Maintaining OWSM Policy Repository - Best Practices - 11g

OWSM provides a number of WLST commands that can help in maintaining the WSM Policy Repository. This includes upgrading the repository, rebuilding the repository, etc.

These are documented in the section "Maintaining the Oracle WSM Repository" . In this post I will briefly examine when one should consider using this based on a customer interaction.

Recently an OWSM customer ran into the issue where one of the policies we ship Out of the Box disappeared from the WSM Policy Repository in the customer installation. Unfortunately - this policy was being used to secure some of the web services in the installation.

So the first question is when may this occur?

  1. Well the Out of the Box policies we ship can be deleted. So somebody may have deleted it! [Side Note: I think we need to see if we need to improve our story here in future releases]. OR
  2. Something may have failed when we initially seed the repository with the Out of the Box policies.
If it is due to (1) - My first tip - This an excellent reason to leverage the OWSM Auditing capabilities. If somebody deleted the policy, then OWSM would have audited this operation if the Oracle FMW Audit framework had been set up in the installation.

In any case how do we recover from this? There are two WLST commands that you should be aware of that might be helpful:

a) upgradeWSMPolicyRepository() - the details of how to use this command are here.

b) resetWSMPolicyRepository(false) and resetWSMPolicyRepository(true) - the details of how to use this command are here.

In this case the customer ran the resetWSMPolicyRepository(true) command. The customer got the missing Out of the Box policies back but LOST all the custom policies that they had in the repository

First the customer should have used resetWSMPolicyRepository(false) command rather than resetWSMPolicyRepository(true). There is no way to undo this operation! Hence my next tip:

ALWAYS take a backup of the repository before you run these commands! How do you take a backup? There are several ways:

  • You can take a database backup
  • You can take a backup by exporting out the contents of the WSM Policy Repository (see this section for more details)
These commands are manipulating the entire repository, since they are dealing with the entire repository - if something goes wrong - there is no time travel here! - no way to go back to the original state!!! So backup is your best friend here and is worth the time and effort!
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

In this blog I will discuss mainly features supported by Oracle Web Service Manager (OWSM).

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today