Invoking Secured(WS-Security) Partner Services in WSO2 BPS

WS-BPEL is used in Web Services based Service Oriented Architectures to

Create business processes from Web Services and Human Activities which span across organizations
Create complex services from other less complex services from heterogeneous environments
Create application integration flows from various existing and new applications based Web Services

In most cases we utilize the existing services available, to implement business processes. And there can be situations that those available services are secured using WS-Security.

WS-BPEL 2.0 specification doesn’t define a standard way of handling this type scenarios. And WS-BPEL handles the Web Services at the port-type level. So BPEL engine implementations has there own ways to handle this kind of situation.

We use Apache ODE in WSO2 BPS and we have separate integration layer written based on ODE-Axis2 integration layer. There is a slight difference between WSO2 BPS 1.1.1 and WSO2 BPS 2.0.0 when it comes to configuring WS-Security for partner services. In WSO2 BPS 1.1.1, user needs to create a separate file called package-config.xml which contains endpoint configuration information while in 2.0.0 we have extended deploy.xml to support these configuration. But both these mechanisms share same configuration elements and only difference is the place we keep them.

Users can use Policy XML compatible with Apache Rampart or services.xml file which compatible with Axis2 and contains security policies compatible with Rampart to configure WS-Security for partner services.

How to configure security for partner endpoints?

WSO2 BPS 1.1.1

You need to create a separate file called package-config.xml which looks like following, and put it in the root of your BPEL package.

In this package configuration file we have ‘endpoints’ element which contains configurations of all the endpoints exposed by BPEL process and invoke by BPEL process. When configuring endpoints you need to specify serviceName, servicePort and serviceNS attributes according to the configurations in deploy.xml. For example if you want to call secured CreditRatingPL partner link(CreditRating service partner service) in following deploy.xml file, endpoint configuration will look like above example.

To configure security you can use either a policy XML or services.xml file. And policy configurations are same as configuring security for normal Axis2 based service clients using Rampart. There are Rampart specific policy extension elements which let you configure key stores, user name – password pairs and password callback classes.

You can put the policy XML files and services.xml files in BPEL package or in anywhere in the file system and put the correct location in location attribute. If your password callback classes are in a separate JAR, you can put them on the BPS_HOME/repository/components/lib directory.

You can download sample BPEL package for WSO2 BPS 1.1.1 which shows you how to configure security from here.

WSO2 BPS 2.0.0

The main difference in version 2.0.0 is you can specify security and other endpoint configuration parameters directly in deploy.xml file. For example to configure security for CreditRatingPL partner link, you can directly specify endpoint configuration inside ‘service’ element as follows. In this case you don’t need to specify service name or port name, because they are already available in the parent element(‘service’).

You can download sample BPEL package from here.

Resources

http://wso2bpsteam.wordpress.com/2010/10/03/invoking-securedws-security-partner-services-in-wso2-bps/ Invoking Secured(WS-Security) Partner Services in WSO2 BPS « WSO2 BPS Team Blog

[...] October 3, 2010 by mpathirage in BPS. Leave a Comment This blog post by Milinda Pathirage describes how you can invoke secured partner services using WSO2 Business [...]
soufiane

hello;
I got this error when I try this example:

axis2ns2:Fault
Timeout or execution error when waiting for response to MEX {MyRoleMex#hqejbhcnphr65duc07o1a3 [Client hqejbhcnphr65duc07o1a2] calling {http://wso2.org/bps/samples/LoanProcess}LoanProcessService.laonRequest(…)} java.util.concurrent.TimeoutException: Message exchange org.apache.ode.bpel.engine.MyRoleMessageExchangeImpl$ResponseFuture@7eaba4 timed out(120000 ms) when waiting for a response!
http://twitter.com/milindalakmal milindalakmal

There should be a issue in your BPEL process. According to above error process couldn’t send the response back within configured timeout. One thing you can do to figure this out is go to instances list and go to the instance view of this instance where you get the issue. From the activity list you can find out what is the last activity activated by process engine. That will help you to figure out the issue in your process.

If you have further issues post them in WSO2 BPS forum at http://wso2.org/forum/886.

Upthrust