View a Proxy Service - Security page

The View a Proxy Service - Security page is one in a series of pages for editing proxy services, as described in Creating and Configuring Proxy Services and Editing Proxy Service Configurations.

Use this page to configure security settings for a proxy service.

The fields available on this page depend on the configuration of the proxy service. For example, if this proxy service is WSDL-based and the WSDL has a security policy, the page displays the Process WS-Security Header control. Depending on how that control is set, the Message Access control may also be displayed.

The configuration for both custom user name/password and custom token is similar. In both cases, you specify XPath expressions that enable ALSB to locate the necessary information. The root of these XPath expressions is as follows:

All XPath expressions must be in a valid XPath 2.0 format. The XPath expressions must use the XPath "declare namespace" syntax to declare any namespaces used, as follows:

  declare namespace
  ns='http://webservices.mycompany.com/MyExampleService';)

Table 17-18 describes the View a Proxy Service - Security Configuration page for a WSDL-based proxy service, in which the WSDL has a security policy, the transport is HTTP, and HTTPS is required.

Table 17-18 View a Proxy Service - Security Configuration Page 
Option
To edit...
General Configuration
Service Key Provider
If needed, enter the path (project/folder) and name of a service key provider, or click Browse to select one from the Select Service Key Provider page.
For more information, see Service Key Providers. To learn how to create a service key provider, see Adding Service Key Providers.
Web Services Security Configuration
Process WS-Security Header
If a client request includes a WS-Security security header, decide whether or not to process this header:
  • Select Yes: In an active intermediary scenario, the client applies WS-Security to the request and/or response messages. The proxy service processes the security header and enforces the WS-Security policy.
  • Select No: In a WS-Security pass-through scenario, the client applies WS-Security to the request and/or response messages. The proxy service does not process the security header. Instead, it passes the secured request message untouched to a business service.
Access Control
Transport Access Control
For all proxy services, you can create a transport-level policy, which applies a security check when a client attempts to establish a connection with the proxy service. Only requests from users who are listed in the transport-level policy are allowed to proceed.
Message Access Control
A message-level access control policy applies a security check when a client attempts to invoke a proxy service with message-level security. You can create a message-level access control policy in the following cases:
  • For proxy services that are active Web Service security intermediaries; that is, you process the WS-Security header.
  • For proxy services for which you set custom authentication on this page.
Only users who are listed in the message-level policy are allowed to invoke the operation.
Custom Authentication
(Message-Level)
Authentication Type
Select one of the following:
  • Select None if the proxy service will not use custom authentication.
  • Custom User Name and Password
  • When you select this option, you must also enter values in the User Name XPath field and the User Password XPath field.

  • Custom Token
  • When you select this option, you must also select a Token Type and enter values for the Token XPath field.

User Name XPath
This option is available only when the Custom Authentication Settings option is set to Custom User Name and Password. When available, this option is required.
Enter the user name as an XPath expression.
The XPath expression is evaluated against the message headers or payload, as appropriate, which allows ALSB to obtain the user name and for custom authentication.
User Password XPath
This option is available only when the Custom Authentication Settings option is set to Custom User Name and Password. When available, this option is required.
Enter the password as an XPath expression.
The XPath expression is evaluated against the message headers or payload, as appropriate, which allows ALSB to obtain the password values for custom authentication.
Token Type
This option is available only when the Custom Authentication Settings option is set to Custom Token. When available, this option is required.
Select the token type from the drop-down list. Only the active token types configured for a WebLogic Server Identity Assertion provider are available. See Configuring Identity Assertion Providers for Custom Tokens for more information.
Token XPath
This option is available only when the Custom Authentication Settings option is set to Custom Token. When available, this option is required.
Enter an XPath expression to specify a path to the custom token. ALSB evaluates the Token XPath expression against the message headers or payload, as appropriate, to obtain the token for custom authentication.
Context Properties
Optionally, specify one or more context properties to pass additional context information to the Authentication (Custom User Name and Password) or Identity Assertion (Custom Token) security provider.
Context Properties provide a way (the ContextHandler interface) to pass additional information to the WebLogic Security Framework so that a security provider can obtain contextual information. See Context Properties Are Passed to Security Providers for possible values.
Enter the Property Name as a literal string, and the Value Selector as a valid XPath expression. (XPath expressions can also be literal strings.)
The XPath expressions are evaluated against the same message-part that is used for the custom token or custom user name/password. That is, the Value Selector XPath expressions for SOAP-based proxy services evaluate against the header and against the payload for non-SOAP-based proxy services.
The XPath expression is evaluated at runtime to produce the property's value. A ContextHandler is essentially a name/value list and, as such, it requires that a security provider know what names to look for. Therefore, the XPath expressions are evaluated only if a security provider asks for the value of one of these user-defined properties.
Click Add Property to add this context property. You can add multiple context properties.

After you finish

Click Update to save this configuration; or click Reset to undo your changes.