Call Secure Service from Oracle SOA

By | January 7, 2014 | 1 Comment

In our previous post, we showed how we can secure SOA Service. In this we will show how we can call secure SOA service from another SOA service.

There are two methods for that

Run time: We will use security schema and at run time we will provide Username/Password and pass that as a header variable in Invoke.

Design time: In this method we will add Oracle/wss_username_client_policy in composite.xml and hard code the username/password there. But one drawback: we need to redeploy bpel every time if username/password changes for service policy.

We will discuss above approach one by one.

Runtime approach

Copy this schema to our project

Create a new BPEL process from this we will call secure SOA service. Create a variable (Header Variable) on the basis of above schema. Choose security element.



Create username Variable from above schema. Choose UsernameToken Element.



Create password variable. Select Password Element.



Now we need to create a header variable that will contain Username and Password. For that add Assign activity. In copy operation assign Username to UserName variable.



Assign Password to Password Variable.



Now we will combine both username and password variable by using Insert-After Operation in Assign.



Now we will make complete Header variable by appending UsernameToken in Header Variable.



Now pass this Header Variable in Invoke.



Design Time Approach


In this approach we will add client policy to SOA reference and provide Username and Password.

Go to composite.xml file and right click on the reference.


Right Click On reference wsdl(secure service wsdl). Choose username_client policy because we choose username_service policy at other end.



Press ok and click on secure service reference and open the Inspector tab. Add Binding Property.



Set below properties.


Deploy the process.


Below is the sample code for this post.



Leave a Reply

Your email address will not be published. Required fields are marked *