- Before applying the new policy, you need to import into JDeveloper. Copy the new custom policy to your JDev store directory (either use the attached policy from this document or export your custom policy from EM). The location of the store could appear as follows:
USER_HOME\AppData\Roaming\JDeveloper\system11.1.1.4.37.59.23\DefaultDomain\oracle\store\gmds\owsm\policies
- Apply this new client policy to your service reference in your composite app via EM.
With this policy in place you can leverage the javax.xml.ws.security.auth.username inbound service property. If you are hardcoding, set the value without quotes. The value is set to jcooper; however, you can also extract the username from the payload of execData variable.
You do not have to import the policy to JDev, you can deploy the composite without a client-side policy, and then set the client policy through EM.
EM has a feature for setting the client-side policies that shows you compatible client-side policies based on the service you are calling.
References
http://download.oracle.com/docs/cd/E17904_01/web.1111/b32511/setup_config.htm#WSSEC3585