Using Global Policy Attachment with JRF Proxies

In Oracle Fusion Middleware 11g R1 PS3 (11.1.1.4.0) WSM has implemented a mechanism to provide the ability to create and attach policy sets to subjects on a global scope (domain, server, application, or SOA composite).
In this entry we will have a look how this can be done using Web Services WLST Globally-available Policy Set Management Commands for a JRF Web Service Proxy.
To start, let's start by creating a POJO Web Service in JDeveloper and attach a OWSM security policy to it. Say, the service definition looks like:

Service.jpg

Run the service in Integrated Weblogic Server. Next, create a proxy in a new Project for the above service.

ProxyFromAppServerNav.jpg


Use all the defaults and at the Client Policy Configuration page make sure that you don't pick the corresponding Client policy. Now create the ADF WebService Conn for the proxy using the context menu.

CreateADFConn.jpg


Accept the defaults and press Ok.This will create a connections.xml file for you, which you can see under ADF META-INF in Application Resources. Once generated, modify (or create new) the client class as follows:

AddServicePortClient.java


To successfully compile the above code, you need to add the library "ADF Model Runtime" to the project.

AddLibraryDialog.jpg


Once compiled, create a Bean DC for the Client class.

ADFDC.JPG


Now create an ADF Library Jar File for this project and using the Resource Palette, create a File System Connection to this jar, so that we can use this data control in a reusable fashion.

ADFLibraryJar.jpg


At this point before we use the DC with a client, let's configure the server by creating a Policy Set and attaching appropriate policies with this Policy Set.

For this start the wlst command from <ORACLE_HOME>\oracle_common\common\bin
Once you are connected to the Integrated WLS, this is the set of commands you need to setup a Policy Set for this case:

wls:/DefaultDomain/serverConfig> beginRepositorySession()
Repository session begun.

wls:/DefaultDomain/serverConfig> createPolicySet("ws-conn-set","ws-connection","Domain('D*')")
Description defaulted to "Global policy attachments for Web Service Connection resources."
The policy set was created successfully in the session.

wls:/DefaultDomain/serverConfig> attachPolicySetPolicy("oracle/wss11_x509_token_with_message_protection_client_policy")
Policy reference added.

wls:/DefaultDomain/serverConfig> commitRepositorySession()
The policy set ws-conn-set is valid.
Creating policy set ws-conn-set in repository.Repository session committed successfully.

Now, create a new Fusion Web Application and add the Data Control from File System Conn to the Model Project.

AddDCToProject.jpg


Now create a jspx page using the above Data Control and run the page. If you have HTTP Analyzer running, you can see that the call has been made to the service in a secure manner.
If at any point you change the security policy at the service, all you need to do is update the Policy Set with the corresponding new client policy and re-deploy the client.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Tips and Tricks from Oracle's JDeveloper & ADF QA

Search

Archives
« September 2015
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today