BEA AquaLogic Service Bus behind the Firewall in Service-Oriented Architecture

by Irene Rusman

As organizations move to Service-Oriented Architecture (SOA), security becomes one of the key concerns impacting deployment. A company�s sensitive information is accessed by services deployed on the distributed components in SOA. Therefore, security concerns have become part of the enterprise decision-making process relating to the adoption of SOA.

Typically, a company sends request messages from BEA AquaLogic Service Bus behind its internal firewall to business services hosted outside its firewall. In such a scenario, BEA AquaLogic Service Bus acts as a forward proxy. The company receives response messages from business services through the demilitarized zone (DMZ) into BEA AquaLogic Service Bus, which is deployed behind the company firewall. In this case, BEA AquaLogic Service Bus would act as a reverse proxy.

This paper discusses the security set-up and configuration for clients, BEA AquaLogic Service Bus (version 2.1, 2.5, and 2.6) proxy services, and business services. The set-up assumes that a client Web application sends an HTTPS request message from outside a company�s firewall to the BEA AquaLogic Service Bus server located behind its firewall (the "inbound request"). BEA AquaLogic Service Bus then routes the HTTPS request message to a business service hosted outside its firewall (the "outbound request"). The business service sends the response message through BEA AquaLogic Service Bus to the client. This set-up involves an inbound one- or two-way and an outbound one- or two-way SSL authentication. It capitalizes on BEA WebLogic Server and BEA AquaLogic Service Bus security.

The paper provides an example of how to configure the inbound two-way and outbound two-way SSL authentication from the command line, the BEA WebLogic Server Administration Console, and the BEA AquaLogic Service Bus Console. The example includes a description of the deployment architecture and how to test the system with request/response messaging.

Irene Rusman is a Senior Software Engineer with BEA. She works on AquaLogic Service Bus system integration.