Sunday Mar 18, 2012

How To - Securing a JAX-WS with OWSM Message Protection Policy in JDeveloper - 11g

As promised in this post, here is a How-To that describes how to secure a simple HelloWorld JAX-WS with OWSM message protection policy and test it with SOAP UI.

The How-To reuses the picture I posted earlier about the relationship and interplay b/w Keystore, Credential store, jps-config.xml ,etc.

One of the other more frequent requests I hear from folks within Oracle and customers is how to test OWSM with SOAP UI. SOAP UI in general works very well as testing tool for web services secure with wss10 policies.

Monday Nov 28, 2011

Running OWSM WLST commands - 11g

It has been sometime since I posted some materials. I hope to have more tips, best practices - but here is a quick thing that people seem to trip up on..."How to Run OWSM related WLST commands"

The most common issue people seem to run into is trying to run the OWSM WLST commands from the wrong location. You need to run the WLST commands from "oracle_common/common/bin/wlst.sh" (ex: /home/Oracle/Middleware/oracle_common/common/bin/wlst.sh)

This is documented in the OWSM doc (Security And Administrator's Guide) under the section "Accessing the Web Services Custom WLST Commands".

Note: This location is different from the location from where you run the SOA WLST commands.

If you try to run the OWSM WLST command from the wrong location - you will see errors like the following: "The MBean ,@ oracle.wsm:*,name=WSMDocumentManager,type=Repository was not found"

Tuesday Sep 06, 2011

Attaching OWSM Policies - Best Practices - 11g

As mentioned in previous post - there are three ways to attach Policies in OWSM 11g.

a) at Design Time (DT) in an IDE - ex: JDeveloper

b) Post Deployment - using WLST or FMWCTL

One of the questions that pop up from time to time is around when to use what - in this post I provide some guidelines that can help in deciding which is the best methodology.

Before I actually layout some guidelines - we need to discuss a related feature supported in OWSM 11g - this relates to the fact that attaching a policy at DT does not prevent you from changing it post deployment. So (a) and (b) are not necessarily mutually exclusive. The reason OWSM provides this flexibility is in many organizations - administrators (either app administrators or security administrators) decide on the security posture and hence the ability to change the security posture by changing the policy of a Web Service or Web Service Client is an important consideration [1].

So if your organization is more attuned to the process of standardizing security upfront and communicating it to your developers then developers can secure it at DT, test it early to ensure all aspects are working before the app gets deployed to a testing, staging, production environments. In general I would recommend some level of testing with security enabled in your DT environment. (a) is helpful in those scenarios.

(b) is relevant in two scenarios:

i) you have unsecure apps that need to be secured by the administrators post deployment.

ii) you have secure apps but they don't adhere ot the security guidelines standardized by the organization and hence you need to change the policy attached to the WS/WS Client.

Using WLST vs. FMWCTL:

WLST is more suited if you would like to script things out (in addition some administrators like command line tooling while others prefer a Web based user interface).

FMWCTL is more suited for people who prefer a Web based user experience or for non-scripting scenarios.

In future blog posts I will discuss guidelines around when to use Direct Policy Attachments (or Local Policy Attachments) vs. Global Policy Attachments (GPA).

Notes:

[1] In 11.1.1.5.0 - WLS JAX-WS Client support only a programmatic model of attaching the policy to the client app. In this scenario - one cannot change the policy post deployment.

About

In this blog I will discuss mainly features supported by Oracle Web Service Manager (OWSM).

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today