Overriding Security Certificates when Invoking Dynamic Partner Links

You can interact with multiple web services using dynamic partner links. This interaction may involve using message protection policies that require different security certificates for encrypting the message. These certificates may be different for each web service. You can specify a keystore recipient alias value to override the security certificate in the WSDL file of the web service.

To override security certificates when invoking partner links:

Define a variable of type string (for example, KEYSTORE_RECIPIENT_ALIAS). Figure 8-5 provides details.

Figure 8-5 Variable Definition of KEYSTORE_RECIPIENT_ALIAS

Description of "Figure 8-5 Variable Definition of KEYSTORE_RECIPIENT_ALIAS"
In the Copy Rules tab of an assign activity, assign orakey to the variable KEYSTORE_RECIPIENT_ALIAS. Figure 8-6 provides details.

Figure 8-6 Assignment of orakey to KEYSTORE_RECIPIENT_ALIAS

Description of "Figure 8-6 Assignment of orakey to KEYSTORE_RECIPIENT_ALIAS"
In the invoke activity that invokes the partner link for the web service, click the Properties tab.
Click the keystore.recipient.alias property.

Note:

In BPEL 2.0 processes, the properties are not automatically displayed in the Properties column. You must click the Add icon to select the property and its content (either a variable or an XPath expression).
Double-click the Value column to display the Browse (...) icon.
Click the Browse (...) icon to display the Adapter Property Value dialog.
Click the Browse icon to display the Variable XPath Builder dialog.
Select keystore_recipient_alias as the value, and click OK. Figure 8-7 provides details. This property overrides the security certificates set in the WSDL file while invoking a web service in a BPEL process.

Note:

In BPEL 2.0, there are only Name and Value columns in the Properties table. The Type column is not included.

Figure 8-7 keystore.recipient.alias Normalized Message Property of Invoke Activity

Description of "Figure 8-7 keystore.recipient.alias Normalized Message Property of Invoke Activity "

Click Apply, then OK.

When complete, the BPEL file is defined as follows:

. . .
. . .
<variables>
  <variable name="WsaAddress" element="ns6:EndpointReference"/>
  <variable name="KEYSTORE_RECIPIENT_ALIAS" type="xsd:string"/>
</variables>

<assign name="AssignAddress">
  <copy>
    <from
expression="'http://localhost:8001/soa-infra/services/default/ServiceWithNewCer
tificate!1.0*soa_c94537fb-97a4-4b0f-900f-fefffc34f7fe/service_ep'"/>
    <to variable="WsaAddress"
    query="/ns6:EndpointReference/ns6:Address"/>
  </copy>
  <copy>
    <from variable="WsaAddress"/>
    <to partnerLink="Service"/>
  </copy>
</assign>

<assign name="AssignAlias">
  <copy>
    <from expression='"orakey"'/>
    <to variable="KEYSTORE_RECIPIENT_ALIAS"/>
  </copy>
</assign>

<invoke name="Invoke"
        inputVariable="Invoke_InputVariable" 
        partnerLink="Service"
        portType="ns1:ServiceBPELProcess" 
        operation="process"
        bpelx:invokeAsDetail="no">

            <bpelx:inputProperty name="endpointURI" 
                                 variable="inputVariable"
                                 part="payload"
                                 query="/client:process/client:input"/>

            <bpelx:inputProperty name="keystore.recipient.alias" 
                                 variable="KEYSTORE_RECIPIENT_ALIAS"/>
</invoke>

For more information about normalized message properties, see Propagating Normalized Message Properties Through Message Headers.