Just thought of sharing this concept I had tried out.
The message-handler.xml doesn't have the security enabled by default.Just go ahead and enable that element highlighted in below.This does enable the security chain.For this change to take effect you need to bounce the SOA Suite( it works on both OCJ & WLS9.2)
Step2:
Since we would like to secure particular BPEL process.You would need to mentioned your process on the below mentioned segment of securitytag
CreditRatingService
Processes can be secured explicitely without having
effect on the whole domain, put their names in here and comma
separate them
Once your done with this change as said above Restart the SOA Suite.
Use the Default Validator bridge for authentication and authorization.
