Working with Security 26-9 – AIA_Consumer_WSServicePolicySet – AIA_Producer_WSServicePolicySet ■ Global PolicySets attached to Composite References – AIA_ABCS_WSClientPolicySet – AIA_EBS_WSClientPolicySet – AIA_EBF_WSClientPolicySet – AIA_Adapter_WSClientPolicySet – AIA_Consumer_WSClientPolicySet – AIA_Producer_WSClientPolicySet 26.6.2 How Can the Global Policy be Overridden for an Individual Service? Composites that must interact with protected application services needing a different security policy, have local policies attached, overriding the global polices at the time of deployment. Similarly, the NoClientAuthenticationPolicy is attached, overriding the global policy sets for composites that must interact with non-protected application services. The AIA Deployment Driver provides support, in general, for attaching any overriding local security policy, but supports configuration-overriding only for saml-token and username-token client policies. When a different client local policy is used, the AIA Deployment Driver attaches the policy but its configuration is a manual task. The structure of the XML file is shown in Example 26–3 .

26.6.3 AIA Security Configuration Properties

Composites that require local policies attached to either service endpoints or reference endpoints or both, must furnish the information to the Foundation Pack tool. These composites must have an associated xml-based security configuration file. This file is named AIASecurityConfigurationProperties.xml. The Foundation Pack tool needs the following information: ■ Name of the composite ■ Name of all service endpoints that require local policies ■ Name of all reference endpoints that require local policies ■ Name of the policies that must be locally attached The associated AIASecurityConfigurationProperties.xml of the composite that requires a local policy attachment must furnish listed above. This file is placed along with the project artifacts in the same folder as the composite.xml. This file should be source-controlled. When a composite does not require a local policy attachment, then it is not necessary to have this xml file defined for that composite. Example 26–3 shows a sample AIASecurityConfigurationProperties.xml. 26-10 Developers Guide for Oracle Application Integration Architecture Foundation Pack Example 26–3 Sample AIASecurityConfigurationProperties.xml ?xml version=1.0 encoding=UTF-8? --Note: the attribute compositeName is the name of the AIA Service composite preprended by {namespace of the AIA service as defined in its wsdl} -- SecurityConfiguration xmlns=http:xmlns.oracle.comfpcoresecurityV1 version=1.0 compositeName={http:xmlns.oracle.comABCSImplSiebelSamples SamplesCreateCustomerSiebelReqABCSImplV1}SamplesCreateCustomerSiebel ReqABCSImpl -- the following element is repeated for each service end point of this Composite ,which requires a direct local policy attachement -- Service resourceType=SOA-Service -- It is the service endpoint. It should be same as attribute name of element service in composite.xml -- NameSamplesCreateCustomerSiebelReqABCSImplName -- This is the port name. For BPEL-based references, its value is Name of the Porttype as given in the WSDL of this AIA service For Mediator-based reference, this is [Name of the Porttype element as given in the WSDL]_pt This example assumes a scenario when services and wsdls are coded by following the AIA naming conventions.In other scenarios, the value might be slightly different. Look at the hint below to come up with the correct value for the element PortName.-- PortNameSamplesCreateCustomerSiebelReqABCSImplPortName WSPolicies WSPolicyName policyType =authenticationoraclewss_username_token_service_ policyWSPolicyName WSPolicies Service -- the following element is repeated for each reference end point of this Composite ,which requires a direct local policy attachement -- Reference resourceType = SOA-Reference -- should be same as attribute name of element reference in composite.xml -- NameSamplesCustomerPartyEBSName -- port name. For BPEL-based references, its value is name of the Porttype element as given in the WSDL of this AIA service. For Mediator-based reference, the value is [Name ofthe Porttype element as given in the WSDL]_pt -- This example assumes a scenario when services and wsdls are coded by following the AIA naming conventions. In other scenarios, the value might be slightly different. Look at the hint below to come up with the correct value for the element PortName. Hint: In the composite.xml, for the binding.ws of the service element, the attribute port takes value of the following form. binding.ws port=[namespace of the service as defined in the wsdl]V1wsdl.endpointServicePort Make sure that the PortName provided by you here, is same as Port in the composite.xml PortNameCustomerPartyEBS_ptPortName WSPolicies WSPolicyName policyType =authenticationoraclewss_username_token_client_ policyWSPolicyName ConfigParams -- Param could be a repeating element- Future use only -- -- APPSHORTNAME should be same as applications short name -- -- ServiceName and PortTypeName are as given in the APPs web service WSDL -- Working with Security 26-11 Param paramName=csf-keyAPPSHORTNAME_ServiceName_PortTypeNameParam ConfigParams WSPolicies Reference SecurityConfiguration Points to note for a composite: ■ If no service endpoint requires a direct policy attachment, but a reference endpoint requires one, then the AIASecurityConfigurationProperties.xml need not have a service element. ■ If no reference endpoint requires a direct policy attachment, but a service endpoint requires one, then the AIASecurityConfigurationProperties.xml need not have a reference element. ■ If there are two or more service endpoints, but only one of them requires a direct policy to be attached, then only one service element must be present in the AIASecurityConfigurationProperties.xml. ■ If there are two or more reference endpoints, but only one of them requires a direct policy to be attached, then only one reference element must be present in the AIASecurityConfigurationProperties.xml.

26.7 Application Security Context