In our Oracle BPM/SOA project we initially started with 1 process which had a service call out to Oracle UCM/WCC. Since WCC uses basic authentication by default we enabled an OWSM policy on the external reference and made sure the username and password were set in the composite.xml. With the help of Oracle config plans we were able to transfer the SCA through the different OTAP environments.
<interface.wsdl interface="http://www.stellent.com/CheckIn/#wsdl.interface(CheckInSoap)"/> <binding.ws port="http://www.stellent.com/CheckIn/#wsdl.endpoint(CheckIn/CheckInSoap)" location="oramds:/apps/rubix/references/UCM.wsdl" soapVersion="1.1"> <wsp:PolicyReference URI="oracle/wss_http_token_client_policy" orawsp:category="security" orawsp:status="enabled"/> <property name="oracle.webservices.auth.password" type="xs:string" many="false" override="may">welcome2</property> <property name="oracle.webservices.auth.username" type="xs:string" many="false" override="may">ucmuser</property>
However when there became more and more processes, with increased complexity and all with numberous callouts to backends with authentication enabled, the delivey of our release through the OTAP environment became more complex as well.Besides that, our Oracle ADF task screens needed connection to many of the same endpoints as well so we ended up with username and password properties in that deployment as well.
So to centralize the username and password in our environment we decided to use the full potential of the Oracle Credential Store Framework (CSF) for both BPM and ADF. Oracle CSF is part of the Oracle Platform Security Services (OPSS).
Since Oracle BPM relies heavily on the SOA-INFRA structure used by Oracle SOA Suite the functionality works identical. Lucky for us Edwin Biemond already blogged about this feature regarding Oracle SOA Suite which we could simple re-use for Oracle BPM.
Next step was Oracle ADF where our task has functionality to call web services which have the same basic authentication. Again we have a quick start by using this blogpost from Wilfred van der Deijl. In this blogpost he explains how to use a key to the credential store and how to retrieve it from your ADF application.
With the help of these 2 fellow Dutch Oracle techies blogs this turned out to be the smoothest user story in our last sprint ;-)
- Blog Edwin Biemond – HTTP Basic Authentication with SOA
- Blog Wilfred van der Deijl – Credential Store Framework (CSF) with Oracle ADF
- Oracle – Configuring the Policy and Credential Store
- Oracle – Developing with the Credential Store Framework
- Oracle – About Oracle Platform Security Services