How to override the OWSM policy of a REST Binding Reference in Soa Suite 12c?

Question

I am working the on the Oracle Fusion Middleware 12.1.3.

In my composite, I added a "Rest Binding" External Reference, for which I added a oracle/wss_http_token_client_policy and overrid the csf-key property.

In the files, it looks like :

myComposite.BAS :

<?xml version="1.0" encoding="UTF-8" ?>
<!-- Generated by Oracle SOA Modeler version 12.1.3.0.0 at [01-06-2016 16:01]. -->
<composite name="MyCompositeBAS"
           revision="9.8.8"
           label="2016-06-01_16-01-48_442"
           mode="active"
           state="on"
           xmlns="http://xmlns.oracle.com/sca/1.0"
           xmlns:xs="http://www.w3.org/2001/XMLSchema"
           xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
           xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy"
           xmlns:ui="http://xmlns.oracle.com/soa/designer/"
           xmlns:sca-ext="http://xmlns.oracle.com/sca/1.0-ext">

  [.....]

  <component name="MyCompositeBASProcess" version="2.0">
    <implementation.bpel src="BPEL/MyCompositeBASProcess.bpel"/>
    <componentType>
      <service name="mycompositebasprocess_client" ui:wsdlLocation="WSDLs/MyCompositeBASProcess.wsdl">
        <interface.wsdl interface="http://xmlns.oracle.com/GDDSOA/MyCompositeBAS/MyCompositeBASProcess#wsdl.interface(MyCompositeBASProcess)"
                        callbackInterface="http://xmlns.oracle.com/GDDSOA/MyCompositeBAS/MyCompositeBASProcess#wsdl.interface(MyCompositeBASProcessCallback)"/>
      </service>
      <reference name="CMProxyRS" ui:wsdlLocation="WSDLs/CMProxyRS.wsdl">
        <interface.wsdl interface="http://xmlns.oracle.com/GDDSOA/MyCompositeBAS/CMProxyRS#wsdl.interface(CMProxyRS_ptt)"/>
      </reference>
    </componentType>
    <property name="bpel.config.oneWayDeliveryPolicy" type="xs:string" many="false">async.persist</property>
  </component>

  <reference name="CMProxyRS" ui:wsdlLocation="WSDLs/CMProxyRS.wsdl">
    <interface.wsdl interface="http://xmlns.oracle.com/GDDSOA/MyCompositeBAS/CMProxyRS#wsdl.interface(CMProxyRS_ptt)"/>
    <binding.rest config="Adapters/CMProxyRS.wadl" location="http://myUatServer/cmproxy/resources/v2/" />
  </reference>

  [....]

  <wire>
    <source.uri>MyCompositeBASProcess/CMProxyRS</source.uri>
    <target.uri>CMProxyRS</target.uri>
  </wire>
</composite>

---

wsm-assembly.xml :

<?xml version="1.0" encoding="windows-1252" ?>
<orawsp:wsm-assembly xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy">
  <sca11:policySet xmlns:sca11="http://docs.oasis-open.org/ns/opencsa/sca/200912" name="policySet"
               appliesTo="SCA-REST-REFERENCE()" attachTo="REFERENCE('CMProxyRS')" orawsp:highId="2" 
               xml:id="SCA-REST-REFERENCE__REFERENCE__CMProxyRS__">
    <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
                     DigestAlgorithm="http://www.w3.org/ns/ws-policy/Sha1Exc"
                     URI="oracle/wss_http_token_client_policy" orawsp:status="enabled" orawsp:id="2">
      <orawsp:OverrideProperty xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy" orawsp:name="csf-key"
                           orawsp:value="cmproxy.rest"/>
    </wsp:PolicyReference>
  </sca11:policySet>
</orawsp:wsm-assembly>

---

And this works fine in my UAT and PROD environments, where a Basic Authentication is set.

My issue for the DEV environment : the REST service does not need any authentication. How can I change or remove the <wsp:PolicyReference ...> when the composite is deployed in DEV environment ?

Looking on the web, I found several examples to override the PolicyReference, but for "SOAP Bindings" External Reference on SOA Suite 11g. I did not find anything specific neither for REST services nor for 12c.

I tried to adapt the samples I found on the web :

** Override the Policy in the "Configuration Plan" **

I wrote a Configuration Plan dedicated to the DEV environment :

<?xml version="1.0" encoding="UTF-8"?>
<SOAConfigPlan xmlns:jca="http://platform.integration.oracle/blocks/adapter/fw/metadata"
               xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"      
               xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy"
               xmlns:edl="http://schemas.oracle.com/events/edl" xmlns="http://schemas.oracle.com/soa/configplan">

    <composite name="MyCompositeBAS">
        <import>
            <searchReplace>
                <search/>
                <replace/>
            </searchReplace>
        </import>
        <reference name="CMProxyRS">
            <binding type="rest">
                <attribute name="location">
                    <replace>http://myDevServer/cmproxy/resources/v2/</replace>
                </attribute>
                <wsp:PolicyReference URI="oracle/no_authentication_client_policy" orawsp:category="security" orawsp:status="enabled"/>
            </binding>
        </reference>
    </composite>
</SOAConfigPlan>

Or, I also tried to "disable" (in the config plan) the policy defined in the wsm-assembly.xml by replacing the last block from my config plan by :

    [....]
    <reference name="CMProxyRS">
        <binding type="rest">
            <attribute name="location">
                <replace>http://myDevServer/cmproxy/resources/v2/</replace>
            </attribute>
            <wsp:PolicyReference orawsp:category="security" orawsp:status="disabled" URI="oracle/wss_username_token_client_policy"/>
            <!--wsp:PolicyReference URI="oracle/no_authentication_client_policy" orawsp:category="security" orawsp:status="enabled"/ -->
        </binding>
    </reference>
    [....]

But it does not work. I know the config plan is applied, because I can see that the composite try to access the REST server on myDevServer, but the "original" policy is not removed. And this confirmed on the Enterprise Manager : on the CMProxyRS Policies tab, the oracle/wss_http_token_client_policy is still visible, Effective and Enabled are checked.

Override the Policy in the "composite.xml"

I also tried to redefine the policies directly in the composite.xml to see if it is possible to override what is defined in the wsm-assembly.xml file. I tried several ways, varying on :

composite.xml :

[....]
<binding.rest config="Adapters/CMProxyRS.wadl" location="http://myDevServer/cmproxy/resources/v2/" >
    <wsp:PolicyReference URI="oracle/wss_http_token_client_policy" orawsp:category="security" orawsp:status="disabled"/>
</binding.rest>
[....]

Differences between 11g and 12c

The samples I found on the web were designed for 11g, not for 12c. The only behavior that may differ when you set the Policy through the jDeveloper GUI, as that :

• In 12c, the <wsp:PolicyReference > tag is added in the wsm-assembly.xml file, wrapped with in a <sca11:policySet >;
• In 11g, it seems that the <wsp:PolicyReference > tag is added directly in the composite.xml file. (and that's why I tried to set the Policy directly in the composite in my previous test...)

So I also tried to add the <sca11:policySet > in my configuration plan, but it fails...

Differences in the namespaces

If you take care of the wsp:, you will see that :

• in wsm-assembly.xml, it is defined here : xmlns:wsp="http://www.w3.org/ns/ws-policy"
• in composite.xml and the configuration plan, it is defined here : xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"

So I also tried to force the namespace to the http://www.w3.org/ns/ws-policy in my config plan, but the deployment fails (ie the configuration plan is not applied).

I do not know how I can go further...

Can anybody share an idea ? Does anybody succeed in querying REST services with different Policies in different environments ?

Thanks a lot.

Answer 1

Once you have deployed the project on DEV environment, then

1) Go to Oracle Fusion Middleware console. 2) Open the project. 3) Under OWSM policies tab you can add or remove this policy. 4) Once removed save the session and retry.

There is one other option.

Rather than using oracle/wss_http_token_client_policy policy you can create a new your own policy by copying a permit all type policy of oracle/wss_http_token_client_policy type.

In this new policy you can add the users or groups which you have created on weblogic.

When deploying the project on DEV server don't add any user or group in this new policy and by default this will allow all users to access this service.