Hi.
Few days ago I got encountered with a little requirement about how to pass credentials to external web service calls inside BPEL process dynamically. I quickly mentioned to my colleagues that we can do using CSF-KEY on SOA Composite but the challenge was our BPEL process was really a service oriented :). Therefore, we had to pass a separate credentials to external web service calls.
I did a little research and by hit and trail I found a little solution that works well.
So here in summary you have to do
- Create Map in Weblogic Domain as oracle.wsm.security
- Create Key inside the map called it my-custom-csf-key (you can call it anything)
- In BPEL attach a required policy to your service in external reference
- Create a custom variable in the BPEL process to hold the value of your custom CSF key i.e. my-custom-csf-key (You can read the CSF key name from Database if required)
- Assign a csf key value to your variable in the ASSIGN activity
- Add a csf-key property to your INVOKE Activity, set the value as your custom BPEL variable
- Deploy your code and test
Creating Key Map and Credentials Key
Log in to Enterprise Manager where BPEL Process is deployed i.e. http://localhost:7001/em
Right click the Domain Name and Choose Domain_Name > Security > Credentials
Click Create Map button and enter oracle.wsm.security (if it is not already exists), Click OK
Select oracle.wsm.security in the table and click Create Key button
Enter your credentials, make sure the Type set as Password
Click OK, make sure you see the something similar in your screen (ignore basic.credentials)
BPEL Process Details
In the example my application have 2 BPEL process as follows
a. HellowithCredentials - This is main service secured by OWSM policy, you must pass credentials to successfully call it
b. CallSecureService - This is client application which is passing CSF key before invoking HellowithCredentials Service
HellowithCredentials Details
The service is a simple BPEL process and protected by SOA WS Policies i.e. oracle/wss_username_token_service_policy
Inside the BPEL process there is one ASSIGN activity which is just
concat the input parameters you pass with String "Hello"
CallSecureService Details
The BPEL process is calling the HellowithCredentials service as External Service
The oracle/wss_username_token_client_policy is attached to external service
A custom variable myCSFKeyVariable is created inside BPEL process to hold value of our dynamic csf-key
Before Invoking External Service we are assigning value to myCSFKeyVariable using ASSIGN activity
The most important step is to create a property called csf-key inside INVOKE activity and set the value to your custom variable
Build and Deploy your code
Testing application
Test CallSecureService from Enterprise Manager, you will see the following Green Flag
Now alter the password in your my-custom-csf-key to some random and Run again, you will see the following error message
There you go we have successfully pass the credentials to our BPEL process dynamically and secure,
There is no need to hard code the credentials inside BPEL, WebLogic Key Map store the password and encrypt them securely.
Cheers,
Zeeshan Baig
