Fusion Middleware Documentation
Advanced Search


Infrastructure Release Notes
Close Window

Table of Contents

Show All | Collapse

7 Web Services

This chapter describes issues associated with Web services development, security, and administration, including Oracle Web Services Manager.

It includes the following topics:

Note:

For WebLogic Web Services, see "Web Services and XML Issues and Workarounds" in the Oracle Fusion Middleware Release Notes for Oracle WebLogic Server.

7.1 Using Multibyte User Credentials with wss_http_token_* Policy

In this release, multibyte user credentials are not supported for the wss_http_token_* policies. If multibyte user credentials are required, use a different policy, such as wss_username_token_* policy. For more information about the available policies, see "Predefined Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.2 Performing a Bulk Upload of Policies

When performing a bulk import of policies to the MDS repository, if the operation does not succeed initially, retry the operation until the bulk import succeeds.

For the most part, this can occur for an Oracle RAC database when the database is switched during the metadata upload. If there are n databases in the Oracle RAC database, then you may need to retry this operation n times.

For more information about bulk import of policies, see "Migrating Policies" in the Administering Web Services.

7.3 Removing Post-deployment Customizations

When the connections.xml file is changed after deployment using the AdfConnection MBean, the complete connection is saved as a customization. This means that changes to the connection in a redeployed application are overwritten by the customization.

When you use Fusion Middleware Control to make changes to an application's connections.xml file after deployment, a new connections.xml file is created as a customization and stored in the MDS repository. This customization persists for the life of the application. Therefore, if you redeploy the application, the customized connections.xml file continues to be applied as a customization on the application.

To allow the redeployed application's connections.xml file to be applied without the prior customization (from Fusion Middleware Control), you must explicitly remove the connections.xml customizations from the MDS repository.

For example, if you deploy an application with a Web services data control, then use Fusion Middleware Control to attach the username_token_client_policy, and subsequently detach the policy. Then, you return to JDeveloper to edit the application and attach the http_token_client_policy, and redeploy the application. When you view the application using Fusion Middleware Control, you see that it is not using the http_token_client_policy that you attached. That is because it is using the customized connections.xml file that you previously created using Fusion Middleware Control.

If you remove the connections.xml customizations from the MDS repository, the application will use the its own connections.xml file.

7.4 Reviewing Localization Limitations

The following information is supported in English only in this release of Oracle Enterprise Manager:

  • All fields in the policy and assertion template except the orawsp:displayName field.

  • If using the ?orawsdl browser address, the orawsp:description field.

7.5 Fusion Middleware Control Does Not List Policies When Two Servers Are SSL Enabled (Two-way SSL)

When a Managed Server is Two-way enabled SSL (for example, a SOA server hosting OWSM Policy Manager over Two-way SSL) and the Administration Server hosting Fusion Middleware Control is correctly configured to access the Two-way SSL-enabled Managed Server, Fusion Middleware Control still does not list the OWSM policies.

7.6 Web Service Test Page Cannot Test Input Arguments Bound to SOAP Headers

For Web services that have any input arguments bound to SOAP headers, the Test Web Service page in the Fusion Middleware Control console cannot show the message. Therefore, such operations cannot be tested with the Test Web Service page.

For example, if the input for a multi-part WSDL is viewed through Fusion Middleware Control, and one input argument is bound to a SOAP header, the composite instance fails with the following exception because the other part of the message was missing in the input:

ORAMED-01203:[No Part]No part exist with name "request1" in source message

To resolve such an issue, select XML View for Input Arguments and edit the payload to pass input for both parts of the WSDL.

7.7 Possible Limitation When Using Custom Exactly-one Policies

In some cases, there can be a limitation when using custom Exactly-one policies. For a set of assertions within the exactly-one policy, if a request message satisfies the first assertion, then the first assertion gets executed and a response is sent accordingly. However, this may not be the desired behavior in some cases because the request may be intended for the subsequent assertions.

For example, you may have a client policy that has Timestamp=ON and a service exactly-one policy that has a wss11 username token with message protection assertions: the first has Timestamp=OFF; the second has Timestamp=ON. Therefore, the first assertion in the service exactly-one policy is not expecting the Timestamp in the request, yet the second assertion does expect it. In this case, the first assertion gets executed and the response is sent with no Timestamp. However, the client-side processing then fails because it expects the Timestamp that was sent in the request.

This limitation can exist with any cases where a client policy expects a greater number of elements to be signed and a service policy does not.

7.8 Ignore "Services Compatibility" Error for Security Policies Used Between OWSM and WebLogic Server

Fusion Middleware Control may display a false error message when verifying compatibility of service policies. This incompatibility message is shown when using Enterprise Manager to attach an OWSM Security client policy. Upon clicking the Check Services Compatibility, a message states that policies are incompatible despite the fact that these might be compatible.

Workaround:

If OWSM policies are attached at the Web service endpoint, use the corresponding client policy. For example, if the service has wss11_saml_or_username_token_with_message_protection_service_policy, wss11_saml_token_with_message_protection_client_policy, or wss11_username_token_with_message_protection_client_policy will work at the client side. If non-WSM policies are attached to the Web Service, see the Interoperability Solutions Guide for Oracle Web Services Manager for information about the corresponding client policy and attach it.

7.9 Security Policies Do Not Work on Subscriber Mediator Component

Component Authorization denyall policy does not work at subscriber mediator component. Authorization policy works for other normal mediator component cases.

7.10 Policy Table Might Not Show Attached Policies for Some Locales

Select the Web service application in Fusion Middleware Control and navigate to the Web service endpoint. Attach a policy to the endpoint in the Attach/Detach page. Sometimes the Directly Attached Polices table might not display the attached policies for the following locales: zh-cn, zh-tw, ja, pt-br, es, fr, ko.

As a workaround, enlarge the columns.

7.11 Usage Tracking Not Enabled for WebLogic Web Service Client

In this release, usage tracking and analysis is not provided for WebLogic Java EE Web service clients.

7.12 Do Not Attach a Permitall and Denyall Policy to the Same Web Service

Although you can attach multiple authorization policies to the same Web service, you should not attach both a permitall and denyall policy. If you do so, however, the combination validates successfully in this release.

Workaround:

Do not attach a permitall and denyall policy to the same Web service. For more information about authorization policies, see "Configuring Authorization" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.13 Scoped Configuration Override Persists for Subsequent References to the Same Policy

When using a scoped configuration override for the server side identity/encryption key (keystore.enc.csf.key) with a message protection policy, the override value is stored in the policy. Because the policy is cached, any subsequent references to this policy by other services will contain the override value. Therefore, the results will not be as expected.

An example of this scenario is as follows:

  • An Oracle Infrastructure Web service has an attached message protection service policy. Both the service identity (service public encryption key, keystore.enc.csf.key) and the service message protection policy are advertised in the service WSDL. If the service encryption key is overwritten, using the global setWSMPolicyOverride command for example, then the scoped overwritten value for the keystore.enc.csf.key property that was intended for the specific attachment/reference of the initial service may affect other services attachments/references to the same policy.

Workaround

The recommended workaround is to perform a cache refresh when possible. For example, if a policy attachment/reference has a scoped override for the property keystore.enc.csf.key and it has been enforced or advertised once, the cached policy contains the override, however the original policy in the repository is not affected. To clear the override you can refresh the cache using methods such as restarting the server, redeploying the application, modifying the policy using Fusion Middleware Control, and so on.

In some scenarios, however, a cache refresh is not feasible. For example, if a service with a policy attachment/reference has a scoped override for the property keystore.enc.csf.key and it is enforced before other services that reference the same policy in a flow of execution that does not allow time for a manual cache refresh, then the policy in the cache referenced by the subsequent services contains the configuration override. For example, in an asynchronous service where the same policy is attached to both the asynchronous request and the asynchronous callback client, and only the asynchronous request attachment/reference has the override (the asynchronous callback does not), the asynchronous callback policy enforcement happens after the asynchronous request. In this case, the callback client accesses the policy in the cache that contains the configuration override. Since there is no opportunity to refresh the cache, there is no workaround available.

7.14 Restart Applications to Get an Accurate Policy Usage Count

If a policy that is being referred to by a Web Service is deleted and then re-imported, then its usage count will not be correct and application(s) must be restarted to obtain an accurate usage count.

7.15 Performance Improvements in Web Services Policy Pages

Performance improvements have been made to the Web Services Policy pages in Fusion Middleware Control by removing the unnecessary role query.

7.16 Incorrect Compatible Client Policies List

When generating client policies from the WSDL, as described in "Generating Client Policies from a WSDL" in Securing Web Services and Managing Policies With Oracle Web Services Manager, the wss_username_token_over_ssl_client_policy policy is not returned in the list of compatible client policies for a corresponding Web service that has the following policy attached:

wss11_saml_or_username_token_with_message_protection_service_policy

This client policy does appear in the list of compatible client policies when attaching policies to the same client, as described in "Attaching Policies Directly to Web Service Clients" in Securing Web Services and Managing Policies With Oracle Web Services Manager.

7.17 Secure Conversation Element is Seen in Custom ExactlyOne Policies

When creating an ExactlyOne policy using the secure conversation policies, the secure-conversation element may be present in the newly created policy. OWSM does not currently support the use of the secure-conversation element. The element can be safely ignored. For information on the policies that support secure conversation, see "Which Policies Support WS-SecureConversation?" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.18 Web Services Reliable Messaging is Not Supported in the Current Release

The WebLogic Server 12c (12.1.2) JAX-WS WS-ReliableMessaging implementation is generally not recommended for production purposes and has been disabled by default. The Web services reliable messaging sample application delivered with the WebLogic Server examples server is also disabled by default.

Customers seeking to use JAX-WS WS-ReliableMessaging in WebLogic Server 12c (12.1.2) for evaluation purposes, or customers who require use of JAX-WS WS-ReliableMessaging functionality in production, should contact Oracle Customer Support.

http://www.oracle.com/us/support/index.html

7.19 Bulk Attachment of Policies is not Supported in the Current Release

Attaching one or more policies to one or more Web services using the bulk attachment feature is not supported in the current release. Please use the Policy Set feature instead. For more information on Policy Sets, see "Attaching Policies Globally Using Policy Sets Using WLST" and "Schema Reference for Policy Sets" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.20 Enterprise Manager Returns You to the OWSM Policies Page After Editing a Client Policy

When you generate client policies in Enterprise Manager, the Generate Client Policies page is displayed and the generated policies are shown as Not saved. Once you save the policies, and then edit one of them, you are returned to the OWSM Policies page. This is an error in Enterprise Manager. You should be returned to the Generate Client Policies page.

To edit additional policies, use the search feature in the OWSM Policies page to locate the client policy you wish to edit.

For more information, see "Generating Client Policies from a WSDL" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.21 KSS and HSM Keystore Configuration Changes Do Not Display

When you save your Keystore Service (KSS) or Hardware Security Module (HSM) configuration changes on the OWSM Domain Configuration page, the changes are implemented but not displayed (that is, the page gives no indication that the changes were made).

For more information on configuring the KSS and HSM keystores on the OWSM Domain Configuration page, see "Configuring OWSM to Use the KSS Keystore" and "Configuring OWSM to Use HSM Keystores" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.22 JKS Configuration Screen Displays Incorrect Values

If you configure the OWSM keystore for KSS and then attempt to configure the JKS keystore, the Path field and the Key menus in the JKS configuration screen are populated with the values for the KSS keystore.

Workaround: Clear the Path and Key fields in the JKS configuration screen before configuring the JKS keystore. For information on configuring JKS keystore in OWSM, see "Configuring OWSM to Use the JKS Keystore" in Securing Web Services and Managing Policies with Oracle Web Services Manager

7.23 Token Attribute Rule Configuration Does Not Work Correctly in Fusion Middleware Control

In Fusion Middleware Control, the configuration of a token attribute rule for a trusted issuer on the Authentication tab in the Domain Configuration page is not working correctly. As a workaround, use WLST commands to configure the token attribute rule.

Configuring a token attribute rule in Fusion Middleware Control is described in "Configuring Token Attribute Rules for Trusted Issuers Using Fusion Middleware Control" in Securing Web Services and Managing Policies with Oracle Web Services Manager. Configuring a token attribute rule using WLST is described in "Configuring SAML Trusted Issuers, DN Lists, and Token Attribute Rules Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.24 Context Root Must Not be Set to "/" When Securing REST Applications

If you want to secure a REST application using OWSM policies, then the context root for the application must be set to some value other than the forward slash ("/").

7.25 Domain Configuration Is Not Supported in Classpath Mode

If the Policy Manager URL is configured as a classpath, then domain-level configuration is not supported. All domain-level configuration information is stored in the OWSM repository, and not the JAR file that is included in the classpath. For information about configuring the Policy Manager URL, see the following sections in Securing Web Services and Managing Policies with Oracle Web Services Manager:

If you wish to manage domain-level configuration, configure the Policy Manager URL to specify a remote domain or use auto mode. Once you have configured the new Policy Manager URL mode, you must restart the server for it to take effect.

7.26 Apply/Revert Buttons Are Not Activated After Editing SAML Trust on Authentication Tab of OWSM Domain Configuration Page

When editing the SAML trusted issuers and DN lists on the Authentication tab of the OWSM Domain Configuration page, as described in "Configuring SAML Trusted Issuers and DN Lists Using FMC" in Securing Web Services and Managing Policies with Oracle Web Services Manager, the Apply and Revert buttons are not activated until you edit another field on the page. If necessary, make "dummy" edits in another field to activate the buttons.

7.27 Query by Example Feature is Not Working

"Using the Query by Example Filter" (for Web Service policies) and "Using the Query by Example Filter" (for assertion templates) in Securing Web Services and Managing Policies with Oracle Web Services Manager describe how to search for policies and assertion templates by querying on a specific field. This feature is not working in the current release.

Workaround: To work around this issue, use the advanced search utility as described in "Using Advanced Search" (for Web Service policies) and in "Using Advanced Search" (for assertion templates) in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.28 An NPE Can be Thrown if STS Certificate is Missing from Signed SAML Token

By default, Oracle Security Token Service (OSTS) does not include an STS signing certificate inside the signed SAML token returned from STS. If OWSM encounters a signed token without an STS certificate inside a SAML signature, then it throws a NullPointerException (NPE).

Workaround: To work around this problem, ensure that an STS certificate is present in the signed SAML token. For information on configuring a policy for STS, see "Setting Up Automatic Policy Configuration for STS" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.29 Avoiding XML Encryption Attacks

In past releases, OWSM sent different fault codes (for example, FailedAuthentication, InvalidSecurityToken, FailedCheck, and so on) for different error cases In the current release, this default behavior has been changed. OWSM now sends the InvalidSecurity fault code for all error cases. This has been done to avoid XML encryption attacks. An encryption attack is possible if the service sends different fault codes for different types of errors (for example, FailedAuthentication, InvalidSecurityToken, FailedCheck, and so on).This default behavior can be changed by setting the domain-wide agent property use.unified.fault.code to false. However, this is not recommended, because it might allow XML encryption attacks. The default value for this property, "true", will cause OWSM to send the InvalidSecurity fault code for all error cases. For more information on the use.unified.fault.code property, see "Configuring Security Policy Enforcement Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.30 Cross-Domain Policy Manager Configuration is Not Supported in this Release

Configuration to a Policy Manager in a remote domain is not supported in this release. Therefore, the procedures to connect to a remote Policy Manager, described in the following topics in Securing Web Services and Managing Policies with Oracle Web Services Manager, are not recommended in a production environment:

7.31 OWSM Introspection Plug-in Fails When Proxy is Configured Incorrectly

OWSM provides an introspection plug-in for Oracle Virtual Assembly Builder, which is a tool for virtualizing installed Oracle components, modifying those components, and then deploying them into an Oracle VM environment. For more information, see "OWSM Introspection Plug-in for Oracle Virtual Assembly Builder" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

The OWSM introspection plug-in executes when you introspect a WebLogic domain using the abctl introspectWLS12 command or Oracle Virtual Assembly Builder Studio (abstudio.sh). This introspection may fail in the following conditions:

  • When the Administration Server listen address is configured to listen on a particular address that is different than localhost.

    Workaround:

    1. Clear the Administration Server listen address in the Administration Console to enable the local address to be in effect, as described in "Configure listen address" in Oracle WebLogic Server Administration Console Online Help.

    2. Set the Administration Server listen address to localhost.

  • When proxy setting is performed during introspection. This introspection may fail when a proxy server is required in your networking environment and no proxy configuration is available to the tool being used to perform the introspection (for example, abctl or abstudio.sh).

    Workaround:

    If you are introspecting using abstudio.sh, you must bypass the proxy setting for localhost. Please consult the Release Notes for Oracle Virtual Assembly Builder for information about configuring the proxy.

    If you are introspecting with abctl, use the standard proxy configuration properties for Java applications. Before issuing the abctl command, set the properties in your environment using the SYSPROPS environment variable to bypass the proxy setting for localhost. For example, use one of the following commands, based on your shell:

    csh: setenv SYSPROPS '-Dhttp.proxyHost=myProxyHost -Dhttp.proxyPort=NN -Dhttp.nonProxyHosts=localhost|n.n.n.n

    sh/bash/ksh: export SYSPROPS '-Dhttp.proxyHost=myProxyHost -Dhttp.proxyPort=NN -Dhttp.nonProxyHosts=localhost|n.n.n.n

    Note:

    The actual proxy settings will be specific to your environment.

7.32 BadContextToken is Not Handled in Unified Fault Code

This bug impacts the reissue of the secure conversation token (SCT). The SCT is reissued when a BadContextToken fault is received at client side. However, due to this bug, the client does not clear its cache and continues to send the same token until the token expires.

This situation can happen when the client has a valid token and the service does not have the same token in the session manager. If service side persistence is not enabled and the server goes down, then it will not have the session IDs then the server resumes. As a result, client requests will fail. Normally, the client-side cache is cleared when the BadContextToken fault is received, but due to unified fault code, the client will receive a different fault code.

The workaround is to disable unified fault code. For more information on the use.unified.fault.code option, see "Configuring Security Policy Enforcement Using WLST" in Securing Web Services and Managing Policies with Oracle Web Services Manager.

7.33 Deprecated Commands for Oracle Infrastructure Web Services

Table 7-1 lists the WLST commands for Oracle Infrastructure Web Services (or clients) that were available in Oracle Fusion Middleware 11g release and which have been deprecated in 12c (12.1.2). In addition, the table lists the new WLST command equivalent and provides an example of how you can update your code use the new command.

For more information about the WLST commands, see "Web Services Custom WLST Commands" in WLST Command Reference for Infrastructure Components.

Table 7-1 Deprecated Commands for Oracle Infrastructure Web Services

Deprecated Command (11g) Recommended Command (12c) Updating Your Code

abortRespositorySession

abortWSMSession

11g Release (for Repository operations):

wls:/jrfServer_domain/serverConfig> abortRepositorySession()
 

12c Release (for both Repository and PolicySubject operations):

wls:/jrfServer_domain/serverConfig> abortWSMSession()

attachPolicySet

setWSMPolicySetScope

11g Release:

wls:/jrfServer_domain/serverConfig> attachPolicySet ('Domain("base_domain")')
 

12c Release:

wls:/jrfServer_domain/serverConfig> setWSMPolicySetScope ('Domain("base_domain")')

attachPolicySetPolicy

attachWSMPolicy

attachWSMPolicies

11g Release (for both Repository and PolicySubject operation on policy set):

wls:/jrfServer_domain/serverConfig> attachPolicySetPolicy ('oracle/wss_username_token_service_policy')

12c Release:

wls:/jrfServer_domain/serverConfig> attachWSMPolicy('oracle/wss_username_token_service_policy')

wls:/wls-domain/serverConfig>attachWSMPolicies(["oracle/wss_username_token_client_policy","oracle/log_policy"])

beginRespositorySession

beginWSMSession

11g Release (for Repository operations):

wls:/jrfServer_domain/serverConfig> beginRepositorySession()

12c Release (for both Repository and PolicySubject operations):

wls:/jrfServer_domain/serverConfig> beginWSMSession()

clonePolicySet

cloneWSMPolicySet

11g Release:

wls:/jrfServer_domain/serverConfig> clonePolicySet ('myNewPolicySet', 'myPolicySet')

12c Release:

wls:/jrfServer_domain/serverConfig> cloneWSMPolicySet ('myNewPolicySet', 'myPolicySet')

commitRespositorySession

commitWSMSession

11g Release (for Repository operations):

wls:/jrfServer_domain/serverConfig> commitRepositorySession()

12c Release (for both Repository and PolicySubject operations):

wls:/jrfServer_domain/serverConfig> commitWSMSession()

createPolicySet

createWSMPolicySet

11g Release:

wls:/jrfServer_domain/serverConfig> createPolicySet('myPolicySet', 'ws-service', 'Domain("base_domain")')

12c Release:

wls:/jrfServer_domain/serverConfig> createWSMPolicySet ('myPolicySet', 'ws-service', 'Domain("base_domain")')

deletePolicySet

deleteWSMPolicySet

11g Release:

wls:/jrfServer_domain/serverConfig> deletePolicySet('myPolicySet')
 

12c Release:

wls:/jrfServer_domain/serverConfig> deleteWSMPolicySet ('myPolicySet')

describeRespositorySession

describeWSMSession

11g Release (for Repository operations):

wls:/jrfServer_domain/serverConfig> describeRepositorySession()

11g Release (for PolicySubject operations):

N/A

12c Release (for both Repository and PolicySubject operations):

wls:/jrfServer_domain/serverConfig> describeWSMSession()

detachPolicySet

detachWSMPolicy

detachWSMPolicies

11g Release (for both Repository and PolicySubject operation on policy set):

wls:/jrfServer_domain/serverConfig> detachPolicySet ('oracle/wss_username_token_service_policy')

12c Release:

wls:/jrfServer_domain/serverConfig> detachWSMPolicy('oracle/wss_username_token_service_policy')

wls:/wls-domain/serverConfig>detachWSMPolicies(["oracle/log_policy","oracle/wss_username_token_client_policy"])

displayPolicySet

displayWSMPolicySet

11g Release:

wls:/jrfServer_domain/serverConfig> displayPolicySet('myPolicySet')
 

12c Release:

wls:/jrfServer_domain/serverConfig> displayWSMPolicySet ('myPolicySet')

enablePolicySet

enableWSMPolicySet

11g Release:

wls:/jrfServer_domain/serverConfig> enablePolicySet(true)

12c Release:

wls:/jrfServer_domain/serverConfig> enableWSMPolicySet(true)

enablePolicySetPolicy

enableWSMPolicy

enableWSMPolicies

11g Release:

wls:/wls-domain/serverConfig>enablePolicySetPolicy('/oracle/log_policy',false) 

12c Release:

wls:/wls-domain/serverConfig>enableWSMPolicy('/oracle/log_policy',false) 

wls:/wls-domain/serverConfig>enableWSMPolicies(["oracle/log_policy", "oracle/wss_username_token_client_policy"], true ) 

exportRepository

exportWSMRepository

11g Release:

wls:/jrfServer_domain/serverConfig> exportRepository ("/tmp/repo.zip")
 

12c Release:

wls:/jrfServer_domain/serverConfig> exportWSMRepository ("/tmp/repo.zip")

importRepository

importWSMArchive

11g Release (for repository documents):

wls:/jrfServer_domain/serverConfig> importRepository ("/tmp/repo.zip")
 

12c Release (for repository documents):

wls:/jrfServer_domain/serverConfig> importWSMArchive ("/tmp/repo.zip")
 

listPolicySets

listWSMPolicySets

11g Release:

wls:/wls-domain/serverConfig>listPolicySets('sca-reference')

12c Release:

wls:/wls-domain/serverConfig>listWSMPolicySets('sca-reference')

migrateAttachments

migrateWSMAttachments

11g Release:

wls:/jrfServer_domain/serverConfig> migrateAttachments()
 

12c Release:

wls:/jrfServer_domain/serverConfig> migrateWSMAttachments()

modifyPolicySet

selectWSMPolicySet

11g Release:

wls:/jrfServer_domain/serverConfig> modifyPolicySet('myPolicySet')
 

12c Release:

wls:/jrfServer_domain/serverConfig> selectWSMPolicySet ('myPolicySet')

resetWSMPolicyRepository

restWSMRepository

11g Release:

wls:/jrfServer_domain/serverConfig> resetWSMPolicyRepository()

12c Release:

wls:/jrfServer_domain/serverConfig> resetWSMRepository()

setPolicySetConstraint

setWSMPolicySetConstraint

11g Release:

wls:/jrfServer_domain/serverConfig> setPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')
 

12c Release:

wls:/jrfServer_domain/serverConfig> setWSMPolicySetConstraint ('HTTPHeader("VIRTUAL_HOST_TYPE","external")')

setPolicySetDescription

setWSMPolicySetDescription

11g Release:

wls:/jrfServer_domain/serverConfig> setPolicySetDescription ('Global policy set for web service endpoint.')

12c Release:

wls:/jrfServer_domain/serverConfig> setWSMPolicySetDescription ('Global policy set for web service endpoint.')

setWebServicePolicyOverride

setWSMPolicyOverride

11g Release:

wls:/jrfServer_domain/serverConfig> setWebServicePolicyOverride ('/base_domain/server1/HelloWorld#1_0','j2wbasicPolicy', 'web', '{http://namespace/}WssUsernameService','JRFWssUsernamePort', 'oracle/wss_username_token_service_policy', 'reference.priority', '10')
 

12c Release:

wls:/jrfServer_domain/serverConfig> setWSMPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
 

setPolicySetPolicyOverride

setWSMPolicyOverride

11g Release (for both Repository and PolicySubject operation on policy set):

wls:/jrfServer_domain/serverConfig> setPolicySetPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
 

12c Release:

wls:/jrfServer_domain/serverConfig> setWSMPolicyOverride ('oracle/wss_username_token_service_policy', 'reference.priority', '10')
 

upgradeWSMPolicyRepository

upgradeWSMRepository

11g Release:

wls:/jrfServer_domain/serverConfig> upgradeWSMPolicyRepository()

12c Release:

wls:/jrfServer_domain/serverConfig> upgradeWSMRepository()

validatePolicySet

validateWSMPolicySet

11g Release:

wls:/jrfServer_domain/serverConfig> validatePolicySet ('myPolicySet')

12c Release:

wls:/jrfServer_domain/serverConfig> validateWSMPolicySet ('myPolicySet')