Authentication and Authorization of Services

(Chapter 24, section 2)

In this section, we will enforce authentication and authorization policies for a very simple service exposed by a SOA composite application. The functionality implemented in the composite is irrelevant at this point, we will focus purely on the WSM policies we have to apply to achieve the non-functional, security requirements. Subsequently we will front the service with a Service Bus public front end – and enforce the same security constraints on this service. We will also use the Service Bus mechanism Access Control Policies that allows us to implement additional constraints for accessing the service. We will see how the authenticated identity can be passed to downstream services.

These figures illustrate OWSM policy binding to SOA Composites and Service Bus service through the EM FWM Control and the Service Bus Console respectively.

image

image

Supporting Resources

The sources for this section are found in folder ch24.

Implementing a Custom Assertion (for a Custom Security Policy)

Documentation

Web Services Manager – OWSM

Creating Custom Assertions for OWSM

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Verplichte velden zijn gemarkeerd met *

De volgende HTML tags en attributen zijn toegestaan: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>