Overriding security policy at runtime
- Akash Kumar Jaiswal (Unlicensed)
- Avinash Kumar
A security policy associated with a web service consumer governs the security at two levels:
- Transport level security
- Message level security
Transport level security is all about overseeing if the SSL is being used for the communication between the server and the client. If SSL is being used, it determines which Truststores and Keystores have been used in the security policy.
Message level security governs the authentication between the consumer and the provider.Â
When you use a web service consumer in a process flow, you may need to define the security policy for the web service at runtime instead of using the predefined security policy for the web service. Defining a security policy entails the process of defining the Truststore and Keystore.Â
There can be two scenario wherein you may want to override the security policy:
A web service consumer with a security policy
To define a security policy at runtime, you need to define and override the Truststore and Keystore values dynamically. Adeptia Connect allows you to override the Truststore and Keystore values using context variables in a process flow.
The table below gives you an idea on how to use the context variables to override the values dynamically.Â
Type | Type of overriding | Context variable name |
---|---|---|
Truststore | Override by Name | Service.<PolicyName>.truststoreName |
Override by Id and Typed Id | Service.<PolicyName>.truststoreId | |
Keystore | Override by Name | Service.<PolicyName>.keystoreName |
Override by Id and Typed Id | Service.<PolicyName>.keystoreId | |
Keystore Alias | Override by Name | Service.<PolicyName>.keystoreAlias |
- If Service.<PolicyName>.trustStoreName context variable is defined and Truststore with that name is not found then it skips overriding the Truststore. The same holds true for Context variable Service.<PolicyName>.trustStoreId.
- If Service.<PolicyName>.keyStoreName context variable is defined and Keystore with that name is not found then it skips overriding the Keystore. The same holds true for Context variable Service.<PolicyName>.keyStoreId
- While overriding the Keystore, if Service.<PolicyName>.keyStoreAlias context variable is not defined then it uses the alias value as "Default".Â
A web service consumer without any security policy
In case of using a web service without any security policy attached to it, you can reference an external Truststore and Keystore dynamically in a process flow by providing the path of the Truststore and Keystore in the respective context variables. The table below contains the names of the context variables to be used to achieve the purpose.
Type | Context variable name |
---|---|
Truststore | truststorePath |
truststorePassword | |
truststoreType | |
Keystore | keystorePath |
keystorePassword | |
keystorePrivateKeyPassword | |
keystoreType | |
keyStoreAlias |