Monday, October 22, 2012

How to secure a BPEL Process

Here we will learn how to secure a BPEL process, so that it can only be accessed by authenticated users. 

In a nutshell, we will,
  • Create and protect a BPEL process by user authentication, the process is exposed as a service which requires providing a username and password inside the UsernameToken of the WS-Security specification.
In tutorial part 1 and 2, we learnt how to create a WS-BPEL process. Now we are going to enable security in that process.

[1] Enable security after the deployment
Add a security scenario (for eg: scenario 1, that is UsernameToken) using the Management Console.

[2] Enable security at the deployment time
This is vital when it comes to securing BPELs. Here we are following a service.xml based approach. The BPEL package contains an additional configuration(xml) file to keep the security policy. A sample BPEL process can be found here.

ServicePasswordCallbackHandler is the default password callbackhandler in Carbon, it  resides in the package. If you prefer, you can create your own password callback handler and refer it in the policy configuration, so that it will overwrite the default handler;

Copy password callback handler jar to BPS_HOME/repository/components/lib directory and restart the server.