Fusion Middleware Documentation
Advanced Search


Securing Web Services and Managing Policies with Oracle Web Services Manager
Close Window

Table of Contents

Show All | Collapse

D OWSM Introspection Plug-in for Oracle Virtual Assembly Builder

This appendix describes the OWSM introspection plug-in for Oracle Virtual Assembly Builder.

This appendix includes the following topics:

D.1 Overview of the OWSM Introspection Plug-in for Oracle Virtual Assembly Builder

Oracle Virtual Assembly Builder is a tool for virtualizing installed Oracle components, modifying those components, and then deploying them into an Oracle VM environment. Using Oracle Virtual Assembly Builder, you capture the configuration of existing software components in artifacts called software appliances. Appliances can then be grouped, and their relationships defined into artifacts called software assemblies which provide a blueprint describing a complete multi-tier application topology.

The OWSM introspection extension for Oracle Virtual Assembly Builder extends the functionality of the Oracle WebLogic Server Introspector, as described in "Using the Plug-in for Oracle Virtual Assembly Builder" in Administering Server Environments for Oracle WebLogic Server. The plug-in examines the configuration of OWSM-specific artifacts configured as part of a WebLogic domain.

The OWSM introspection plug-in extension works with Oracle WebLogic Server 12c version 12.1.2.0.

D.2 OWSM Introspection Plug-in Parameter

Table D-1 lists the OWSM introspection plug-in parameter. For more information about the parameters required by WebLogic Server, see "Introspection Plug-in Parameters" in Administering Server Environments for Oracle WebLogic Server.

Table D-1 OWSM Introspection Plug-in Parameter

Parameter Description

oracleCommonHome

Location of the Oracle Common Home directory.

This parameter is optional. If specified, Oracle Virtual Assembly Builder checks for updates to the OWSM plug-in before instrospection. If not specified, the Oracle Virtual Assembly Builder does not check for updates before introspection.


D.3 Reference System Prerequisites

There are no additional prerequisites beyond those defined by Oracle WebLogic Server. For the prerequisites required by WebLogic Server, see "Reference System Prerequisites" in Administering Server Environments for Oracle WebLogic Server.

D.4 OWSM Introspection Plug-in Usage Requirements

Table D-2 lists and describes the requirements for using the OWSM introspection plug-in.

Note:

In addition to the OWSM requirements described in this section:

Table D-2 OWSM Introspection Plug-in Usage Requirements

Requirement Description

OWSM Policy Manager

OWSM Policy Manager must be active during introspection. The server on which OWSM Policy Manager is targeted must be up and the application must be running. The plug-in throws an exception if OWSM Policy Manager is installed in the domain but not available during introspection.

Supported topologies

The OWSM extension plug-in supports:

  • Single domain topology: Introspection plug-in captures artifacts stored in document repository (MDS) and domain configuration directory (wsm-config.xml). If the artifacts are modified in the source environment, their corresponding user properties will be added to the assembly generated by the introspection plug-in.

  • Multiple domain topology: Multiple domains can store data in the same policy repository (MDS). The OWSM Policy Manager application is installed on each domain and they share the same MDS. To support the multiple domain topology, MDS data for all domains is moved when any one of the domains is introspected and rehydrated.

  • Cross-domain topology: Multiple domains, but the OWSM Policy Manager application is installed as a central application in one of the domains. All the other domains connect to the same OWSM Policy Manager by configuring the URL using the OWSM domain configuration, as described in "Configuring the Policy Manager Connection Using Fusion Middleware Control", or specifying the PM URL attribute in the bootstrap configuration file under the domain configuration directory.

    When a domain where the OWSM Policy Manager is installed is introspected, artifacts stored in MDS and the domain configuration directory are captured.

    When a domain where the OWSM Policy Manager is not installed is introspected, only the bootstrap configurations in the domain configuration directory are captured.


D.5 Resulting Artifact Type

The OWSM plug-in does not create any resulting artifact or assembly. An assembly is created by the Oracle WebLogic Server plug-in and the OWSM plug-in only adds properties to the root assembly. For more information, see "Resulting Artifact Type" in Administering Server Environments for Oracle WebLogic Server.

D.6 Wiring

No additional wiring is supported beyond that provided by the WebLogic Server plug-in. For more information, see "Wiring" in Administering Server Environments for Oracle WebLogic Server.

D.7 Wiring Properties

No additional wiring properties are supported beyond those provided by the WLS plug-in.

D.8 OWSM Appliance Properties

The following tables describe the properties for the OWSM appliance, including system and user properties.

Note:

If a user property is not modified for the introspected domain, it will not be added to the assembly.

Table D-3 describes OWSM system properties.

Note:

System properties are not editable.

Table D-3 OWSM System Properties

Name Type Req'd Default Description

oracle.common.home

String

false

none

Oracle Common Home location at time of reconfiguration.


Table D-4 describes OWSM user properties for the sts-trust-config policy assertions, including:

Table D-4 OWSM Appliance User Properties - STS Trust

Name Type Req'd Default Display Name in Assembly Builder Description

port-uri

String

false

none

policyname.port-uri

Service port URL.

wsdl-uri

String

false

none

policyname.wsdl-uri

Service WSDL URL.


Table D-5 describes OWSM user properties for the kerberos-security , wss11-kerberos-over-ssl-security, or spnego-http-security policy assertions, including:

Table D-5 OWSM User Properties - Kerberos and SPNEGO

Name Type Req'd Default Display Name in Assembly Builder Description

caller.principal.name

String

false

none

policyname.caller.principal.name

See "caller.principal.name".

keytab.location

String

false

none

policyname.keytab.location

See "keytab.location".

service.principal.name

String

false

none

policyname.service.principal.name

See "service.principal.name".


Table D-6 describes OWSM appliance user properties for the wss11-sts-issued-token-with-certificates policy assertions, including:

Table D-6 OWSM User Properties - wss11-sts-issued-token-with-certificates

Name Type Req'd Default Display Name in Assembly Builder Description

sts.auth.caller.principal.name

String

false

none

policyname.sts.auth.caller.principal.name

See "sts.auth.caller.principal.name".

sts.auth.keytab.location

String

false

none

policyname.sts.auth.keytab.location

See "sts.auth.keytab.location".

sts.auth.service.principal.name

String

false

none

policyname.sts.auth.service.principal.name

See "sts.auth.service.principal.name".


In OWSM, you can create configuration documents for a domain to override the configuration for that domain. These documents contain properties which might change on the target environment. For more information, see "Managing OWSM Domain Configuration".

Table D-7 describes OWSM user properties for the configuration documents for a domain.

Table D-7 OWSM User Properties - Configuration Documents

Name Type Req'd Default Display Name in Assembly Builder Description

key.tab

String

false

none

domainname.kerberos.keytab

Location of the client's keytab file. For more information, see "Managing OWSM Domain Configuration".

keystore.path

String

false

none

domainname.ssl.keystore

Configuration Manager keystore location. For more information, see "Managing OWSM Domain Configuration".

location

String

false

none

domainname.msgprot.keystore

Location of the keystore. For more information, see "Managing OWSM Domain Configuration".

pm.url

String

false

none

domainname.pm.url

Configuration Manager PM URL, in the form http://hostname:port. or more information, see "Managing OWSM Domain Configuration".

principal

String

false

none

domainname.kerberos.principal

Name of the service principal. For more information, see "Managing OWSM Domain Configuration".

truststore.path

String

false

none

domainname.ssl.truststore

Configuration Manager trust store location. For more information, see "Managing OWSM Domain Configuration".


If you specified bootstrap properties during installation of OWSM, an OWSM agent instance uses the bootstrap connection information (in the wsm-config.xml file in the fmwconfig directory) to connect to the OWSM Policy Manager. For more information, see "Managing OWSM Domain Configuration".

Table D-8 describes OWSM user properties for configuration bootstrapping.

Table D-8 OWSM Appliance User Properties - Configuration Bootstrapping

Name Type Req'd Default Display Name in Assembly Builder Description

keystore.path

String

false

none

bootstrap.ssl.keystore

Configuration Manager keystore location. For more information, see "Managing OWSM Domain Configuration".

pm.url

String

false

none

bootstrap.pm.url

Configuration Manager PM URL, in the form http://hostname:port. or more information, see "Managing OWSM Domain Configuration".

truststore.path

String

false

none

booostrap.ssl.truststore

Configuration Manager trust store location. For more information, see "Managing OWSM Domain Configuration".


D.9 Supported Template Types

The supported template type is Oracle Enterprise Linux (OEL).