Secure Oracle Service Bus REST using OWSM
Some Useful links
In the case of a proxy REST Service, where there is no Envelope message, We can use this policy to send requests with user and password elements in HTTP Transport Header.
Considering you already have a REST service and gonna to secure the same REST service. If you don’t have REST service you can follow the Blog
Let’s proceed with the example.
Open the REST service in JDeveloper, Move to the Policies tab , select the From OWSM Policy Store, Click + sign and add oracle/wss_http_token_service_policy -> Click OK
Make sure policy has been attached
To test the service, you have to create a user in WebLogic console. To do so, please follow the steps:
1) Login into the console
2) Click on Security Realms from left navigation
3) Click on myrealm
4) Go to Users and Groups tab
5) Click New and enter the information -> Click OK
Now this is time to test the REST service using any SOAP UI tool, let’s begin with POSTMAN
Case 1) Let’s hit the service without user credentials
Enter the URL and click SEND. You will get 401 Unauthorized Status code
Case 2) Let’s hit the service with user credentials
Add the Basic Auth in POSTMAN, enter User Name and Password you created in Weblogic console and click Update Request button
Hit the SEND button and see the response.
Now you know how to add and test basic user and password authentication on REST services which are published in OSB, using default OWSM policies.
The policy «oracle/wss_http_token_service_policy» provides authentication, but not authorization. Any user created can access this service. How to create in OSB 12c access to the Proxy service only for certain users, but not for everyone?
I've been trying to find information on this topic, as well. Although I haven't found anything recent (220.127.116.11.0 or later), this 11g blog posting looks like it may provide some guidance. https://blogs.oracle.com/soaproactive/policy-authorization-example-in-soa-suite-11g
Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updatingmulesoft online training
Thankyou for sharingerp software