Tuesday, February 25, 2014

Securing REST services using basic http security in OSB

REST services in OSB can be secured using basic http security in OSB. Once a REST service is created go to SB console -> proxy and HTTP Transport Configuration -> Authentication =

We can create specific user for the service in security configuration.

In SOAP UI create a REST project using the service url, In the Auth Tab provide the user and password for the service.

 This will work fine.

Adding Authorization to the service:
In SB console -> proxy service -> security ->Access Control -> 
Transport Access Control -> click on Proxy service and add condition for user authorized to invoke the service.

In SOAP UI invoke the service again using weblogic user and password.
Response : FORBIDDEN-403 

If we use the authorized user , valid response will be returned.

Cheers !!