Secure Oracle Service Bus REST using OWSM

Security is one of the main aspects of any service. Services are reusable and can be invoked by either internal or external customers, so we should secure our Service Bus Proxy Services so that only valid users can use them.Service Bus is completely integrated with Oracle Webservices Manager (OWSM) that provides several out of the box security policies. You can use any of these OWSM policies to secure your Proxy Services based on requirements. 

Some Useful links

In the case of a proxy REST Service, where there is no Envelope message, We can use this policy to send requests with user and password elements in HTTP Transport Header.

Considering you already have a REST service and gonna to secure the same REST service. If you don’t have REST service you can follow the Blog

Let’s proceed with the example.

Open the REST service in JDeveloper, Move to the Policies tab , select the From OWSM Policy Store, Click + sign and add oracle/wss_http_token_service_policy -> Click OK

Make sure policy has been attached

To test the service, you have to create a user in WebLogic console. To do so, please follow the steps:

1) Login into the console
2) Click on Security Realms from left navigation
3) Click on myrealm
4) Go to Users and Groups tab
5) Click New and enter the information -> Click OK

Now this is time to test the REST service using any SOAP UI tool, let’s begin with  POSTMAN

Case 1) Let’s hit the service without user credentials

Enter the URL and click SEND. You will get 401 Unauthorized Status code

Case 2) Let’s hit the service with user credentials

Add the Basic Auth in POSTMAN, enter User Name and Password you created in Weblogic console and click Update Request button

Hit the SEND button and see the response.

Now you know how to add and test basic user and password authentication on REST services which are published in OSB, using default OWSM policies.