10.1 Introduction to Oracle Web Services Manager

Oracle Web Services Manager (Oracle WSM) provides a policy enforcement framework to manage, secure, and monitor web services consistently and flexibly across organizational boundaries. It enables organizations to employ a common security infrastructure across all their web services applications, providing the operational visibility and control, including service level agreement (SLA) management capabilities, required to deploy web services in production. Oracle Web Services Manager achieves this through policies, which are a set of tasks (such as logging and authentication) that are performed at specific policy enforcement points, as service requests and responses between a service client and a service provider are processed.

Oracle WSM secures your services environment with these key components:

• Oracle WSM Policy Manager

  The Oracle WSM Policy Manager allows you to define policies that reflect operational best practices and requirements. It includes a browser-based tool for creating and maintaining security and management policies for web services and business processes, using prebuilt or custom policy steps. Examples of actions performed by policy steps are:

  • Performing an authorization

  • Logging an audit record

  • Performing an LDAP authentication

  • Decrypting an XML payload

  With the Oracle WSM Policy Manager, you can configure and manage best practice policies, and ensure that these policies are enforced regardless of the details of the service or its implementation.

• Oracle WSM Gateways

  Gateways provide a non-intrusive mechanism for policy enforcement.

  Gateways provide several key features:

  • Gateways operate independently of the protected services, acting as a proxy to service clients.

  • Gateways virtualize the underlying web service, so that the address details of the service are not visible to clients.

  • Gateways can perform routing based on message content or attachments.

  • Gateways can perform message transforms from one format or protocol to another; for example, from XML-over-HTTP to JMS.

• Oracle WSM Agents

  Also serving as policy enforcement points, agents are lightweight components that run in the same "container" or application server environment as the web service. Oracle Web Services Manager provides two types of agents, a client agent and a server agent:

  • A client agent secures web service clients. It is embedded into web service clients, fetches the policies from Oracle WSM Policy Manager, and does not need modification of the deployment EAR or WAR files.

  • A server agent secures web services. It is embedded into the web service, and it also reads it policies from the Oracle WSM Policy Manager. It differs from client agents in that it does require modification and redeployment of EAR or WAR files.

  
  

  Note: While agents can support a majority of Oracle Web Services Manager's prebuilt policy steps, they do not support message routing or transformation.

  
  
  
  

  See Also: Section 10.2.1, "When to Use Agents or Gateways"

  
  

• Oracle WSM Monitor

  The Oracle WSM Monitor component manages collection and aggregation of web services traffic data and provides alerts and notifications. As the gateways and agents enforce policies on incoming and outgoing messages, they collect statistics about response times, exceptions, and so on. These statistics are sent in real time to the Oracle Web Services Manager Monitor, which is a web-based dashboard for monitoring service-level agreements (SLAs), service availability, and service responsiveness. The monitor can alert administrators when boundary conditions are met, and it can also automatically communicate with the Oracle WSM Policy Manager to activate new policies under certain conditions.

Figure 10-1 shows the key components of Oracle Web Services Manager.

Figure 10-1 Components of Oracle Web Services Manager

This figure shows how the Oracle WSM Policy Manager manages and monitors client access to web services, enforcing the operational policies you have configured for the agents and gateways. Oracle Enterprise Manager 10g Web Services Manager Control, which is the user interface component of the Policy Manager, is used to configure policies and monitor web services traffic.

Read this chapter to understand:

• How Oracle WSM uses policies, and the purpose of policy enforcement points

• How to secure web services by defining agents, and registering the services to be protected by the agents

• How to use an Oracle WSM Client Agent to authenticate user credentials

• How to use an Oracle WSM Gateway to encrypt data exchanged with a web service