(Chapter 24, section 2)
In this section, we will enforce authentication and authorization policies for a very simple service exposed by a SOA composite application. The functionality implemented in the composite is irrelevant at this point, we will focus purely on the WSM policies we have to apply to achieve the non-functional, security requirements. Subsequently we will front the service with a Service Bus public front end – and enforce the same security constraints on this service. We will also use the Service Bus mechanism Access Control Policies that allows us to implement additional constraints for accessing the service. We will see how the authenticated identity can be passed to downstream services.
These figures illustrate OWSM policy binding to SOA Composites and Service Bus service through the EM FWM Control and the Service Bus Console respectively.
The sources for this section are found in folder ch24.
Implementing a Custom Assertion (for a Custom Security Policy)
Web Services Manager – OWSM
Creating Custom Assertions for OWSM