Using Global Policy Attachment with JRF Proxies

In Oracle Fusion Middleware 11g R1 PS3 ( WSM has implemented a
mechanism to provide the ability to create and attach policy sets to subjects on a
global scope (domain, server, application, or SOA composite).
In this entry we will have a look how this can be done
using Web Services WLST Globally-available Policy Set Management
Commands for a JRF Web Service Proxy.
To start, let's start by
creating a POJO Web Service in JDeveloper and attach a OWSM security
policy to it. Say, the service definition looks like:


Run the service in Integrated Weblogic Server. Next, create a proxy in a new Project for the above service.


Use all the defaults and at the Client Policy Configuration page make sure that you don't
pick the corresponding Client policy. Now create the ADF WebService
Conn for the proxy using the context menu.


Accept the defaults and press Ok.This will create a connections.xml file
for you, which you can see under ADF META-INF in Application Resources.
Once generated, modify (or create new) the client class as follows:


To successfully compile the above code, you need to add the library "ADF Model Runtime" to the project.


Once compiled, create a Bean DC for the Client class.


Now create an ADF Library Jar File for this project and using the
Resource Palette, create a File System Connection to this jar, so that
we can use this data control in a reusable fashion.


At this point before we use the DC with a client, let's configure the
server by creating a Policy Set and attaching appropriate policies with
this Policy Set.

For this start the wlst command from <ORACLE_HOME>\oracle_common\common\bin
Once you are connected to the Integrated WLS, this is the set of commands you need to setup a Policy Set for this case:

wls:/DefaultDomain/serverConfig> beginRepositorySession()
Repository session begun.

wls:/DefaultDomain/serverConfig> createPolicySet("ws-conn-set","ws-connection","Domain('D*')")
Description defaulted to "Global policy attachments for Web Service Connection resources."
The policy set was created successfully in the session.

wls:/DefaultDomain/serverConfig> attachPolicySetPolicy("oracle/wss11_x509_token_with_message_protection_client_policy")
Policy reference added.

wls:/DefaultDomain/serverConfig> commitRepositorySession()
The policy set ws-conn-set is valid.
Creating policy set ws-conn-set in repository.Repository session committed successfully.

Now, create a new Fusion Web Application and add the Data Control from File System Conn to the Model Project.


Now create a jspx page using the above Data Control and run the page. If
you have HTTP Analyzer running, you can see that the call has been made
to the service in a secure manner.
If at any point you change the
security policy at the service, all you need to do is update the Policy
Set with the corresponding new client policy and re-deploy the client.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.