follow the Blog
Let’s proceed with the example.
Open the REST service in JDeveloper, Move to the Policies tab , select the From OWSM Policy Store, Click + sign and add oracle/wss_http_token_service_policy -> Click OK
Make sure policy has been attached
To test the service, you have to create a user in WebLogic console. To do so, please follow the steps:
1) Login into the console
2) Click on Security Realms from left navigation
3) Click on myrealm
4) Go to Users and Groups tab
5) Click New and enter the information -> Click OK
Now this is time to test the REST service using any SOAP UI tool, let’s begin with POSTMAN
Case 1) Let’s hit the service without user credentials
Enter the URL and click SEND. You will get 401 Unauthorized Status code
Case 2) Let’s hit the service with user credentials
Add the Basic Auth in POSTMAN, enter User Name and Password you created in Weblogic console and click Update Request button
Hit the SEND button and see the response.
Now you know how to add and test basic user and password authentication on REST services which are published in OSB, using default OWSM policies.