Oracle Web Services Manager (OWSM)

Posted on June 25, 2012 by Jianming Li

Overview

* Oracle OWSM 10g.
* Supports SOAP 1.1 only.
* OWSM console: http://host_name:port/ccore
* Default login: admin/oracle
* Supports common security policy steps
– authenticaiton
– authorization
– message encryption
– message signing
– credential management
– identity propagation via SAML tokens
– federation
* Provides nonsecurity steps
– log messages
– custom fault messages
– message transformation using XSLT
* Provides extensibility to create custom steps
* Provides content based routing from gateways

Use Cases

* Protecting client access to web services
– by virtualizing them using gateway
– using server side agent
– using client side agent
* Limit accessing to external web services
– using gateway as a proxy server
* Mapping security credentials
– using gateway and server side agent
* Mediating heterogeneous protocols
– using gateway
* SAML token propagation
* Securing asynch service calls
– using server side gateway
– using server agent and client side gateway

Add a New Gateway

* Policy Management -> Manage Policies -> Add New Component

Component Name: TestGateway
Component Type: Gateway
Container Type: Oracle Web Services manager
Component URL: http://localhost/gateway

* Click Register button. The return message should be:

Component is added successfully. Id of the new Component is "C0003001".

Add a Service to OWSM Gateway

* Go to: Policy Management -> Register Services
* Click Gateway ‘Services’ link
* Click ‘Add New Service’ button
* Enter:
Service Name (*):
Service Version (*):
Service Description:
WSDL URL:
Service Protocol(*): HTTP(S)JMS(SSL)IBM MQSeriesHTTP PostCustom
* Click ‘Next’ button
* Click ‘Finish’, ‘OK’, ‘commit’, ‘OK’ when prompted.

Test Web Service

* Go to: Tools -> Test Page
* Enter WSDL url.

Policy Steps

* Policy steps can be assembled for
– request pipeline
– response pipeline
* Predefined Policy Steps
Security Steps
– Credential Management
– Authentication
– Authorization
– Integrity and Confidentiality
– Federation
Non-security Steps
– Log messages
– Custom fault messages
– Message transformation using XSLT

Admin Tasks

Change Admin Password

* Admin password is maintained in a file named owsm/bin/manageUserGroups.properties

user_id=admin
user_password=oracle

Create Password File

* Create a new password file named ‘owsmpass.txt’ in ORACLE_HOME\j2ee\home
* Create a new username:password pair in newly created password file. For example,
johndoe:password
* Run password encryption command:
cd ORACLE_HOME/OWSM_1/owsm/bin
wsmadmin md5encode ..\..\j2ee\home\owsmpass.txt johndoe
enter: password

Add extract Credentials step

Credential location:
/soapenv:Envelope/soapenv:Body/myns:MyElement/

Namespaces:
myns=https://www.my.com/2010/my/wsdl
myns:SubscriberId
myns:SubscriberToken

References

* Oracle® Web Services Manager Administrator’s Guide
* Creating a Custom Policy Step in Oracle Web Services Manager (Oracle WSM)
* Oracle Web Services Manager (WSM) 10g: Use Case Scenarios
* http://wiki.oracle.com/page/OWSM+Links
* Understanding the Sample Custom Step

This entry was posted in oc4j, R&R, soa, Uncategorized. Bookmark the permalink.