Enforcing SOAP Security to Enable Confidentiality and Integrity on Message Exchanges

This sample describes how WSS Provider and WSS Consumer policies can be enforced on SOAP/HTTP message exchanges to ensure confidentiality and integrity.

In this sample, the following processes communicate with each other:
  • ServiceProvider.bwp: Provides a SOAP service.
  • ServiceConsumer.bwp: Consumes the SOAP service provided by the ServiceProvider process.

Also service provider asks to decrypt message from consumer and verify signature of consumer.

Prerequisites

Procedure

  1. In the samples directory, select policy > confidentialityintegrity > SoapHttp and double-click tibco.bw.sample.policy.confidentialityintegrity.SoapHttp.zip . For more information, see Accessing Samples.
  2. In Project Explorer expand the tibco.bw.sample.policy.confidentialityintegrity.SoapHttp project.
  3. Set the default ApplicationProfile to match the OS you are running on. For more information, see Setting the Default Application Profile.
  4. Click Run > Debug Configurations.
  5. At the left hand tree of Debug Configuration wizard, expand BusinessWorks Application and select BWApplication.
  6. Click the Applications tab and then click the Deselect All button if you have multiple applications. Select the check box next to tibco.bw.sample.policy.confidentialityintegrity.SoapHttp .
  7. Click Debug.
    This runs the sample in Debug mode.

Result

The ServiceConsumer process sucessfully calls the ServiceProvider process.

The file ConfidentialityIntegrity.txt is generated in the C:\tmp\policy directory on Windows platform, or /tmp/policy directory on Unix platform.

Open the ConfidentialityIntegrity.txt file in a text editor. The default contents of the file are outlined below. 
The Request From Service Consumer: Bob The Response from Service Provider:
Welcome you Bob

Understanding the Configuration

The following processes interact with each other in this project:

  • ServiceProvider.bwp: To ensure decryption and signature verification on the incoming request message, a WSS Provider policy configured for confidentiality and integrity is associated with the service side of this process.
  • ServiceConsumer.bwp: To ensure the outbound request message to ServiceProvider is encrypted and signed, a WSS Consumer policy configured for confidentiality and integrity is associated with the reference side of this process.