In Oracle Fusion Middleware 11g Release 1, Oracle Web Services Manager (WSM) security and management has been completely redesigned and rearchitected. The previous release, Oracle WSM 10g, was delivered as a standalone product or as a component of the Oracle SOA Suite. In the 11g release, Oracle WSM has been integrated with Oracle WebLogic Server as part of the Oracle Fusion Middleware SOA Suite.
This chapter contains the following sections:
"How Oracle WSM 10g is Redesigned in Oracle Fusion Middleware 11g Release 1 (11.1.1.7)"
"Comparing Oracle Application Server 10g WS-Security with Oracle WSM 11g"
Oracle WSM 10g has been rearchitected in Oracle Fusion Middleware 11g Release 1, as follows:
Oracle WSM Agent functionality is integrated into Oracle WebLogic Server. In Oracle Fusion Middleware 11g, the Oracle WSM 10g Agents are managed by the security and management policy interceptors.
Policy management and monitoring is integrated into Oracle Enterprise Manager Fusion Middleware Control. The functions of the Oracle WSM Monitor and the Web Services Manager Control have been integrated into Fusion Middleware Control. This allows you to manage your enterprise from one central location.
Oracle WSM Policy Manager enforces additional Web service QoS requirements. The Oracle WSM Policy Manager manages not only security policies, but it also manages other types of policies such as Message Transmission Optimization Mechanism (MTOM), Reliable Messaging, Addressing, and Management.
The Oracle WSM Database is replaced by the Oracle WSM Repository which stores Oracle WSM metadata such as policies, policy sets, assertions templates, and policy usage data. The Oracle WSM Repository is available as a database (for production use) or as files in the file system (for development use in JDeveloper).
Oracle WSM 10g policies have been replaced by Oracle WSM 11g policies. For a discussion of the differences between the policies in 10g and 11g, see "Comparing Oracle WSM 10g and Oracle WSM 11g Policies".
Some Oracle WSM 10g features will not be supported in the first release of Oracle Fusion Middleware:
A subset of Oracle WSM 10g components will not be supported in this first release of Oracle Fusion Middleware 11g.
You can continue to use the Oracle WSM 10g Gateway components with Oracle WSM 10g policies in your applications. For information about Oracle WSM 10g interoperability, see "Interoperability with Oracle WSM 10g Security Environments" in Interoperability Guide for Oracle Web Services Manager.
Oracle WSM 10g supported policy enforcement agents for third-party application servers, such as IBM WebSphere. Oracle Fusion Middleware 11g Release 1 only supports Oracle WebLogic Server. Support for third-party application servers will follow this release.
The comparison between 10g and 11g components is summarized in Table 4-1 and the components are identified in Figure 4-1 and Figure 4-2.
Table 4-1 Comparison of Oracle WSM 10g and Oracle Fusion Middleware 11g Release 1
Description of Functionality | Oracle WSM 10g Component | Oracle Fusion Middleware 11g Release 1 Component | |
---|---|---|---|
1 |
Policy enforcement point |
Oracle WSM Server and Client Agents, Oracle WSM Gateway |
Oracle WSM Agent which manages the policy interceptors There is no equivalent component for the Oracle WSM Gateway in Oracle Fusion Middleware 11g Release 1. |
2 |
GUI Component to author policies and attach policies to Web services |
Web Services Manager Control |
Oracle Enterprise Manager Fusion Middleware Control |
3 |
Component to manage policies |
Oracle WSM Policy Manager |
Oracle WSM Policy Manager |
4 |
Component used to monitor Web services data |
Oracle WSM Monitor |
Oracle Enterprise Manager Fusion Middleware Control and Oracle Enterprise Manager Grid Control |
5 |
Policy Store |
Oracle WSM Database |
Oracle WSM Repository |
Figure 4-1 illustrate the Oracle WSM 10g components, and the numbers in Table 4-1 identify the components in this figure.
Figure 4-2 shows the Oracle Fusion Middleware 11g Release 1 components, and the numbers in Table 4-1 correspond to the components in the figure.
Figure 4-2 Oracle Fusion Middleware 11g Web Services Security Components
In both Oracle WSM 10g and Oracle WSM 11g, policies are used to enforce security. However, the structure of the policies is somewhat different. In Oracle WSM 10g a policy consists of a Request Pipeline and a Response Pipeline, each comprised of one or more policy steps.
For example, in Figure 4-3, the Request Pipeline consists of the following policy steps: Extract Credentials, LDAP Authenticate, and LDAP Authorize. The Response Pipeline contains a different policy step, XML Encrypt. The Request Pipeline and Response Pipelines can be comprised of different policy steps, and, therefore, different behaviors can be executed in the request and response messages.
Figure 4-3 Oracle WSM 10g Policy Pipeline
In Oracle WSM 11g, policies are comprised of one or more assertions, and you control the assertions that are used in the request and response messages. For example, in Figure 4-4, the example 11g policy contains two assertions:
wss11-username-with-certificates
binding-authorization
Figure 4-4 Oracle WSM 11g Policy Pipeline
When the request message is sent to the Web service, the assertions are executed in the order shown. When the response message is returned to the client, the same assertions are executed, but this time in reverse order. The behavior of the assertion for the request message differs from the behavior for the response message. And, in some instances, it is possible that nothing happens on the response. For example, in the example above, the authorization assertion is only executed as part of the request.
For information about how the Oracle WSM 10.1.3 policy steps can be mapped to Oracle WSM 11g predefined policies, see "Upgrading Oracle Web Services Manager Policies" in Oracle Fusion Middleware Upgrade Guide for Oracle SOA Suite, WebCenter Portal, and ADF Release 11g.
The following list identifies the primary enhancements to Oracle WSM 11g over Oracle Application Server 10g WS-Security:
Centralized policy management. Using the Oracle WSM Policy Manager, you centrally define security and management policies.
Custom policy support. You can create custom policies that support your security and management policy requirements, if the predefined policies do not meet your needs.
Toolset used to manage and attach policies. Security administrators can use Oracle Enterprise Manager Fusion Middleware Control to manage and attach Web services. Developers can attach security policies at development time, using Oracle JDeveloper or other IDE.
Policies managed at the enterprise level. Policies are defined at the enterprise level and not at the application level.
Oracle WSM 11g can interoperate with the following 10.1.3 components:
Oracle WSM, as described in "Interoperability with Oracle WSM 10g Security Environments" in Interoperability Guide for Oracle Web Services Manager.
Oracle WSM gateways, as described in "Interoperability with Oracle WSM 10g Security Environments" in Interoperability Guide for Oracle Web Services Manager.
Application Server, as described in "Interoperability with Oracle Containers for J2EE (OC4J) 10g Security Environments" in Interoperability Guide for Oracle Web Services Manager.
In addition, you can interoperate with the following components:
WebLogic Web services, as described "Interoperability with Oracle WebLogic Server 11g Web Service Security Environments" in Interoperability Guide for Oracle Web Services Manager.
Microsoft .NET, as described in "Interoperability with Microsoft WCF/.NET 3.5 Security Environments" in Interoperability Guide for Oracle Web Services Manager.
Oracle Service Bus, as described in "Interoperability with Oracle Service Bus 10g Security Environments" in Interoperability Guide for Oracle Web Services Manager.
Axis 1.4 and WSS4J 1.58, as described in "Interoperability with Axis 1.4 and WSS4J 1.58 Security Environments" in Interoperability Guide for Oracle Web Services Manager.
You can upgrade the following 10.1.3 features to Oracle Fusion Middleware 11g Release 1:
OC4J Web services 10.1.3 to WebLogic Web services. See "Upgrading Your Java EE Applications" in Oracle Fusion Middleware Upgrade Guide for Java EE Release 11g.
Oracle WSM 10.1.3 policies to Oracle WSM 11g. See "Upgrading Oracle Web Services Manager (WSM) Policies" in Oracle Fusion Middleware Upgrade Guide for Oracle SOA Suite, WebCenter Portal, and ADF Release 11g.
Oracle Containers for Java (OC4J) 10.1.3 security environments to OWSM 11g. See "Upgrading Oracle Containers for J2EE (OC4J) Security Environments" in Oracle Fusion Middleware Upgrade Guide for Oracle SOA Suite, WebCenter Portal, and ADF Release 11g.